summaryrefslogtreecommitdiff
path: root/source3
Commit message (Collapse)AuthorAgeFilesLines
* CVE-2019-3880 s3: rpc: winreg: Remove implementations of SaveKey/RestoreKey.Jeremy Allison2019-04-051-88/+4
| | | | | | | | | | | | | | | | | | The were not using VFS backend calls and could only work locally, and were unsafe against symlink races and other security issues. If the incoming handle is valid, return WERR_BAD_PATHNAME. [MS-RRP] states "The format of the file name is implementation-specific" so ensure we don't allow this. As reported by Michael Hanselmann. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13851 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:lib: Fix the debug message for adding cache entries.Andreas Schneider2019-04-021-4/+4
| | | | | | | | | | | | To get correct values, we need to cast 'timeout' to 'long int' first in order to do calculation in that integer space! Calculations are don in the space of the lvalue! BUG: https://bugzilla.samba.org/show_bug.cgi?id=13848 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit 5822449a7340f53987ce4c04851652427f5b49e8)
* s3:waf: Fix the detection of makdev() macro on LinuxAndreas Schneider2019-03-281-0/+3
| | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13853 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit eace58b539a382c61edd7c2be6fdfab31114719f) Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-8-test): Thu Mar 28 17:42:25 UTC 2019 on sn-devel-144
* s3:client: Fix smbspool device uri handlingAndreas Schneider2019-03-261-24/+96
| | | | | | | | | | | | If we are executed as a CUPS backend, argv[0] is set to the device uri. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13832 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Bryan Mason <bmason@redhat.com> Signed-off-by: Guenther Deschner <gd@samba.org> (cherry picked from commit 69d7a496d3bf52eaa10e81132bb61430863fdd8a)
* s3:client: Make sure we work on a copy of the titleAndreas Schneider2019-03-261-4/+10
| | | | | | | | | | | We can't be sure we can write to the input buffer. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13832 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Bryan Mason <bmason@redhat.com> Signed-off-by: Guenther Deschner <gd@samba.org> (cherry picked from commit 129ae27946318a075e99c9e6d1bacf8963f72282)
* s3:client: Evaluate the AUTH_INFO_REQUIRED variable set by cupsAndreas Schneider2019-03-261-18/+24
| | | | | | | | | | | | This should not switch to username,password if cups has been configured to use negotiate (Kerberos authentication). BUG: https://bugzilla.samba.org/show_bug.cgi?id=13832 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Bryan Mason <bmason@redhat.com> Signed-off-by: Guenther Deschner <gd@samba.org> (cherry picked from commit 5274b09fbaa5e45cc58f3301818d4e9f6a402845)
* s3:client: Pass DEVICE_URI and AUTH_INFO_REQUIRED env to smbspoolAndreas Schneider2019-03-261-3/+21
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13832 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Bryan Mason <bmason@redhat.com> Signed-off-by: Guenther Deschner <gd@samba.org> (cherry picked from commit 43160184d254a57f87bb2adeba47f48d8539533a)
* s3:script: Fix jobid check in test_smbspool.shAndreas Schneider2019-03-261-2/+2
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13832 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Bryan Mason <bmason@redhat.com> Signed-off-by: Guenther Deschner <gd@samba.org> (cherry picked from commit fad5e4eaeb9202c1b63c42ea09254c17c473e33a)
* lib/winbind_util: Add winbind_xid_to_sid for --without-winbindChristof Schmitt2019-03-121-0/+7
| | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13813 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Mar 6 01:53:16 UTC 2019 on sn-devel-144 (cherry picked from commit 4125ff89e44a3e98882cfc38c06e559a6e1e56a5)
* lib/winbind_util: Move include out of ifdefChristof Schmitt2019-03-121-2/+2
