Stefan Metzmacher [Mon, 15 Aug 2022 07:56:15 +0000 (09:56 +0200)]
s3:smbd: let delay_for_oplock_fn() only call leases_db_get() once
get_lease_type() will just call leases_db_get() again for leases,
so only call it for oplocks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 19 19:39:18 UTC 2022 on sn-devel-184
Stefan Metzmacher [Mon, 15 Aug 2022 07:45:43 +0000 (09:45 +0200)]
s3:smbd: lease_match_break_fn() only needs leases_db_get() once
get_lease_type() will just call leases_db_get() again...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Thu, 18 Aug 2022 10:52:54 +0000 (12:52 +0200)]
s3:smbd: inline fsp_lease_type_is_exclusive() logic into contend_level2_oplocks_begin_default
SMB2_LEASE_WRITE is the indication for an exclusive lease,
the fact that a SMB2_LEASE_WRITE can't exists without
SMB2_LEASE_READ is not important here.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Thu, 18 Aug 2022 12:14:20 +0000 (14:14 +0200)]
s3:locking: move get_existing_share_mode_lock() to share_mode_lock.[ch]
This should be where get_share_mode_lock() is located.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 10 Aug 2022 08:27:15 +0000 (08:27 +0000)]
s3:locking: pass lease_key explicitly to set_share_mode()
We should avoid accessing fsp->lease if possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 19 Aug 2022 15:17:41 +0000 (15:17 +0000)]
s3:smbd: only run validate_oplock_types() with smbd:validate_oplock_types = yes
This is really expensive as share_mode_forall_entries() is currently
doing a talloc_memdup() of the whole record...
This is mainly used to avoid regressions, so only
use smbd:validate_oplock_types = yes in make test,
but skip it for production.
This improves the following test:
time smbtorture //127.0.0.1/m -Uroot%test \
smb2.create.bench-path-contention-shared \
--option='torture:bench_path=file.dat' \
--option="torture:timelimit=60" \
--option="torture:nprocs=256" \
--option="torture:qdepth=1"
From:
open[num/s=8852,avslat=0.014999,minlat=0.000042,maxlat=0.054600]
close[num/s=8850,avslat=0.014136,minlat=0.000025,maxlat=0.054537]
to:
open[num/s=11377,avslat=0.012075,minlat=0.000041,maxlat=0.054107]
close[num/s=11375,avslat=0.010594,minlat=0.000023,maxlat=0.053620]
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Thu, 18 Aug 2022 15:32:43 +0000 (17:32 +0200)]
s3:g_lock: avoid useless talloc_array(0) in g_lock_dump()
In the common case we don't have any shared lock holders,
so there's no need to allocate memory for the empty array.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Thu, 18 Aug 2022 15:52:33 +0000 (17:52 +0200)]
s3:g_lock: add some const to the shared array passed via g_lock_dump*()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Thu, 18 Aug 2022 14:06:02 +0000 (16:06 +0200)]
lib/util: add unlikely() to SMB_ASSERT()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 1 Sep 2020 11:24:55 +0000 (13:24 +0200)]
lib: Map ERANGE to NT_STATUS_INTEGER_OVERFLOW
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15151
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Aug 19 12:43:06 UTC 2022 on sn-devel-184
Volker Lendecke [Mon, 31 Aug 2020 14:14:14 +0000 (16:14 +0200)]
vfs_gpfs: Prevent mangling of GPFS timestamps after 2106
gpfs_set_times as of August 2020 stores 32-bit unsigned tv_sec. We
should not silently garble time stamps but reject the attempt to set
an out-of-range timestamp.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15151
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Stefan Metzmacher [Mon, 15 Aug 2022 20:45:17 +0000 (22:45 +0200)]
s3:smbd: only clear LEASE_READ if there's no read lease is left
If contend_level2_oplocks_begin_default() skips break it's
own lease, we should not clear SHARE_MODE_LEASE_READ
in share_mode_data->flags.
Otherwise that lease won't see any lease break notifications
for writes from other clients (file handles not using the same lease
key).
So we need to count the number existing read leases (including
the one with the same lease key) in order to know it's
safe to clear SMB2_LEASE_READ/SHARE_MODE_LEASE_READ.
Otherwise the next run (likely from another client)
will get the wrong result from file_has_read_lease().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15148
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 18 19:41:33 UTC 2022 on sn-devel-184
Stefan Metzmacher [Wed, 17 Aug 2022 15:07:08 +0000 (17:07 +0200)]
s4:torture/smb2: add smb2.lease.v[1,2]_bug_15148
This demonstrates the bug that happens with a
write to a file handle holding an R lease,
while there are other openers without any lease.
