| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
CVE-2017-2619: Symlink race allows access outside share definition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|
|
|
|
|
|
|
| |
CVE-2017-2619: Symlink race allows access outside share definition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|
|
|
|
|
|
|
| |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
|
|
|
|
|
|
|
| |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
|
|
|
|
|
|
|
|
|
| |
utility function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
|
|
|
|
|
|
|
|
|
| |
existing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
|
|
|
|
|
|
|
|
|
| |
not supported on system.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
|
|
|
|
|
|
|
|
|
| |
just before retuning success.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
|
|
|
|
|
|
|
| |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
|
|
|
|
|
|
|
| |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
|
|
|
|
|
|
|
|
|
| |
Hardens OpenDir against TOC/TOU races.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
|
|
|
|
|
|
|
|
|
| |
failed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
|
|
|
|
|
|
|
|
|
| |
for making robust.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
|
|
|
|
|
|
|
|
|
| |
SMB2_CONTINUE_FLAG_REOPEN flag
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
|
|
|
|
|
|
|
|
|
|
| |
dptr_CloseDir() will close and invalidate the fsp's file descriptor, we
have to reopen it.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
|
|
|
|
|
|
|
| |
and re-enable GIT_SNAPSHOTS.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit ca33b7c71f5851198e5224c58856be0e8aa6425f)
|
|
|
|
| |
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|
|
|
|
| |
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|
|
|
|
|
|
|
| |
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Tue Mar 14 16:30:22 CET 2017 on sn-devel-144
|
|
|
|
|
|
|
|
|
|
| |
Some options MUST be set in the global section, better document that.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12615
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 0c212c50b59081583572f807cf5214037d1517c4)
|
|
|
|
|
|
|
|
| |
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit fd03420c4f59d3248b80d07a302d1404ce78b09f)
|
|
|
|
|
|
|
|
|
|
| |
No change in behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit 6e54d8d2bda2c9232676f8c08c626f22de50f52b)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I noticed smbd can get stuck in an open() call with kernel oplocks
enabled and named streams (provided by vfs_streams_xattr):
- client opens a file and with an exclusive oplock
- client starts writing to the file
- client opens an existing stream of the file
- the smbd process gets stuck in an open()
What happens is:
we had setup a locking.tdb record watch in defer_open(), the watch was
triggered, we reattempted the open and got stuck in a blocking open
because the oplock holder (ourselves) hadn't given up the oplock yet.
Cf e576bf5310bc9de9686a71539e9a1b60b4fba5cc for the commit that added
the kernel oplock retry logic. tldr: with kernel oplocks the first open
is non-blocking, but the second one is blocking.
Detailed analysis follows.
When opening a named stream of a file, Samba internally opens the
underlying "base" file first. This internal open of the basefile suceeds
and does *not* trigger an oplock break (because it is an internal open
that doesn't call open() at all) but it is added as an entry to the
locking.tdb record of the file.
Next, the stream open ends up in streams_xattr where a non-blocking
open() on the base file is called. This open fails with EWOULDBLOCK
because we have another fd with a kernel oplock on the file.
So we call defer_open() which sets up a watch on the locking.tdb record.
In the subsequent error unwinding code in open_file_ntcreate() and
callers we close the internal open file handle of the basefile which
also removes the entry from the locking.tdb record and so *changes the
record*.
This fires the record watch and in the callback defer_open_done() we
don't check whether the condition (oplock gone) we're interested in is
actually met. The callback blindly reschedules the open request with
schedule_deferred_open_message_smb().
schedule_deferred_open_message_smb() schedules an immediate tevent event
which has precedence over the IPC fd events in messaging, so the open is
always (!) reattempted before processing the oplock break message.
As explained above, this second open will be a blocking one so we get
stuck in a blocking open.
It doesn't help to make all opens non-blocking, that would just result
in a busy loop failing the open, as we never process the oplock break
message (remember, schedule_deferred_open_message_smb() used immediate
tevent events).
To fix this we must add some logic to the record watch callback to check
whether the record watch was done for a kernel oplock file and if yes,
check if the oplock state changed. If not, simply reschedule the
deferred open and keep waiting.