| | | | | | | | | This fixes compile errors about missing prototypes with --picky-developer and --without-winbind Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 4b1e4c22128bdefe549a58b181e9b755854f4c3e)
* passdb: Update ABI to 0.27.2Christof Schmitt2019-03-122-1/+312
| | | | | | | | This change is for the backport only. The change in master increased the ABI version to 0.28.0 and removed some functions; this should not happen in a backport. Signed-off-by: Christof Schmitt <cs@samba.org>
* s3:passdb: add create_builtin_guests()Stefan Metzmacher2019-03-124-1/+363
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit c5874b9b68e0795e9dc23b04efa5959ac03ec8dc)
* passdb: Make [ug]id_to_sid use xid_to_sidVolker Lendecke2019-03-121-189/+12
| | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org> Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit 40de67f1fcc46b7a64a7364c91dcedb474826d51)
* passdb: Introduce xid_to_sidVolker Lendecke2019-03-122-0/+75
| | | | | | | | | | | | | | This explicitly avoids the legacy_[ug]id_to_sid calls, which create long-term cache entries to S-1-22-x-y if anthing fails. We can't do this, because this will turn temporary winbind communication failures into long-term problems: A short hickup in winbind_uid_to_sid will create a mapping to S-1-22-1-uid for a week. It should be up to the lower layers to do the caching. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org> Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit 92f27ebb14c0c18b1d0fd49544ad851aeb14781c)
* lib: Introduce winbind_xid_to_sidVolker Lendecke2019-03-122-0/+32
| | | | | | | | | | | | | This does not merge a winbind communication error into "global_sid_NULL" (S-1-0-0), which by the way non-intuitively does not go along with is_null_sid(). Instead, this just touches the output sid when winbind returned success. This success might well be a negative mapping indicated by S-0-0, which *is* is_null_sid()... Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org> Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit ef706a3e63b3e25edd27e0f99c3e2d8ff7209cb6)
* winbind: Use idmap_cache_find_xid2sidVolker Lendecke2019-03-121-13/+2
| | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org> Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit bc9824bd42d9370279819ea0d927e236f6041324)
* torture: Add tests for idmap cacheVolker Lendecke2019-03-125-0/+126
| | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org> Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit e5a903bab6eda8f7ff2a7c8149d51022d9d8aede)
* idmap_cache: Introduce idmap_cache_find_xid2sidVolker Lendecke2019-03-122-0/+38
| | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org> Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit bb8122dd8c53bb307819a79b7888cc0940a7c13b)
* winbind: Now we explicitly track if we got ids from cacheVolker Lendecke2019-03-121-4/+10
| | | | | | | | | This now properly makes us use negative cache entries Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org> Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit 95d33ca79cc315f1a2e41cd60859ef01d6548c77)
* winbind: Initialize "expired" parameter to idmap_cache_xid2sidVolker Lendecke2019-03-121-1/+1
| | | | | | | | | The code in idmap_cache only touches its output parameters upon success Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org> Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit 8c28c12702c0935a852c7fed6565987623f09fee)
* idmap_cache: Only touch "sid" on success in find_xid_to_sidVolker Lendecke2019-03-122-4/+3
| | | | | | | | | | | | | | Why? This makes the negative mapping condition (is_null_sid) more explicit in the code. The callers in lookup_sid initialized "psid" anyway before, and the ones in wb_xids2sids now do as well. This is more in line with other APIs we have: Only touch output parameters if you have something to say. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org> Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit 4faf3e9f6da7515fc263d79f77226d105c2f8524)