When one of the other openers writes to the file,
the R lease of the only lease holder isn't broken to NONE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15148
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 15 Aug 2022 08:49:13 +0000 (10:49 +0200)]
s3:smbd: share_mode_flags_set() takes SMB2_LEASE_* values
We currently only ever pass SMB2_LEASE_READ and both
have the same value of 0x1, so for now it's only cosmetic,
but that will change soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15148
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 17 Aug 2022 18:43:47 +0000 (11:43 -0700)]
s3: smbd: Plumb close_type parameter through close_file_in_loop(), file_close_conn()
Allows close_file_in_loop() to differentiate between SHUTDOWN_CLOSE
(previously it only used this close type) and ERROR_CLOSE - called
on error from smbXsrv_tcon_disconnect() in the error path. In that
case we want to close the fd, but not run any delete-on-close actions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15128
Signed-off-by: Jeremy Allison <jra@samba.org>
Reivewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Thu Aug 18 14:10:18 UTC 2022 on sn-devel-184
Jeremy Allison [Wed, 17 Aug 2022 18:39:36 +0000 (11:39 -0700)]
s3: smbd: Add "enum file_close_type close_type" parameter to file_close_conn().
Not yet used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15128
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Jeremy Allison [Wed, 17 Aug 2022 18:35:29 +0000 (11:35 -0700)]
s3: smbd: Add "enum file_close_type close_type" parameter to close_cnum().
Not yet used, but needed so we can differentiate between
SHUTDOWN_CLOSE and ERROR_CLOSE in smbXsrv_tcon_disconnect()
if we fail to chdir. In that case we want to close the fd,
but not run any delete-on-close actions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15128
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Andreas Schneider [Wed, 23 Feb 2022 11:19:19 +0000 (12:19 +0100)]
release-script: Fix shellcheck errors
./release-scripts/build-docs:4:7: error: Double quote array expansions
to avoid re-splitting elements. [SC2068]
Same error for the other scripts.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Wed Aug 17 11:03:54 UTC 2022 on sn-devel-184
Andreas Schneider [Tue, 22 Feb 2022 17:01:31 +0000 (18:01 +0100)]
lib:fuzzing: Fix shellcheck errors in build_samba.sh
lib/fuzzing/oss-fuzz/build_samba.sh:24:27: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Andreas Schneider [Tue, 22 Feb 2022 16:58:47 +0000 (17:58 +0100)]
nsswitch: Fix shellcheck errors in test_rfc2307_mapping.sh
nsswitch/tests/test_rfc2307_mapping.sh:65:139: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Andreas Schneider [Tue, 22 Feb 2022 16:50:34 +0000 (17:50 +0100)]
examples: Fix shellcheck error in VampireDriversFunctions
examples/printing/VampireDriversFunctions:183:24: error: Double quote
array expansions to avoid re-splitting elements. [SC2068]
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Andreas Schneider [Tue, 22 Feb 2022 16:51:16 +0000 (17:51 +0100)]
examples: Remove trailing spaces in VampireDriversFunctions
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Andreas Schneider [Tue, 22 Feb 2022 16:42:55 +0000 (17:42 +0100)]
examples: Fix shellcheck error in get_next_oid
examples/LDAP/get_next_oid:6:4: error: Remove spaces around += to assign
(or quote '+=' if literal). [SC2285]
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Andreas Schneider [Mon, 21 Feb 2022 10:24:07 +0000 (11:24 +0100)]
testprogs: Fix variable asignment in test_wintest.sh
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Andreas Schneider [Mon, 21 Feb 2022 10:23:27 +0000 (11:23 +0100)]
s3:script: Fix variable asignment in test_dfree_command.sh
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Andreas Schneider [Mon, 21 Feb 2022 10:25:37 +0000 (11:25 +0100)]
script: Add script to run shellcheck on shell scripts
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Andreas Schneider [Mon, 21 Feb 2022 10:29:29 +0000 (11:29 +0100)]
bootstrap: Install ShellCheck and shfmt
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Jeremy Allison [Fri, 22 Jul 2022 15:28:03 +0000 (16:28 +0100)]
s3/smbd: Use after free when iterating smbd_server_connection->connections
Change conn_free() to just use a destructor. We now
catch any other places where we may have forgetten to
call conn_free() - it's implicit on talloc_free(conn).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15128
Based on code from Noel Power <noel.power@suse.com>.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed Aug 17 09:54:06 UTC 2022 on sn-devel-184
Jeremy Allison [Tue, 16 Aug 2022 20:51:27 +0000 (13:51 -0700)]
s3/smbd: Use after free when iterating smbd_server_connection->connections
In SMB2 smbd_smb2_tree_connect() we create a new conn struct
inside make_connection_smb2() then move the ownership to tcon using:
tcon->compat = talloc_move(tcon, &compat_conn);
so the lifetime of tcon->compat is tied directly to tcon.