This logic is only needed for kernel oplocks, not for Samba-level
oplocks, because there's no risk of deadlocking, the worst that can
happen is a rescheduled open that fails again in the oplock checks and
gets deferred again.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit b35a296a27a0807c780f2a9e7af2f2e93feefaa8)
|
|
|
|
|
|
|
|
|
|
|
| |
No change in behaviour. Update the function comment explaining how it
works and relies on lck for a record watch.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit 1a6c82e5d5a3462827ee3fe1edab01f535f831a9)
|
|
|
|
|
|
|
|
|
|
| |
All remaining callers pass false.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 7fa2f1159437c9f1aa47f51e65655b4d9afa5c0a)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
schedule_async_open() was calling defer_open with sharemode lock = NULL,
as a result there was never an active 20 s timeout.
This has been broken since the commits in
$ git log --reverse -p -10 8283fd0e0090ed12b0b12d5acb550642d621b026
Just roll our own deferred record instead of calling defer_open() and
also set up timer that, as a last resort, catches stuck opens and just
exits for now.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit ad8c36125f72e0d5f9ebfc94037a4ae9e7608aad)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a new function that does an immediate open rescheduling.
The first deferred open this commit changes was never scheduled, as the
scheduling relies on a timeout of the watch on the sharemode lock.
This has been broken since the commits in
$ git log --reverse -p -10 8283fd0e0090ed12b0b12d5acb550642d621b026
That patchset added the dbwrap watch record logic to defer_open() and
removed the timers.
I'm doing this mainly to untangle the defer_open() logic which is
complicated by the lck arg.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit beaba6222848fb4ff4392b2247c5be1094b1d65b)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a helper function deferred_open_record_create() that creates a
deferred_open_record and let all callers pass all needed arguments
individually.
While we're at it, enhance the debug message in defer_open() to print
all variables.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit b17ff9b181b7b9730d32534e720c45faabfa6799)
|
|
|
|
|
|
|
|
|
|
|
| |
req can't be NULL because the if condition surrounding this code checks
!(oplock_request & INTERNAL_OPEN_ONLY).
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 8580adc1d968304b69237f289d13950972394b48)
|
|
|
|
|
|
|
|
|
|
| |
No change in behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit f5631f6b3520326d4c9a6bae5636fd8d53e66b29)
|
|
|
|
|
|
|
|
| |
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 6924e72ade20e98ac470fcb6ba7120c61b06bb0f)
|
|
|
|
|
|
|
|
|
|
|
| |
Fix a copy/paste error, the Linux kernel oplocks check was copied from
the change notify support check.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit fe473f805af885a23bb16046c9d26d756e164f30)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the GNU C Library, "makedev" is defined by <sys/sysmacros.h>. For
historical compatibility, it is currently defined by <sys/types.h> as
well, but it is planned to remove this soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12686
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 0127bdd33b251a52c6ffc44b6cb3b82b16a80741)
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12610
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit cf9acf9a3da932fca115967eb3d9d9ed48fcbbfc)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Mon Mar 13 13:03:15 CET 2017 on sn-devel-144
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Apple's SMB2 AAPL extension is enabled once per SMB2
connection. Unfortunately the (per se correct) fix for bug #12541
results in vfs_fruit checking a per tcon config state variable to
determine whether AAPL has been negotiated. This variable will be false
for all but the first tcon. We must make it a global variable.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12604
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Thu Mar 2 04:34:10 CET 2017 on sn-devel-144
(cherry picked from commit 41204a4972ea62b7b656ad81e24bd052990f7e87)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the send queue grows greater than xconn->smb2.credits.max/16,
smbd_smb2_request_next_incoming() doesn't allocate a new request in state->req.
After smbd_smb2_io_handler() is called, it marks the fd not readable as
state->req == NULL, and never marks it readable again.
Fix by calling smbd_smb2_request_next_incoming() to restart
reads inside smbd_smb2_flush_send_queue() which drains the
send queue.
Reported by <chen.yehua@h3c.com>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12608
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Mar 3 02:23:20 CET 2017 on sn-devel-144
(cherry picked from commit 1e0c79ddb34be9a2b9fa92d35387c443c4a381ae)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Mon Mar 6 16:02:16 CET 2017 on sn-devel-144
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 0392ebcd1d48e9f472f2148b85316a77d9cc953b effectively
disabled the enumeration of trusts in other forests.
The fixes for https://bugzilla.samba.org/show_bug.cgi?id=11691
changed the way we fill domain->domain_flags for domains
in other forests.