* lib: Make idmap_cache return negative mappingsVolker Lendecke2019-03-121-1/+6
| | | | | | | | | | Without this we'd query non-existent mappings over and over again. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org> Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit d9303e8eb90d48f09f2e2e8bdf01f4a7c3c21d11)
* vfs_ceph: remove ceph_fallocate/ceph_ftruncate fallbackDavid Disseldorp2019-03-051-94/+8
| | | | | | | | | | | | | | | Both libcephfs functions are supported and capable of extending files, so fallback can be dropped. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13807 Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> (cherry picked from commit 155f1289ba7a4802fbb99fbc9ea90d8bc6cff0c9) [ddiss@samba.org: rebase atop 48t without 532ff3a5b958] Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-8-test): Tue Mar 5 13:01:15 UTC 2019 on sn-devel-144
* vfs_ceph: fix strict_allocate_ftruncate()David Disseldorp2019-03-051-2/+4
| | | | | | | | | | | The vfs_ceph "strict allocate = yes" ftruncate wrapper may attempt *local* filesystem ftruncate(). Fix this. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13807 Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> (cherry picked from commit 70329c36ed91dd0e50ff66f9b0a85c62ac8a621e)
* vfs_ceph: add missing fallocate hookDavid Disseldorp2019-03-051-0/+17
| | | | | | | | | | | | SMB_VFS_FALLOCATE() calls atop a vfs_ceph share currently fall through to vfs_default, which results in a local filesystem I/O attempt using a libcephfs file-descriptor. Add the missing fallocate hook to vfs_ceph. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13807 Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> (cherry picked from commit 5a7e7280813559fb70a9fc8e4238cb6015ee3b53)
* s3: smbd: filenames - ensure we replace the missing '/' if we error in an ↵Jeremy Allison2019-03-051-0/+18
| | | | | | | | | | | | | | | | | intermediate POSIX path. Previous regression test ensures we still return the correct error code for POSIX pathname operations. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Mon Feb 25 09:33:27 CET 2019 on sn-devel-144 (cherry picked from commit 3f1a13a94a753c5cb3b9f2cf795df5adb0f74205)
* s3: torture: Add additional POSIX mkdir tests.Jeremy Allison2019-03-051-0/+102
| | | | | | | | | | | | | | | | | | Ensure that if POSIX_foo exists as a file we return the correct error code NT_STATUS_OBJECT_PATH_NOT_FOUND if we try and traverse it as a directory. Also ensure creation/deletion of POSIX_foo/foo fails for directories and files with NT_STATUS_OBJECT_PATH_NOT_FOUND if the directory POSIX_foo/ doesn't exist. knownfail is back :-). BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit 632d0db8c42d50f5eecd002d9573f739cd945960)
* smbd: unix_convert: Ensure we don't call get_real_filename on POSIX paths.Jeremy Allison2019-03-051-0/+25
| | | | | | | | | | | | | | | | | | | For posix_pathnames don't blunder into the name_has_wildcard OR get_real_filename() codepaths as they may be doing case insensitive lookups. So when creating a new POSIX directory 'Foo' they might match on name 'foo'. Remove POSIX-MKDIR from knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Sun Feb 24 14:04:14 CET 2019 on sn-devel-144 (cherry picked from commit 12da33e2bbce657f25abe9bc4cb936ca4615b30f)
* smbd: SMB1-POSIX: Add missing info-level SMB_POSIX_PATH_OPEN for ↵Jeremy Allison2019-03-051-0/+1
| | | | | | | | | | UCF_UNIX_NAME_LOOKUP flag. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit 980db8debde68f9edce13fc01bc45a904379cffd)
* s3: smbtorture3: Add POSIX-MKDIR test for posix_mkdir case sensitive bug.Jeremy Allison2019-03-052-1/+101