Inside smbXsrv_tcon_disconnect() we have:
908 ok = chdir_current_service(tcon->compat);
909 if (!ok) {
910 status = NT_STATUS_INTERNAL_ERROR;
911 DEBUG(0, ("smbXsrv_tcon_disconnect(0x%08x, '%s'): "
912 "chdir_current_service() failed: %s\n",
913 tcon->global->tcon_global_id,
914 tcon->global->share_name,
915 nt_errstr(status)));
916 tcon->compat = NULL;
917 return status;
918 }
919
920 close_cnum(tcon->compat, vuid);
921 tcon->compat = NULL;
If chdir_current_service(tcon->compat) fails, we return status without ever having
called close_cnum(tcon->compat, vuid), leaving the conn pointer left in the linked
list sconn->connections.
The caller frees tcon and (by ownership) tcon->compat, still leaving the
freed tcon->compat pointer on the sconn->connections linked list.
When deadtime_fn() fires and walks the sconn->connections list it
indirects this freed pointer. We must call close_cnum() on error also.
Valgrind trace from Noel Power <noel.power@suse.com> is:
==6432== Invalid read of size 8
==6432== at 0x52CED3A: conn_lastused_update (conn_idle.c:38)
==6432== by 0x52CEDB1: conn_idle_all (conn_idle.c:54)
==6432== by 0x5329971: deadtime_fn (smb2_process.c:1566)
==6432== by 0x5DA2339: smbd_idle_event_handler (util_event.c:45)
==6432== by 0x685F2F8: tevent_common_invoke_timer_handler (tevent_timed.c:376)
==6432== Address 0x19074b88 is 232 bytes inside a block of size 328 free'd
==6432== at 0x4C3451B: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==6432== by 0x5B38521: _tc_free_internal (talloc.c:1222)
==6432== by 0x5B39463: _tc_free_children_internal (talloc.c:1669)
==6432== by 0x5B38404: _tc_free_internal (talloc.c:1184)
==6432== by 0x5B39463: _tc_free_children_internal (talloc.c:1669)
==6432== by 0x5B38404: _tc_free_internal (talloc.c:1184)
==6432== by 0x5B39463: _tc_free_children_internal (talloc.c:1669)
==6432== by 0x5B38404: _tc_free_internal (talloc.c:1184)
==6432== by 0x5B39463: _tc_free_children_internal (talloc.c:1669)
==6432== by 0x5B38404: _tc_free_internal (talloc.c:1184)
==6432== by 0x5B385C5: _talloc_free_internal (talloc.c:1248)
==6432== by 0x5B3988D: _talloc_free (talloc.c:1792)
==6432== by 0x5349B22: smbd_smb2_flush_send_queue (smb2_server.c:4828)
==6432== Block was alloc'd at
==6432== at 0x4C332EF: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==6432== by 0x5B378D9: __talloc_with_prefix (talloc.c:783)
==6432== by 0x5B37A73: __talloc (talloc.c:825)
==6432== by 0x5B37E0C: _talloc_named_const (talloc.c:982)
==6432== by 0x5B3A8ED: _talloc_zero (talloc.c:2421)
==6432== by 0x539873A: conn_new (conn.c:70)
==6432== by 0x532D692: make_connection_smb2 (smb2_service.c:909)
==6432== by 0x5352B5E: smbd_smb2_tree_connect (smb2_tcon.c:344)
https://bugzilla.samba.org/show_bug.cgi?id=15128
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Christian Ambach [Mon, 15 Aug 2022 21:30:23 +0000 (23:30 +0200)]
s3:utils remove documentation of -l as alias for --long
This was removed in
94fc9ca4c506468ab1907d501c0964d67b9d963c, so remove it from
the usage output and manpage.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15145
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Aug 17 07:14:21 UTC 2022 on sn-devel-184
Andreas Schneider [Wed, 10 Aug 2022 11:55:48 +0000 (13:55 +0200)]
waf: Fix SO version number of libsamba-errors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15141
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Jule Anger [Mon, 15 Aug 2022 13:27:55 +0000 (15:27 +0200)]
manpages: add smbstatus option --json with sample output
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15147
Signed-off-by: Jule Anger <janger@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jule Anger <janger@samba.org>
Autobuild-Date(master): Tue Aug 16 15:04:54 UTC 2022 on sn-devel-184
Jule Anger [Tue, 16 Aug 2022 10:25:13 +0000 (12:25 +0200)]
s3:tests: let smbstatus json tests fail if jq is not installed
Signed-off-by: Jule Anger <janger@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 16 Aug 2022 07:36:09 +0000 (09:36 +0200)]
s3:vfs.h: change SMB_VFS_INTERFACE_VERSION to 48 for 4.18
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Aug 16 11:51:36 UTC 2022 on sn-devel-184
Stefan Metzmacher [Tue, 16 Aug 2022 07:35:16 +0000 (09:35 +0200)]
s3:vfs.h: add comment about VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Thu, 11 Aug 2022 17:03:58 +0000 (10:03 -0700)]
s3: smbd: Add IS_VETO_PATH checks to openat_pathref_fsp_case_insensitive().
