summaryrefslogtreecommitdiff
path: root/source3
Commit message (Collapse)AuthorAgeFilesLines
* Add a test for smbclient -l basenameAmit Kumar2020-05-142-0/+39
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14345 Signed-off-by: Amit Kumar <amitkuma@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> (cherry picked from commit 2a7fc40fb3f3ca994cecad3e2957433d7a411208)
* s3: pass DCE RPC handle type to create_policy_hndAlexander Bokovoy2020-05-0410-48/+108
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Various RPC services expect policy handles of a specific type. s3 RPC server did not allow to create policy handles with a specific type while actually requiring that policy handle type itself in some places. Make sure we are able to specify the policy on-wire handle type when creating the policy handle. The changes follow s4 DCE RPC server implementation. The original logic to always set on-wire handle type to 0 can be tracked down to commit fdeea341ed1bae670382e45eb731db1b5838ad21 when we didn't really know about differences in on-wire handle types. All but LSA trusted domain RPC calls do not check the on-wire handle type in s3 RPC server. Fixes trusted domain operations when Samba RPC client attempts to call s3 RPC server to perform lsa_lsaRSetForestTrustInformation in FreeIPA. This fix is a pre-requisite for FreeIPA-FreeIPA forest trust. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14359 Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Apr 28 22:55:29 UTC 2020 on sn-devel-184 (cherry picked from commit c7a4578d06427a82ead287f0c5248c1a54cc9336) Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-12-test): Mon May 4 13:06:07 UTC 2020 on sn-devel-184
* dbwrap_watch: Set rec->value_valid while returning nested share_mode_do_locked()Anoop C S2020-05-041-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As reported on samba-technical by Rouven WEILER <Rouven_Weiler@gmx.net>: https://lists.samba.org/archive/samba-technical/2020-April/135116.html Following backtrace was observed with vfs_fruit for time machine backup: [2020/04/10 08:00:38.107917, 0] ../../lib/dbwrap/dbwrap.c:82(dbwrap_record_get_value) PANIC: assert failed at ../../lib/dbwrap/dbwrap.c(82): rec->value_valid [2020/04/10 08:00:38.108499, 0] ../../source3/lib/util.c:830(smb_panic_s3) PANIC (pid 3427): assert failed: rec->value_valid [2020/04/10 08:00:38.109541, 0] ../../lib/util/fault.c:265(log_stack_trace) BACKTRACE: 37 stack frames: #0 /usr/lib/samba/amd64/libsamba-util.so.0.0.1'log_stack_trace+0x26 [0xfffffd7fee51de66] #1 /usr/lib/samba/amd64/libsmbconf.so.0'smb_panic_s3+0x26 [0xfffffd7fedf5a596] #2 /usr/lib/samba/amd64/libsamba-util.so.0.0.1'smb_panic+0x1f [0xfffffd7fee51df3f] #3 /usr/lib/samba/private/amd64/libdbwrap-samba4.so'dbwrap_record_get_value+0x2a [0xfffffd7feccb627a] #4 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'get_share_mode_lock+0x109 [0xfffffd7fee7195c9] #5 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'smbd_contend_level2_oplocks_begin+0xa1 [0xfffffd7fee7f7761] #6 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'brl_lock+0x635 [0xfffffd7fee710f45] #7 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'do_lock_fn+0xa4 [0xfffffd7fee70d534] #8 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'share_mode_do_locked_fn+0x86 [0xfffffd7fee7174b6] #9 /usr/lib/samba/amd64/libsmbconf.so.0'dbwrap_watched_do_locked_fn+0xfa [0xfffffd7fedf622ca] #10 /usr/lib/samba/private/amd64/libdbwrap-samba4.so'db_tdb_do_locked+0x12f [0xfffffd7feccb95cf] #11 /usr/lib/samba/private/amd64/libdbwrap-samba4.so'dbwrap_do_locked+0x48 [0xfffffd7feccb69a8] #12 /usr/lib/samba/amd64/libsmbconf.so.0'dbwrap_watched_do_locked+0x6f [0xfffffd7fedf60d7f] #13 /usr/lib/samba/private/amd64/libdbwrap-samba4.so'dbwrap_do_locked+0x48 [0xfffffd7feccb69a8] #14 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'share_mode_do_locked+0xd2 [0xfffffd7fee719b82] #15 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'do_lock+0xf0 [0xfffffd7fee70dfe0] #16 /usr/lib/samba/amd64/vfs/fruit.so'fruit_create_file+0x7ba [0xfffffd7fe88855aa] #17 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'smbd_smb2_request_process_create+0xa07 [0xfffffd7fee7d3237] #18 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'smbd_smb2_request_dispatch+0xc8f [0xfffffd7fee7c985f] #19 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'smbd_smb2_connection_handler+0x621 [0xfffffd7fee7ca7e1] #20 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'tevent_common_invoke_fd_handler+0x80 [0xfffffd7fecd3a580] #21 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'epoll_event_loop_once+0x22c [0xfffffd7fecd4180c] #22 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'std_event_loop_once+0x40 [0xfffffd7fecd3f8f0] #23 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'_tevent_loop_once+0x95 [0xfffffd7fecd39bd5] #24 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'tevent_common_loop_wait+0x23 [0xfffffd7fecd39e43] #25 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'std_event_loop_wait+0x40 [0xfffffd7fecd3f870] #26 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'smbd_process+0x777 [0xfffffd7fee7b8677] #27 /usr/lib/samba/sbin/amd64/smbd'smbd_accept_connection+0x189 [0x40d5b9] #28 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'tevent_common_invoke_fd_handler+0x80 [0xfffffd7fecd3a580] #29 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'epoll_event_loop_once+0x22c [0xfffffd7fecd4180c] #30 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'std_event_loop_once+0x40 [0xfffffd7fecd3f8f0] #31 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'_tevent_loop_once+0x95 [0xfffffd7fecd39bd5] #32 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'tevent_common_loop_wait+0x23 [0xfffffd7fecd39e43] #33 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'std_event_loop_wait+0x40 [0xfffffd7fecd3f870] #34 /usr/lib/samba/sbin/amd64/smbd'main+0x1a0f [0x40f9ff] #35 /usr/lib/samba/sbin/amd64/smbd'_start_crt+0x83 [0x408e73] #36 /usr/lib/samba/sbin/amd64/smbd'_start+0x18 [0x408dd8] In this particular nested share_mode_do_locked() invocation, callback comes through dbwrap_watched_do_locked_fn() where it fails to update rec->value_valid which further gets assigned to static_share_mode_record within share_mode_do_locked_fn(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14352 Signed-off-by: Anoop C S <anoopcs@redhat.com> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Tue Apr 21 17:37:43 UTC 2020 on sn-devel-184 (cherry picked from commit 5651fafe9856e69c93dba3efa6253780cf3c10a1)
* libsmb: Don't try to find posix stat info in SMBC_getatr()Volker Lendecke2020-05-043-30/+0
| | | | | | | | | | | | | | | | | This wrongly used "frame" instead of "fname", which can never have worked. A first attempt to fix in 51551e0d53fa6 caused a few followup patches in an attempt to clean up the test failures 51551e0d53fa6 introduced. They were reverted after a few discussions. So rather than changing behaviour, just remove the code that introduced the valgrind error again. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Mar 20 05:06:07 UTC 2020 on sn-devel-184 (cherry picked from commit 39c910fd9cba3caf7414274b678b9eee33d7e20b)
* Merge tag 'samba-4.12.2' into v4-12-testKarolin Seeger2020-04-285-7/+11
|\ | | | | | | samba: tag release samba-4.12.2
| * CVE-2020-10704: libcli ldap_message: Add search size limits to ldap_decodeGary Lockyer2020-04-221-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add search request size limits to ldap_decode calls. The ldap server uses the smb.conf variable "ldap max search request size" which defaults to 250Kb. For cldap the limit is hard coded as 4096. Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
| * CVE-2020-10704: smb.conf: Add max ldap request sizesGary Lockyer2020-04-221-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add two new smb.conf parameters to control the maximum permitted ldap request size. Adds: ldap max anonymous request size default 250Kb ldap max authenticated request size default 16Mb Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