Commit fffefe72fcc62d9688b45f53a5327667dc0b2fe6 readded the
ability to enumerate trusts of other forests again, in order to
fix https://bugzilla.samba.org/show_bug.cgi?id=11830
Now we have the problem that multiple domains
(even outside of our forest) are considert to be
our forest root, as they have the following flags:
NETR_TRUST_FLAG_TREEROOT and NETR_TRUST_FLAG_IN_FOREST.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12605
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Mar 2 17:53:14 CET 2017 on sn-devel-144
(cherry picked from commit f9aaddcdd8f9ea648c9c5ea804f56ee3ff6c4c67)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
vfs_fruit only creates AppleDouble files itself when "fruit:resource" is
set to "file" (the default). It is only then the these AppleDouble files
should be treated as an internal representation and should be
inaccessible from clients.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12526>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 708767da8c366c021d6d15a3ae71d009357c3320)
|
|
|
|
|
|
| |
and re-enable git snapshots.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|
|
|
|
| |
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|
|
|
|
| |
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This matches the behaviour of pdb_get_trust_credentials() for
our machine account and allows us to fallback to NTLMSSP
when contacting trusted domains.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 4e9a0894cd977585ccc94e7c1811de1b0293382d)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Tue Feb 28 13:13:04 CET 2017 on sn-devel-144
|
|
|
|
|
|
|
|
|
| |
Any fallbacks to other authentication methods should be logged.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(similar to commit ea0bc12ba52166032d5112ee22ab53d831c13e86)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The implementation of pdb_get_trust_credentials() should have all
the details to set the kerberos_state to a useful value.
This should enable the fallback to NTLMSSP again, when using our
machine account against trusted domains.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 51caeb7c538b7546e5feccf27a735bb803c78a0b)
|
|
|
|
|
|
|
|
|
| |
Any fallbacks to other authentication methods should be logged.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(similar to commit ba9d139ec3d71af184a24daf24356304c2e49144)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pdb_get_trust_credentials()
Trust accounts can only use kerberos when contacting other AD domains,
using NTLMSSP will fail.
At the same time it doesn't make sense to try kerberos for NT4 domains,
still NTLMSSP will fail, but the callers has to deal with that
case and just fallback to an anonymous SMB connection.
In all cases we should be able to use NETLOGON SCHANNEL
over any anonymous smb or tcp transport.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit d961ae9d14b46708d2693ca91ace04f9f1a53ca2)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If we are in a situation where we don't have credentials to contact the
remote domain or against an NT4 with the following settings:
workgroup = NT4DOM
security = domain
require strong key = no
client use spnego = no
client ipc signing = auto
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12587
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(similar to commit c97a29bdfdc0020ec0113073580da56f2d35edc1)
|
|
|
|
|
|
|
|
|
|
| |
in an AD domain
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12587
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit b845f16d3ca02dd27cc40bbf722426d6f81bb4b7)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
trusted domains.
We're using only NCACN_NP here as we rely on the smb signing restrictions
of cm_prepare_connection().
This should fix SMB authentication with a user of a domain
behind a transitive trust.
With this change winbindd is able to call
dcerpc_netr_DsrEnumerateDomainTrusts against the
dc of a trusted domain again. This only works
for two-way trusts.
The main problem is the usage of is_trusted_domain()
which doesn't know about the domain, if winbindd can't
enumerate the domains in the other forest.
is_trusted_domain() is used in make_user_info_map(),
which is called in auth3_check_password() before
auth_check_ntlm_password().
That means we're mapping the user of such a domain
to our own local sam, before calling our auth modules.
A much better fix, which removes the usage of is_trusted_domain()
in planed for master, but this should do the job for current releases.
We should avoid talking to DCs of other domains and always
go via our primary domain. As we should code with one-way trusts
also, we need to avoid relying on a complete list of
domains in future.
For now "wbinfo -m" lists domains behind a two-way transitive
trust again, but that is likely to change in future again!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11830
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit fffefe72fcc62d9688b45f53a5327667dc0b2fe6)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
tree connect
If cm_get_ipc_credentials() returned anonymous creds and signing is required
we were returning the result of cm_get_ipc_credentials() instead of
the original error.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12588
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(similar to commit cebcc2adc7e568d492466bb69f21ba2a9630a0d2)
|