Returns NT_STATUS_OBJECT_NAME_NOT_FOUND for final component.
Note we have to call the check before each call to
openat_pathref_fsp(), as each call may be using a
different filesystem name. The first name is the
one passed into openat_pathref_fsp_case_insensitive()
by the caller, the second one is a name retrieved from
get_real_filename_cache_key(), and the third one is the name
retrieved from get_real_filename_at(). The last two
calls may have demangled the client given name into
a veto'ed path on the filesystem.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15143
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Aug 16 08:26:54 UTC 2022 on sn-devel-184
Jeremy Allison [Thu, 11 Aug 2022 16:55:56 +0000 (09:55 -0700)]
s3: smbd: Add IS_VETO_PATH check to openat_pathref_dirfsp_nosymlink().
Returns NT_STATUS_OBJECT_PATH_NOT_FOUND for directory component.
Note IS_VETO_PATH only looks at the last component, so we must
do it during the directory walk on each component.
Note, we also have to check after a call to get_real_filename_at()
as it may have demangled the client sent name into a filesystem
name that matches the "veto files" parameter.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15143
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Jeremy Allison [Thu, 11 Aug 2022 16:51:11 +0000 (09:51 -0700)]
s3: tests: Add samba3.blackbox.test_veto_files.
Shows we currently don't look at smb.conf veto files parameter
when opening a file or directory. Checks multi-component paths.
Also checks veto files that might be hidden behind a mangled
name.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15143
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 12 Aug 2022 08:55:42 +0000 (10:55 +0200)]
selftest/Samba3: let nt4_dc* use vfs_default:VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS=no
We should always test the code path without openat2 being available,
even if the kernel supports it.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Aug 15 16:00:26 UTC 2022 on sn-devel-184
Volker Lendecke [Fri, 17 Jun 2022 15:41:52 +0000 (17:41 +0200)]
vfs_default: Use openat2(RESOLVE_NO_SYMLINKS) if available
This improves the following test:
time smbtorture //127.0.0.1/m -Uroot%test \
smb2.create.bench-path-contention-shared \
--option='torture:bench_path=Apps\1\2\3\4\5\6\7\8\9\10' \
--option="torture:timelimit=600" \
--option="torture:nprocs=1"
From:
open[num/s=14186,avslat=0.000044,minlat=0.000042,maxlat=0.000079]
close[num/s=14185,avslat=0.000027,minlat=0.000025,maxlat=0.000057]
to:
open[num/s=16917,avslat=0.000038,minlat=0.000035,maxlat=0.000340]
close[num/s=16916,avslat=0.000020,minlat=0.000019,maxlat=0.000104]
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 27 Jul 2022 18:43:14 +0000 (18:43 +0000)]
vfs_default: prepare O_PATH usage with openat2()
When O_PATH is specified in flags, flag bits other than O_CLOEXEC,
O_DIRECTORY, and O_NOFOLLOW are ignored.
In preparation to use openat2(), which gives an error instead of
ignoring flags, we better remove unexpected flags, callers typically
pass O_RDONLY and O_NONBLOCK.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Thu, 14 Jul 2022 17:44:04 +0000 (19:44 +0200)]
s3:smbd: let openat_pathref_dirfsp_nosymlink() try VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS first
This will reduce the amount of syscalls and the related cost drastically
for long path names.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 12 Aug 2022 17:12:44 +0000 (19:12 +0200)]
s3:smbd: let openat_pathref_dirfsp_nosymlink() handle ELOOP similar to ENOTDIR
This is no likely to happen as we use O_NOFOLLOW with O_DIRECTORY,
but it's better to be prepared...