| * CVE-2020-10704: lib util asn1: Add ASN.1 max tree depthGary Lockyer2020-04-224-7/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | Add maximum parse tree depth to the call to asn1_init, which will be used to limit the depth of the ASN.1 parse tree. Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* | s3: VFS: Add cmocka test for vfs_full_audit to make sure all arrays are correct.Jeremy Allison2020-04-173-0/+58
| | | | | | | | | | | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14343 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (Back-ported from commit 5e987e2f40e7698de489696d795ebe26b7e75c9b) Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-12-test): Fri Apr 17 10:19:13 UTC 2020 on sn-devel-184
* | s3: VFS: full_audit. Add missing fcntl entry in vfs_op_names[] array.Jeremy Allison2020-04-171-0/+1
| | | | | | | | | | | | | | | | | | | | Found by yannick@in2ip.nl. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14343 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit 977d3c7bab3319725abc418839d581489fd9bbe9)
* | s3/librpc/crypto: Fix double free with unresolved credential cacheNoel Power2020-04-151-4/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We free gse_ctx->k5ctx but then free it again in the talloc dtor. This patch just lets the talloc dtor handle things and removes the extra krb5_free_context Failed to resolve credential cache 'DIR:/run/user/1000/krb5cc'! (No credentials cache found) ==30762== Invalid read of size 8 ==30762== at 0x108100F4: k5_os_free_context (in /usr/lib64/libkrb5.so.3.3) ==30762== by 0x107EA661: krb5_free_context (in /usr/lib64/libkrb5.so.3.3) ==30762== by 0x7945D2E: gse_context_destructor (gse.c:84) ==30762== by 0x645FB49: _tc_free_internal (talloc.c:1157) ==30762== by 0x645FEC5: _talloc_free_internal (talloc.c:1247) ==30762== by 0x646118D: _talloc_free (talloc.c:1789) ==30762== by 0x79462E4: gse_context_init (gse.c:241) ==30762== by 0x794636E: gse_init_client (gse.c:268) ==30762== by 0x7947602: gensec_gse_client_start (gse.c:786) ==30762== by 0xBC87A3A: gensec_start_mech (gensec_start.c:743) ==30762== by 0xBC87BC6: gensec_start_mech_by_ops (gensec_start.c:774) ==30762== by 0xBC8167F: gensec_spnego_client_negTokenInit_step (spnego.c:633) ==30762== Address 0x17259928 is 40 bytes inside a block of size 496 free'd ==30762== at 0x4C2F50B: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==30762== by 0x79462CA: gse_context_init (gse.c:238) ==30762== by 0x794636E: gse_init_client (gse.c:268) ==30762== by 0x7947602: gensec_gse_client_start (gse.c:786) ==30762== by 0xBC87A3A: gensec_start_mech (gensec_start.c:743) ==30762== by 0xBC87BC6: gensec_start_mech_by_ops (gensec_start.c:774) ==30762== by 0xBC8167F: gensec_spnego_client_negTokenInit_step (spnego.c:633) ==30762== by 0xBC813E2: gensec_spnego_client_negTokenInit_start (spnego.c:537) ==30762== by 0xBC84084: gensec_spnego_update_pre (spnego.c:1943) ==30762== by 0xBC83AE5: gensec_spnego_update_send (spnego.c:1741) ==30762== by 0xBC85622: gensec_update_send (gensec.c:449) ==30762== by 0x551BFD0: cli_session_setup_gensec_local_next (cliconnect.c:997) ==30762== Block was alloc'd at ==30762== at 0x4C306B5: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==30762== by 0x107EA7AE: krb5_init_context_profile (in /usr/lib64/libkrb5.so.3.3) ==30762== by 0xB853215: smb_krb5_init_context_common (krb5_samba.c:3597) ==30762== by 0x794615B: gse_context_init (gse.c:209) ==30762== by 0x794636E: gse_init_client (gse.c:268) ==30762== by 0x7947602: gensec_gse_client_start (gse.c:786) ==30762== by 0xBC87A3A: gensec_start_mech (gensec_start.c:743) ==30762== by 0xBC87BC6: gensec_start_mech_by_ops (gensec_start.c:774) ==30762== by 0xBC8167F: gensec_spnego_client_negTokenInit_step (spnego.c:633) ==30762== by 0xBC813E2: gensec_spnego_client_negTokenInit_start (spnego.c:537) ==30762== by 0xBC84084: gensec_spnego_update_pre (spnego.c:1943) ==30762== by 0xBC83AE5: gensec_spnego_update_send (spnego.c:1741) ==30762== BUG: https://bugzilla.samba.org/show_bug.cgi?id=14344 Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Noel Power <npower@samba.org> Autobuild-Date(master): Tue Apr 14 22:55:51 UTC 2020 on sn-devel-184 (cherry picked from commit 34f8ab774d1484b0e60dbdec8ad2a1607ad92122) Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-12-test): Wed Apr 15 13:20:28 UTC 2020 on sn-devel-184