| | | | | | | | | | | | | | | | | | | | | | | Test does: mkdir POSIX_foo mkdir POSIX_Foo mkdir POSIX_foo/Foo mkdir POSIX_foo/foo mkdir POSIX_Foo/Foo mkdir POSIX_Foo/foo Which should pass a SMB1 POSIX extensions server as posix mkdir should always be case sensitive no matter what the share is set to. Mark as knownfail for now. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit f0decb31fff24ceb57d23bebbfb87aa0e5103947)
* winbindd: set idmap cache entries as the last step in async wb_xids2sidsRalph Boehme2019-03-051-11/+22
| | | | | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Sat Feb 23 09:23:22 CET 2019 on sn-devel-144 (cherry picked from commit 9b9565c3e69b92c298c7168e516387bb249c9e36)
* winbindd: track whether a result from xid2sid was coming from the cacheRalph Boehme2019-03-051-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is needed in preparation of moving the step to update the idmap cache from the per-idmap-domain callback wb_xids2sids_dom_done() to the top-level callback wb_xids2sids_done(). Currently the sequence of action is: * check cache, if not found: * ask backends * cache result from backend * return results Iow, if we got something from the cache, we don't write the cache. The next commit defers updating the cache to the top-level callback, so the sequence becomes * check cache, if not found: * ask backends * cache results * return results This has two problems: * it needlessly writes to the cache what we just got from it * it possibly overwrites the ID_TYPE_BOTH for a SID-to-xid mapping in the following case: - existing ID_TYPE_BOTH mapping in the cache, eg: IDMAP/SID2XID/S-1-5-21-2180672342-2513613279-2566592647-512 -> Value: 3000000:B - someone calls wb_xids2sids_send() with xid.id=3000000,xid.type=ID_TYPE_GID - cache lookup with idmap_cache_find_gid2sid() succeeds - when caching results we'd call idmap_cache_set_sid2unixid() with the callers xid.type=ID_TYPE_GID, so idmap_cache_set_sid2unixid() will overwrite the SID-to-xid mapping with ID_TYPE_GID Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit 62f54229fced20102e11ad1da02faef45c2a7c2e)
* winbindd: switch send-next/done orderRalph Boehme2019-03-051-9/+13
| | | | | | | | | | | In preparation of adding more logic to the done step. No change in behaviour. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit 8e9c2a1f6ceb06d695a6572701b96a3e3821ac42)
* winbindd: update xid in wb_xids2sids_state->xids with what we gotRalph Boehme2019-03-051-0/+1
| | | | | | | | | | | | In preparation of priming the idmap cache in the top-level wb_xids2sids_done(), not in the per-idmap-domain callback wb_xids2sids_dom_done(). Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit 7f23ef7b2cf7bd6e8dc087aa15137292b421a689)
* winbindd: convert id to a pointer in wb_xids2sids_dom_done()Ralph Boehme2019-03-051-2/+2
| | | | | | | | | | No change in behaviour. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit f8bf4fc608639695651f75c52b31f95e796a5a26)
* winbindd: make xids a const argument to wb_xids2sids_send()Ralph Boehme2019-03-052-2/+2
| | | | | | | | | | | | The previous commit made an internal copy of xids, this commit makes it more obvious that we must not mess with the xids argument but treat it as an in-parameter and don't write to it. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit 5d277ea7ea258676b9ea5081a451a5874af115f6)
* winbindd: make a copy of xid's in wb_xids2sids_send()Ralph Boehme2019-03-051-1/+6
| | | | | | | | | | | | | | | | | | | | This is in preparation of setting the result of the mapping in the top- level callback wb_xids2sids_done(), not in the per-idmap-domain callback wb_xids2sids_dom_done(). When caching the mapping we need the id-type from the backend, so we need a way to pass up that information from wb_xids2sids_dom_done() up to wb_xids2sids_done() The xids array copy gets passed from wb_xids2sids_send() to wb_xids2sids_dom_send(), so wb_xids2sids_dom_done() can then directly update the top-level copy. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit f5a8bc2f945be45cdade5f70d4f975bae8337f67)