This will be more important in the upcoming openat2(RESOLVE_NO_SYMLINK)
case, but we should be consitent...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Wed, 10 Aug 2022 20:01:10 +0000 (22:01 +0200)]
s3:smbd: let openat_pathref_dirfsp_nosymlink() do a verification loop against . and .. first
I guess we should catch NT_STATUS_OBJECT_NAME_INVALID first,
currently the check is already done in check_path_syntax*,
but we may remove it in future.
But the most important reason for this is the
openat2(RESOLVE_NO_SYMLINK) optimization, which will
be introduced in the following commits.
Review with: git show -w
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Fri, 3 Jun 2022 14:45:41 +0000 (16:45 +0200)]
vfs: define VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS
This will allow us to make use of openat2(RESOLVE_NO_SYMLINKS) soon.
The caller should check if connection_struct.open_how_resolve contains
VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS before using it, this avoids waisting
cpu time. But even then the caller must be prepared to handle -1/ENOSYS.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 12 Aug 2022 08:53:06 +0000 (10:53 +0200)]
lib/replace: let DISABLE_OPATH also undef __NR_openat2
The reason for DISABLE_OPATH is to simulate a non-linux
system, so we should not use openat2() either.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Mon, 8 Aug 2022 13:33:24 +0000 (15:33 +0200)]
lib/replace: add fallback defines for __NR_openat2
sys/syscall.h might be older than the runtime kernel.
If the kernel has support for openat2() we should
try to use if anyway.
The callers have to deal with ENOSYS anyway,
so there's no difference if we get that from syscall(__NR_openat2)
or directly from rep_openat2().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Mon, 8 Aug 2022 13:25:39 +0000 (15:25 +0200)]
lib/replace: use syscall(__NR_openat2) if available
There's no glibc wrapper for openat2() yet, so we need
to use syscall(__NR_openat2) ourself.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Mon, 8 Aug 2022 13:24:28 +0000 (15:24 +0200)]
lib/replace: always include <sys/syscall.h> in replace.c if available
It will be used for openat2() soon.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Mon, 8 Aug 2022 13:23:29 +0000 (15:23 +0200)]
lib/replace: add a replacement for openat2() that returns ENOSYS
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Mon, 8 Aug 2022 13:29:28 +0000 (15:29 +0200)]
vfs_btrfs: fix include order, includes.h or replace.h should be first
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Tue, 9 Aug 2022 10:29:24 +0000 (10:29 +0000)]
vfs_io_uring: hide a possible definition of struct open_how in liburing/compat.h
liburing.h will include liburing/compat.h, which either includes
linux/openat2.h or defines struct open_how itself.
This will help with the following changes, which will provide
openat2() via libreplace's system/filesys.h, either including
linux/openat2.h or defining open_how ourself.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Wed, 10 Aug 2022 22:41:28 +0000 (00:41 +0200)]
wafsamba: allow cflags for CHECK_TYPE[_IN]()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Fri, 12 Aug 2022 17:07:39 +0000 (19:07 +0200)]
s3:tests: add a lot more tests to test_symlink_traversal_smb2.sh
We now also test more path components checking the difference between
OBJECT_NAME_NOT_FOUND and OBJECT_PATH_NOT_FOUND.
We also test with symlinks within the path instead of only checking
symlinks as final path components (at least for the dirfsp part).
This ensures the following commits won't introduce regressions
when adding the openat2(RESOLVE_NO_SYMLINK) optimization.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Andreas Schneider [Wed, 10 Aug 2022 06:51:06 +0000 (08:51 +0200)]
s3:utils: Fix NULL check
CID
1507864
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15140
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 12 21:50:23 UTC 2022 on sn-devel-184
Andreas Schneider [Wed, 10 Aug 2022 06:41:24 +0000 (08:41 +0200)]
s3:util: Initialize json_object structures so we can call json_free()
CID
1507863
CID
1507865
CID
1507866
CID
1507867
CID
1507868
CID
1507869
CID
1507870
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15140
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Tue, 9 Aug 2022 04:59:14 +0000 (21:59 -0700)]
s3: smbd: Remove unix_convert() and associated functions.
All code now uses filename_convert_dirfsp() for race-free
filename conversion.
Best viewed with:
$ git show --patience
----------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| |
| unix_convert |
| |
| |
| 9th August |
| 2022 |
| |
| |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\///\/|_)_______
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 12 19:18:25 UTC 2022 on sn-devel-184
Jeremy Allison [Tue, 9 Aug 2022 19:13:10 +0000 (12:13 -0700)]
s3: smbd: Remove the old dfs_path_lookup() code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 9 Aug 2022 19:11:07 +0000 (12:11 -0700)]
s3: smbd: Switch get_referred_path() over to use the new dfs_path_lookup().