* | s3:libads: Fix ads_get_upn()Andreas Schneider2020-04-071-0/+1
| | | | | | | | | | | | | | | | | | | | | | This adds the userPrincipalName to ads_find_machine_acct() which fetches the data for us. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14336 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> (cherry picked from commit ec69752cb963ae850568d3f4905d2941e485627e)
* | smbd: let delayed update handler also update on-disk timestampsRalph Boehme2020-04-071-9/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Let delayed update handler also update on-disk timestamps by calling trigger_write_time_update_immediate(). trigger_write_time_update_immediate() sets fsp->update_write_time_on_close to false which prevents updating the write-time on close if there was ever only one write to the file. Besides resetting fsp->update_write_time_on_close and setting the on-disk timestamps trigger_write_time_update_immediate() takes the same steps as the removed code. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14320 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Mar 19 03:05:40 UTC 2020 on sn-devel-184 (cherry picked from commit 81c1a14e3271aeed7ed4fe6311171b19ba963555)
* | smbd: let mark_file_modified() always call trigger_write_time_update()Ralph Boehme2020-04-071-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Preperatory change: the next commit will reset fsp->update_write_time_on_close in the event handler, so this change ensures it gets set again for any subsequent write. This will NOT always result in a write-time update because trigger_write_time_update() has its own only-once logic using the internal variable fsp->update_write_time_triggered. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14320 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 53de2da7acfc24513082190502d93306c12b7434)
* | smbd: remove stat call from mark_file_modified()Ralph Boehme2020-04-071-3/+0
| | | | | | | | | | | | | | | | | | | | | | | | This stat dates back to d03453864ab1bc5fd3b4a3abaf96176a006c102b where the call to trigger_write_time_update() had been to the file IO codepath. It was present there for other reasons: to setup the write-cache based on the file's size. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14320 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 2c19d27113036d607850f370bb9afd62856d671e)
* | s3: tests: Add samba3.blackbox.force-close-shareJeremy Allison2020-04-072-0/+109
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Checks server stays up whilst writing to a force closed share. Uses existing aio_delay_inject share to delay writes while we force close the share. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sun Mar 8 19:34:14 UTC 2020 on sn-devel-184 (cherry picked from commit bb22be08b077b7d5911ccdeb1012f4dea85647e5) (cherry picked from commit 566658d914176c41942e3c6aba404ae369aeb123)
* | smbd: enforce AIO requests drainingJeremy Allison2020-04-071-63/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Assert we have no aio on a close. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Combined squash of commits: (cherry picked from commit 410e7599bd2ae9b35429f60a529bb7c4aa88df25) (cherry picked from commit acb0b01761330864a23932f643f7ad4e3d374634) (cherry picked from commit f94cd10a211e2eae966ba4bd26921556bbe513fc) (cherry picked from commit 0ae4f368c6c8d2c8c7aa34069007a984055df0da) (cherry picked from commit 86dd5a080969e14ab0d131d8cb1054ec624a41ba)
* | s3: smbd: Remove file_close_pid().Jeremy Allison2020-04-072-19/+0