New function doesn't need a TWRP argument and returns NT_STATUS_OK
on successful redirect, not NT_STATUS_PATH_NOT_COVERED.
Comment out the old dfs_path_lookup().
There are now no more users of unix_convert().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 9 Aug 2022 19:07:30 +0000 (12:07 -0700)]
s3: smbd: Add new version of dfs_path_lookup() that uses filename_convert_dirfsp().
Commented out as not yet used but it's easier to see the
new logic this way.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 10 Aug 2022 18:34:24 +0000 (11:34 -0700)]
s3: smbd: Remove dfs_redirect().
A moment of silence please.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 10 Aug 2022 18:32:30 +0000 (11:32 -0700)]
s3: smbd: Remove call to dfs_redirect() from filename_convert_dirfsp_nosymlink().
Use dfs_filename_convert() instead. There are now no more callers of dfs_redirect().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 10 Aug 2022 18:29:33 +0000 (11:29 -0700)]
s3: smbd: Remove call to dfs_redirect() from filename_convert_smb1_search_path().
Use dfs_filename_convert() instead. Code is now much simpler.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 8 Aug 2022 20:18:56 +0000 (13:18 -0700)]
s3: smbd: In filename_convert_dirfsp_nosymlink(), cope with an MS-DFS link as the terminal component.
If the terminal component was an MSDFS link, openat_pathref_fsp_case_insensitive() will
return NT_STATUS_OBJECT_NAME_NOT_FOUND with a VALID_STAT of a symlink.
If this is the case, check if we actually found a terminal MS-DFS link
at the end of the pathname and return NT_STATUS_PATH_NOT_COVERED.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 8 Aug 2022 20:15:17 +0000 (13:15 -0700)]
s3: smbd: In filename_convert_dirfsp_nosymlink(), allow a NT_STATUS_PATH_NOT_COVERED error to be returned.
openat_pathref_dirfsp_nosymlink() can now return NT_STATUS_PATH_NOT_COVERED.
Don't convert this automatically into NT_STATUS_OBJECT_PATH_NOT_FOUND.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 8 Aug 2022 18:31:39 +0000 (11:31 -0700)]
s3: smbd: Allow openat_pathref_dirfsp_nosymlink() to return NT_STATUS_PATH_NOT_COVERED for a DFS link on a DFS share.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 12 Aug 2022 06:57:51 +0000 (23:57 -0700)]
s3: smbd: In get create_junction(), make sure check_path_syntax() is called on returned reqpath.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 12 Aug 2022 06:55:58 +0000 (23:55 -0700)]
s3: smbd: In get referred_path(), make sure check_path_syntax() is called on returned reqpath.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 8 Aug 2022 18:16:17 +0000 (11:16 -0700)]
s3: smbd: Add dfs_filename_convert(). Simple wrapper around parse_dfs_path().
Not yet used.
This is what we will use to replace dfs_redirect() in the filename
conversion code. Keep as a wrapper for now as we might want to
add some error checking around the 'hostname' and 'service'
returns.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 9 Aug 2022 17:58:24 +0000 (10:58 -0700)]
s3: smbd: Use helper function msdfs_servicename_matches_connection() in dfs_redirect().
Replaces ugly complex logic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 9 Aug 2022 17:53:18 +0000 (10:53 -0700)]
s3: smbd: Use helper function msdfs_servicename_matches_connection() in parse_dfs_path().
Replaces ugly complex logic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 9 Aug 2022 17:49:46 +0000 (10:49 -0700)]
s3: smbd: Add helper function msdfs_servicename_matches_connection().
Not yet used so commented out.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 8 Aug 2022 17:27:16 +0000 (10:27 -0700)]
s3: smbd: Remove definition of struct dfs_path.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 10 Aug 2022 18:17:49 +0000 (11:17 -0700)]
s3: smbd: Remove use of 'struct dfs_path'. Not needed for a (hostname, servicename, path) tuple.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 10 Aug 2022 18:06:47 +0000 (11:06 -0700)]
s3: smbd: Add TALLOC_CTX * parameter to parse_dfs_path().
Not yet used. Preparing to remove 'struct dfs_path'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 9 Aug 2022 17:43:45 +0000 (10:43 -0700)]
s3: smbd: Ensure smb2_file_rename_information() uses the SMB2 pathname parsers, not the SMB1 parsers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 9 Aug 2022 17:41:39 +0000 (10:41 -0700)]
s3: smbd: Make sure we have identical check_path_syntax logic in smbd_smb2_create_durable_lease_check(), as for smb2_create.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 9 Aug 2022 17:39:41 +0000 (10:39 -0700)]
s3: smbd: In smbd_smb2_create_send() call the helper function check_path_syntax_smb2().
Previously for DFS names we were skipping this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 9 Aug 2022 17:36:00 +0000 (10:36 -0700)]
s3: smbd: Add helper function check_path_syntax_smb2().
Not yet used, but uses check_path_syntax_smb2_msdfs()
so remove the #ifdef's around that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 5 Aug 2022 19:16:44 +0000 (12:16 -0700)]
s3: smbd: Add new function check_path_syntax_smb2_msdfs() for SMB2 MSDFS paths.
#ifdef'ed out as static and not yet used.
We can't just call check_path_syntax() on these as
they are of the form hostname\share[\extrapath]
(where [\extrapath] is optional).
hostname here can be an IPv6 ':' separated address,
which check_path_syntax() fails on due to the streamname
processing.
NB. This also has to cope with out existing (broken)
libsmbclient libraries that sometimes set the DFS
flag and then send a local pathname. Cope by just
calling the normal check_path_syntax() on the
whole pathname in that case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Sat, 6 Aug 2022 02:27:33 +0000 (19:27 -0700)]
s3: smbd: Fix cosmetic bug logging pathnames from Linux kernel clients using SMB1 DFS calls.
The Linux kernel SMB1 client has a bug - it sends
DFS pathnames as:
\\server\share\path
instead of:
\server\share\path
Causing us to mis-parse server,share,remaining_path here
and jump into 'goto local_path' at 'share\path' instead
of 'path'.
This doesn't cause an error as the limits on share names
are similar to those on pathnames.
parse_dfs_path() which we call before filename parsing
copes with this by calling trim_char on the leading '\'
characters before processing.
Do the same here so logging of pathnames looks better.
How did I find this ? Lots and lots of manual
testing with the Linux kernel client to make
sure all the recent changes haven't broken Linux
SMB1/2/3 DFS :-).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Wed, 10 Aug 2022 13:14:52 +0000 (13:14 +0000)]
s4:torture/smb2: add smb2.bench.echo
This test calls SMB2_Echo in a loop per connection.
For 4 connections with 2 parallel loops use this:
time smbtorture //127.0.0.1/m -Uroot%test smb2.bench.echo \
--option="torture:timelimit=600" \
--option="torture:nprocs=1" \
--option="torture:qdepth=2"
Sometimes the bottleneck is the smbtorture process.
In order to bring the smbd process to 100% cpu, you can use
'--option="libsmb:client_guid=
6112f7d3-9528-4a2a-8861-
0ca129aae6c4"'
and run multiple instances of the test at the same time,
which both talk to the same smbd process.
This is a very useful test to show how many requests are possible
at the raw SMB2 layer.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 11 19:23:37 UTC 2022 on sn-devel-184
Stefan Metzmacher [Wed, 10 Aug 2022 11:43:20 +0000 (11:43 +0000)]
s4:torture/smb2: teach smb2.bench.path-contention-shared about --option="torture:qdepth=4"
This can now test more than one open/close loop per connection.
time smbtorture //127.0.0.1/m -Uroot%test \
smb2.create.bench-path-contention-shared \
--option='torture:bench_path=' \
--option="torture:timelimit=60" \
--option="torture:nprocs=1" \
--option="torture:qdepth=4"
The default is still 1, but it's very useful for tests.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 10 Aug 2022 13:15:45 +0000 (13:15 +0000)]
s4:param: add --option="libsmb:client_guid=
6112f7d3-9528-4a2a-8861-
0ca129aae6c4" support...
We already handle this in the source3/libsmb code, but it's good to
have this also for torture tests.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 10 Aug 2022 13:16:14 +0000 (13:16 +0000)]
s3:g_lock: use TDB_VOLATILE to avoid fcntl locks
This improves 'time smbtorture3 //foo/bar -U% local-g-lock-ping-pong -o
50000000'
from ~1.400.000 to ~3.400.000 operations per second any a testsystem.
As we also use TDB_VOLATILE for locking.tdb, this is a much more
realistic test now.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 9 Aug 2022 14:07:12 +0000 (14:07 +0000)]
smbd: avoid calling SMB_VFS_FGET_NT_ACL() if do_not_check_mask already covers all
This is inspired by
0d4cb5a641e1fea2d369bdc66470a580321366c2,
which avoids SMB_VFS_FGET_NT_ACL() for the root user again.