| | | | | | | | | | | | | | | | | | | | The old synchronous reply_exit() was the only user. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 584933439c70af3d2fd047e62a3456c1c2eca45e)
* | s3: smbd: Remove old synchronous SMB1 reply_exit().Jeremy Allison2020-04-071-10/+21
| | | | | | | | | | | | | | | | | | | | SMB1 exit is now fully async. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 1de0daa715f3324e3620ae8152b7fbaeb40ee9d9)
* | s3: smbd: Add async internals of reply_exit().Jeremy Allison2020-04-071-0/+201
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Waits until all aio requests on all fsp's owned by this vuid are finished before returning to the client. Charges the profile time in the done function. Not strictly correct but better than the other SMB1 async code that double-charges profiling in both send and done at the moment. Done this way (commented out) so it is a clean diff and it's clear what is being added. A later commit will remove the old synchronous version. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 8f58feab58afbc7aa214fac2a1728dda68303c6b)
* | s3: smbd: Remove old synchronous SMB1 reply_ulogoffX().Jeremy Allison2020-04-071-27/+21
| | | | | | | | | | | | | | | | | | | | SMB1 user logoff is now fully async. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 446b64ca66591d8ae5b4bf1aabdd46a1e8cb1c1c)
* | s3: smbd: reply_ulogoffX() Update to modern coding standards.Jeremy Allison2020-04-071-2/+2
| | | | | | | | | | | | | | | | | | | | Minimizes the diff in the later commits. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 9cda76ad29db0cfbffa3dbb0764ec5dda24490f9)
* | s3: smbd: In reply_ulogoffX(), replace req -> smb1req.Jeremy Allison2020-04-071-11/+11
| | | | | | | | | | | | | | | | | | | | Minimises the diff in later commits. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 5c073aa01b304f54a0039d9cd9dc74123191eb4b)
* | s3: smbd: Add async internals of reply_ulogoffX.Jeremy Allison2020-04-071-0/+168
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Waits until all aio requests on all fsp's owned by this vuid are finished before returning to the client. Charges the profile time in the done function. Not strictly correct but better than the other SMB1 async code that double-charges profiling in both send and done at the moment. Done this way (commented out) so it is a clean diff and it's clear what is being added. A later commit will remove the old synchronous version. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 4dd3012cb1b5e000ccf68d2601dbdbcb7ff538b5)
* | s3: smbd: Remove old synchronous SMB1 reply_tdis().Jeremy Allison2020-04-071-26/+19
| | | | | | | | | | | | | | | | | | | | SMB1 tree disconnect is now fully async. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 7613998e10c5f13c896667257fdef33824a45d2a)
* | s3: smbd: reply_tdis() Update to modern coding standards.Jeremy Allison2020-04-071-2/+2
| | | | | | | | | | | | | | | | | | | | Minimizes the diff in the next commit. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 71725f1c4adaa04ef04c0dd400c49399952ef5fa)
* | s3: smbd: In reply_tdis(), replace req -> smb1req.Jeremy Allison2020-04-071-6/+6
| | | | | | | | | | | | | | | | | | | | Minimises the diff in the next commit. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit ca4521f1dd97bc5a05e381c652b05ae1eb8bd29b)
* | s3: smbd: Add async internals of reply_tdis().Jeremy Allison2020-04-071-0/+173
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Waits until all aio requests on all fsp's under this conn struct are finished before returning to the client. Charges the profile time in the done function. Not strictly correct but better than the other SMB1 async code that double-charges profiling in both send and done at the moment. Done this way (commented out) so it is a clean diff and it's clear what is being added. A later commit will remove the old synchronous version. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 86cc67d5a7de0a81131b11447dad57b2681d8e01)