Opens with just FILE_READ_ATTRIBUTES are very common, so it's worth
optimizing for it.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 10 Aug 2022 14:45:26 +0000 (16:45 +0200)]
s3:include: remove unused update_stat_ex_file_id() prototype
It was removed by commit
643da37fd139413651a6198fb0f6e550f7de6584
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Pavel Filipenský [Fri, 5 Aug 2022 19:43:25 +0000 (21:43 +0200)]
s3:passdb: Consolidate error checking in fetch_ldap_pw()
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Aug 11 06:34:56 UTC 2022 on sn-devel-184
Pavel Filipenský [Fri, 5 Aug 2022 15:30:19 +0000 (17:30 +0200)]
s3:passdb: Remove upgrade support of samba-2.2 style ldap password
It was introduced in 2002. Probably we no longer need to support
password upgrade from samba-2.2.
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Wed, 27 Jul 2022 16:40:21 +0000 (18:40 +0200)]
vfs_default: assert all passed in fsp's and names are non-stream type
Enforce fsp is a non-stream one in as many VFS operations as possible in
vfs_default. We really need an assert here instead of returning an error, as
otherwise he can have very hard to diagnose bugs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Aug 10 16:32:35 UTC 2022 on sn-devel-184
Ralph Boehme [Fri, 29 Jul 2022 05:07:25 +0000 (07:07 +0200)]
vfs_streams_xattr: restrict which fcntl's are allowed on streams
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Wed, 27 Jul 2022 13:58:37 +0000 (15:58 +0200)]
smbd: skip access checks for stat-opens on streams in open_file()
For streams, access is already checked in create_file_unixpath() by
check_base_file_access().
We already skip the access check in this function when doing an IO open of a
file, see above in open_file(), also skip it for "stat opens".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Wed, 27 Jul 2022 17:05:26 +0000 (19:05 +0200)]
smbd: use metadata_fsp() in get_acl_group_bits()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Fri, 29 Jul 2022 12:56:41 +0000 (14:56 +0200)]
smbd: ignore request to set the SPARSE attribute on streams
As per MS-FSA 2.1.1.5 this is a per stream attribute, but our backends don't
support it in a consistent way, therefor just pretend success and ignore the
request.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Fri, 29 Jul 2022 12:56:21 +0000 (14:56 +0200)]
smbd: use metadata_fsp() with SMB_VFS_FSET_DOS_ATTRIBUTES()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Fri, 29 Jul 2022 12:55:08 +0000 (14:55 +0200)]
smbd: use metadata_fsp() with SMB_VFS_FGET_DOS_ATTRIBUTES()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Fri, 29 Jul 2022 12:54:07 +0000 (14:54 +0200)]
smbd: use metadata_fsp() with SMB_VFS_FSET_NT_ACL()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Fri, 29 Jul 2022 12:49:56 +0000 (14:49 +0200)]
smbd: use metadata_fsp() with SMB_VFS_FGET_NT_ACL()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Wed, 27 Jul 2022 11:37:32 +0000 (13:37 +0200)]
CI: add a test trying to delete a stream on a pathref ("stat open") handle
When using vfs_streams_xattr, for a pathref handle of a stream the system fd
will be a fake fd created by pipe() in vfs_fake_fd().
For the following callchain we wrongly pass a stream fsp to
SMB_VFS_FGET_NT_ACL():
SMB_VFS_CREATE_FILE(..., "file:stream", ...)
=> open_file():
if (open_fd):
-> taking the else branch:
-> smbd_check_access_rights_fsp(stream_fsp)
-> SMB_VFS_FGET_NT_ACL(stream_fsp)
This is obviously wrong and can lead to strange permission errors when using
vfs_acl_xattr:
in vfs_acl_xattr we will try to read the stored ACL by calling
fgetxattr(fake-fd) which of course faild with EBADF. Now unfortunately the
vfs_acl_xattr code ignores the specific error and handles this as if there was
no ACL stored and subsequently runs the code to synthesize a default ACL
according to the setting of "acl:default acl style".
As the correct access check for streams has already been carried out by calling
check_base_file_access() from create_file_unixpath(), the above problem is not
a security issue: it can only lead to "decreased" permissions resulting in
unexpected ACCESS_DENIED errors.
The fix is obviously going to be calling
smbd_check_access_rights_fsp(stream_fsp->base_fsp).
This test verifies that deleting a file works when the stored NT ACL grants
DELETE_FILE while the basic POSIX permissions (used in the acl_xattr fallback
code) do not.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Wed, 27 Jul 2022 10:47:21 +0000 (12:47 +0200)]
vfs_xattr_tdb: add "xattr_tdb:ignore_user_xattr" option
Allows passing on "user." xattr to the backend. This can be useful for testing
specific aspects of operation on streams when "streams_xattr" is configured as
stream filesystem backend.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
git.samba.org / samba-bkup.git / log