* | s3: smbd: Replace synchronous conn_force_tdis() with the async version.Jeremy Allison2020-04-071-28/+16
| | | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 7891302ab8eeba8261b92171a4d429e2f538b89a)
* | s3: smbd: Add async internals of conn_force_tdis().Jeremy Allison2020-04-071-0/+148
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commented out so it can be seen complete as a diff. The next commit will replace the old synchronous conn_force_tdis() code with the new async code. Uses a wait_queue to cause the force close requests to stay pending until all outstanding aio is finished on all file handles opened on the connection. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 4f9e0459cd06f0332083a4a465f49b5f258838fa)
* | s3: smbd: Don't allow force disconnect of a connection already being ↵Jeremy Allison2020-04-071-0/+5
| | | | | | | | | | | | | | | | | | | | disconnected. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit ac800ca6bcb43c74a1a6ef508b900e2e6cb532dc)
* | s3: smbd: Every place we check fsp->deferred_close, also check for fsp->closing.Jeremy Allison2020-04-072-0/+24
| | | | | | | | | | | | | | | | | | | | | | Eventually this will allow us to remove fsp->deferred_close from the fsp struct (and also source3/lib/tevent_wait.[ch]). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 4287ea138e82103cce0a939e504f9810636b4747)
* | s3: smbd: In async SMB1 reply_close() set fsp->closing = true, as we already ↵Jeremy Allison2020-04-071-0/+7
| | | | | | | | | | | | | | | | | | | | do in SMB2 async close. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit b7d09b30ad14d51bbcbe368a11348754121f6ff8)
* | s3: smbd: Now we free fsp->aio_requests when it gets zero entries, talloc in ↵Jeremy Allison2020-04-071-1/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | chunks of 10 instead of 1. Prevents incremental +1 tallocs, and the original idea of this array was that it wasn't freed for io efficiency reasons. Add paranoia integer wrap protection also. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit b90bc0f28918133badbf6810d5e298fc326bd1aa)
* | s3: smbd: In aio_del_req_from_fsp() talloc_free(fsp->aio_requests[]) when ↵Jeremy Allison2020-04-071-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | fsp->num_aio_requests reaches zero. The add code in aio_add_req_to_fsp() re-tallocs this array on demand, and talloc freeing it here allows it to be used as the parent for a tevent wait queue, so callers can get notified when all outstanding aio on an fsp is finished. We'll deal with any performance issues in the next commit. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 0c952bba1edf7c8173d05ccdc6fdaa7232d2c6aa)
* | s3: VFS: vfs_aio_pthread: Make aio opens safe against connection teardown.Jeremy Allison2020-04-071-1/+65
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allocate state off fsp->conn, not NULL, and add a destructor that catches deallocation of conn which happens on connection shutdown or force close. Note - We don't allocate off fsp as the passed in fsp will get freed once we return EINPROGRESS/NT_STATUS_MORE_PROCESSING_REQUIRED. A new fsp pointer gets allocated on every re-run of the open code path. The destructor allows us to NULL out the saved conn struct pointer when conn is deallocated so we know not to access deallocated memory. This matches the async teardown code changes for bug #14301 in pread/pwrite/fsync vfs_default.c and vfs_glusterfs.c state is still correctly deallocated in all code paths so no memory leaks. This allows us to safely complete when the openat() returns and then return the error NT_STATUS_NETWORK_NAME_DELETED to the client open request. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit 6b567e0c138d1cf2bcf58c84872ed2b0e89d628d)
* | s3: VFS: vfs_aio_pthread: Add a talloc context parameter to ↵Jeremy Allison2020-04-071-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | create_private_open_data(). Pass in NULL for now so no behavior change. We will be changing this from NULL to fsp->conn in a later commit. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit e566066605981549b670a5392683fbd81ce93d18)
* | s3: VFS: vfs_aio_pthread. Move xconn into state struct (opd).Jeremy Allison2020-04-071-9/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | We will need this in future to cause a pending open to be rescheduled after the connection struct we're using has been shut down with an aio open in flight. This will allow a correct error reply to an awaiting client. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit ddb9038fe776b1d8239e563a4c9a70b4097645f3)
* | s3: VFS: vfs_aio_pthread: Replace state destructor with explicitly called ↵Jeremy Allison2020-04-071-11/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | teardown function. This will allow repurposing a real destructor to allow connections structs to be freed whilst the aio open request is in flight. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit 8db831a318cd4a10ec9c1d629ebff4ca35b8acfe)
* | s3: VFS: vfs_aio_pthread. Fix leak of state struct on error.Jeremy Allison2020-04-071-0/+1
| | | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit a1e247c3ba579ecc6ee03f5aad9679ed79fac5ac)
* | smbd: avoid double chdir() in chdir_current_service()Ralph Boehme2020-04-071-38/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since 8e81090789e4cc3ba9e5aa792d4e52971909c894 we're doing chdir() twice, first into conn->connectpath, then into conn->origpath. Before commit 8e81090789e4cc3ba9e5aa792d4e52971909c894 if chdir(conn->connectpath) succeeded, we wouldn't do the second chdir(). While at it, simplify the logging logic: if chdir() fails in this core function, just always log is as error including the unix token. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14256 RN: smbd does a chdir() twice per request Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Feb 6 11:44:07 UTC 2020 on sn-devel-184 (cherry picked from commit f705629a171c1411131164f3adff36175154c093)
* | smbd: flush pending writetime update when setting timestamps fileRalph Boehme2020-04-072-7/+22
| | | | | | | | | | | | | | | | | | | | Cf the explanations in the previous commits. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14150 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 7b90fe69a865ae8648b6548eabbcf2fa8237ebd8)
* | smbd: flush pending writetime update when flushing fileRalph Boehme2020-04-072-0/+14
| | | | | | | | | | | | | | | | | | | | Cf the explanations in the previous commit. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14150 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit d99d5bf2c6d0a818ef2f3920e0c93fac38761c36)
* | smbd: always flush pending write time update when setting filesizeRalph Boehme2020-04-071-0/+7
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We need to flush a pending write time update even when we're setting the filesize to current filesize. Note that we're already doing it this way in the relevant places listed my dochelp@MS in https://lists.samba.org/archive/cifs-protocol/2019-December/003364.html Cleanup (= Close) SetBasicInfo SetAllocationInfo SetEndOfFileInfo SetValidDataLengthInfo Flush FSCTL_SET_ENCRYPTION FSCTL_OFFLOAD_WRITE Cleanup (= Close): Already implemented by update_write_time_on_close() and friends. SetBasicInfo: Currently doesn't flush pending updates. Fixed by a subsequent commit. SetAllocationInfo: smb_set_file_allocation_info() when setting a file's allocation size. SetEndOfFileInfo: Currently doesn't flush pending updates. Fixed by a subsequent commit. SetValidDataLengthInfo: Not implemented, returns NT_STATUS_NOT_SUPPORTED which seems wrong btw, as SetValidDataLengthInfo IS listed in MS-SMB2 2.2.39. Flush: Currently doesn't flush pending updates. Fixed by subsequent commit. FSCTL_SET_ENCRYPTION: Windows 2016 doesn't flush a pending writetime update, verified with a smbtorture test. FSCTL_OFFLOAD_WRITE: NT_STATUS_NOT_IMPLEMENTED BUG: https://bugzilla.samba.org/show_bug.cgi?id=14150 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 79d7d6b9d01b8547f16b74a62926d0b471f18c39)
* s3/utils: Fix double free error with smbtreeNoel Power2020-04-031-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ==3632== WORKGROUP \\ATP \\ATP\IPC$ IPC Service () ==3632== Invalid read of size 8 ==3632== at 0x773C926: poptResetContext (in /usr/lib64/libpopt.so.0.0.0) ==3632== by 0x773E5DD: poptFreeContext (in /usr/lib64/libpopt.so.0.0.0) ==3632== by 0x10A8BC: main (smbtree.c:354) ==3632== Address 0x16085e00 is 640 bytes inside a block of size 784 free'd ==3632== at 0x4C2F1AD: free (vg_replace_malloc.c:530) ==3632== by 0x773E6F7: poptFreeContext (in /usr/lib64/libpopt.so.0.0.0) ==3632== by 0x10A84B: main (smbtree.c:342) ==3632== Block was alloc'd at ==3632== at 0x4C2FE45: calloc (vg_replace_malloc.c:711) ==3632== by 0x773C79A: poptGetContext (in /usr/lib64/libpopt.so.0.0.0) ==3632== by 0x10A829: main (smbtree.c:339) ==3632== BUG: https://bugzilla.samba.org/show_bug.cgi?id=14332 Signed-off-by: Noel Power <npower@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Noel Power <npower@samba.org> Autobuild-Date(master): Wed Apr 1 18:51:43 UTC 2020 on sn-devel-184 (cherry picked from commit 24b03fd28ed19cea8f875f96b3e300f808dfc4ae) Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-12-test): Fri Apr 3 12:24:36 UTC 2020 on sn-devel-184
* nmblib: avoid undefined behaviour in handle_name_ptrs()Douglas Bagnall2020-03-181-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | If *offset is length - 1, we would read ubuf[(*offset)+1] as the lower bits of the new *offset. This value is undefined, but because it is checked against the valid range, there is no way to read further beyond that one byte. Credit to oss-fuzz. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14242 OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20193 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Feb 7 10:19:39 UTC 2020 on sn-devel-184 (cherry picked from commit 3bc7acc62646b105b03fd3c65e9170a373f95392) Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-12-test): Wed Mar 18 12:26:06 UTC 2020 on sn-devel-184
* vfs_recycle: prevent flooding the log if we're called on non-existant pathsRalph Boehme2020-03-181-2/+2
| | | | | | | | | | | | | | vfs_recycle is assuming that any path passed to unlink must exist, otherwise it logs this error. Turn this into a DEBUG level message. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14316 See also: https://bugzilla.redhat.com/show_bug.cgi?id=1780802 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org> Autobuild-User(master): Isaac Boukris <iboukris@samba.org> Autobuild-Date(master): Mon Mar 9 14:15:06 UTC 2020 on sn-devel-184
* VFS: default: add support for FILE_ATTRIBUTE_OFFLINE to async dosmodeRalph Boehme2020-03-181-0/+29
| | | | | | | | | | | | | This had been missing in the initial async dosmode implementation. It's the responsibility of the sync and async dosmode functions to call vfswrap_is_offline() since the offline functionality has been converted from a first class VFS function to be a part of the DOS attributes VFS functions. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14293 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit a23f8d913fa8d77bab394aea9a8e7df2704e8b19)
* VFS: default: use correct type for pathlen in vfswrap_getxattrat_do_sync()Ralph Boehme2020-03-181-1/+1
| | | | | | | | | | full_path_tos() returns a ssize_t. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14293 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit ace296b97642d9160ea66db89dcd0f24a21dba4e)
* VFS: default: avoid a crash in vfswrap_getxattrat_do_sync()Ralph Boehme2020-03-181-1/+1
| | | | | | | | | | | Must use tevent_req_data() to get our tevent_req state, talloc_get_type_abort() will just crash as struct tevent_req != struct vfswrap_getxattrat_state. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14293 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit cbca811212a930b94f9917e5a82b6a95ab085e91)
View Lorry Controller Status