* messages_dgm: Properly handle receiver re-initializationVolker Lendecke2019-03-051-0/+16
| | | | | | | | | | | | | | | | | | | | | | This only properly covers the small-message nonblocking case. Covering the large-message and the blocking case is a much larger effort assuming we want to re-send the failed message if parts of the message has gone through properly. Don't do that for now. This was found by sanba_dnsupdate constantly recreating its irpc handle to winbindd in the RODC case. The messaging_dgm code cached connected datagram sockets based on the destination pid for 1 second. Which means the IRPC responses from winbindd are never delivered to samba_dnsupdate, which will then hit a timeout. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13786 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 2543bba0364d8054e9ad316f5611621841bc061d)
* torture3: Extend read3 for the "messaging target re-inits" failureVolker Lendecke2019-03-051-20/+24
| | | | | | | | | | | Do ping_pong a hundred times, re-initializing the msg_ctx every time. https://bugzilla.samba.org/show_bug.cgi?id=13786 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 8d8f62c4b9dea381ce9f5833bc794553ae358173)
* messages_dgm: Use saved errno valueVolker Lendecke2019-03-051-1/+1
| | | | | | | | | | | | | In this case this is just a cleanup, the value has just been set by messaging_dgm_sendmsg. But as that already saves errno into a local variable, use that. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13786 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit c27afc098398274abaed6dc9bef2019091c1b635)
* notifyd: Fix SIGBUS on sparcJiří Šašek2019-03-051-2/+9
| | | | | | | | | | Problem is the structure "struct notify_instance" can lay in message buffer on address not dividable by 8 but this structure begins by uint_64 (secs in time-stamp). Structure should be re-packed to standalone buffer before the use. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13704 Signed-off-by: jiri.sasek@oracle.com Reviewed-by: Volker Lendecke <vl@samba.org>
* waf: Check for libnscdChristof Schmitt2019-02-212-0/+4
| | | | | | | | | | | | | | | | | | | The check was in the old autoconf, but not in waf. As the code is still in source3/lib/util_nscd.c, add the check for libnscd to allow building and using the code. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13787 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Wed Feb 13 17:58:33 CET 2019 on sn-devel-144 (cherry picked from commit 3a793497796395ffa3efda5807bdb1ca8e09e35b) Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-8-test): Thu Feb 21 17:42:07 CET 2019 on sn-devel-144
* tldap: avoid more use after free errorsRalph Boehme2019-02-211-2/+0
| | | | | | | | | | | | | | See the previous commit for an explanation. :) Bug: https://bugzilla.samba.org/show_bug.cgi?id=13776 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Wed Feb 6 10:19:12 CET 2019 on sn-devel-144 (cherry picked from commit bf91ee0a9727cc392583fe84ad069204be758515)
* tldap: avoid a use after free crashRalph Boehme2019-02-211-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I saw the following crash in tldap in the winbindd idmap child on a member server after messing with the LDAP server on the DC: 0 0x00007f77ea9a307a in __GI___waitpid (pid=9815, stat_loc=stat_loc@entry=0x7ffe77569eb0, options=options@entry=0) at ../sysdeps/unix/sysv/linux/waitpid.c:29 1 0x00007f77ea91bfbb in do_system (line=<optimized out>) at ../sysdeps/posix/system.c:148 2 0x00007f77edd8c24b in smb_panic_s3 (why=0x7f77f08e6e88 "Bad talloc magic value - access after free") at ../source3/lib/util.c:828 3 0x00007f77f15afe85 in smb_panic (why=0x7f77f08e6e88 "Bad talloc magic value - access after free") at ../lib/util/fault.c:170 4 0x00007f77f08e2678 in talloc_abort (reason=0x7f77f08e6e88 "Bad talloc magic value - access after free") at ../lib/talloc/talloc.c:472 5 0x00007f77f08e268b in talloc_abort_access_after_free () at ../lib/talloc/talloc.c:477 6 0x00007f77f08e2710 in talloc_chunk_from_ptr (ptr=0x55da7605a020) at ../lib/talloc/talloc.c:494 7 0x00007f77f08e4a19 in _talloc_free (ptr=0x55da7605a020, location=0x7f77e181474d "../source3/lib/tldap.c:1918") at ../lib/talloc/talloc.c:1716 8 0x00007f77e180b65c in tldap_search_all_done (subreq=0x55da7605a020) at ../source3/lib/tldap.c:1918 9 0x00007f77f0af0fd0 in _tevent_req_notify_callback (req=0x55da7605a020, location=0x7f77e1813e50 "../source3/lib/tldap.c:47") at ../lib/tevent/tevent_req.c:125 10 0x00007f77f0af10a5 in tevent_req_finish (req=0x55da7605a020, state=TEVENT_REQ_USER_ERROR, location=0x7f77e1813e50 "../source3/lib/tldap.c:47") at ../lib/tevent/tevent_req.c:162 11 0x00007f77f0af1113 in _tevent_req_error (req=0x55da7605a020, error=9780923860630110289, location=0x7f77e1813e50 "../source3/lib/tldap.c:47") at ../lib/tevent/tevent_req.c:180 12 0x00007f77e180781a in tevent_req_ldap_error (req=0x55da7605a020, rc=...) at ../source3/lib/tldap.c:47 13 0x00007f77e180b2c4 in tldap_search_done (subreq=0x55da76058280) at ../source3/lib/tldap.c:1813 14 0x00007f77f0af0fd0 in _tevent_req_notify_callback (req=0x55da76058280, location=0x7f77e1813e50 "../source3/lib/tldap.c:47") at ../lib/tevent/tevent_req.c:125 15 0x00007f77f0af10a5 in tevent_req_finish (req=0x55da76058280, state=TEVENT_REQ_USER_ERROR, location=0x7f77e1813e50 "../source3/lib/tldap.c:47") at ../lib/tevent/tevent_req.c:162 16 0x00007f77f0af11cd in tevent_req_trigger (ev=0x55da760526c0, im=0x55da76058360, private_data=0x55da76058280) at ../lib/tevent/tevent_req.c:219 17 0x00007f77f0af0378 in tevent_common_loop_immediate (ev=0x55da760526c0) at ../lib/tevent/tevent_immediate.c:135 18 0x00007f77f0af8b8f in epoll_event_loop_once (ev=0x55da760526c0, location=0x7f77f0af92b0 "../lib/tevent/tevent_req.c:269") at ../lib/tevent/tevent_epoll.c:911 19 0x00007f77f0af5925 in std_event_loop_once (ev=0x55da760526c0, location=0x7f77f0af92b0 "../lib/tevent/tevent_req.c:269") at ../lib/tevent/tevent_standard.c:114 20 0x00007f77f0aef201 in _tevent_loop_once (ev=0x55da760526c0, location=0x7f77f0af92b0 "../lib/tevent/tevent_req.c:269") at ../lib/tevent/tevent.c:725 21 0x00007f77f0af1361 in tevent_req_poll (req=0x55da7605eed0, ev=0x55da760526c0) at ../lib/tevent/tevent_req.c:269 22 0x00007f77e180fec9 in tldap_gensec_bind (ctx=0x55da76051ec0, creds=0x55da76052250, target_service=0x7f77e18164b3 "ldap", target_hostname=0x55da7605d182 "dc1.sdom1.site", target_principal=0x0, lp_ctx=0x55da76052180, gensec_features=6) at ../source3/lib/tldap_gensec_bind.c:358 23 0x00007f77e1810d21 in idmap_ad_get_tldap_ctx (mem_ctx=0x55da76050510, domname=0x55da76051d50 "sdom1", pld=0x55da76050518) at ../source3/winbindd/idmap_ad.c:326 24 0x00007f77e1811056 in idmap_ad_context_create (mem_ctx=0x55da76059c00, dom=0x55da76059c00, domname=0x55da76051d50 "sdom1", pctx=0x7ffe7756a5f8) at ../source3/winbindd/idmap_ad.c:374 25 0x00007f77e18119c0 in idmap_ad_get_context (dom=0x55da76059c00, pctx=0x7ffe7756a640) at ../source3/winbindd/idmap_ad.c:554 26 0x00007f77e181275b in idmap_ad_sids_to_unixids (dom=0x55da76059c00, ids=0x55da760518a0) at ../source3/winbindd/idmap_ad.c:784 27 0x00007f77e1813217 in idmap_ad_sids_to_unixids_retry (dom=0x55da76059c00, ids=0x55da760518a0) at ../source3/winbindd/idmap_ad.c:947 28 0x000055da7459ce05 in _wbint_Sids2UnixIDs (p=0x7ffe7756a870, r=0x55da76050860) at ../source3/winbindd/winbindd_dual_srv.c:202 29 0x000055da7460aa5e in api_wbint_Sids2UnixIDs (p=0x7ffe7756a870) at default/librpc/gen_ndr/srv_winbind.c:391 30 0x000055da7459c7f4 in winbindd_dual_ndrcmd (domain=0x0, state=0x7ffe7756abb8) at ../source3/winbindd/winbindd_dual_ndr.c:369 31 0x000055da7459828c in child_process_request (child=0x55da74874bc0 <static_idmap_child>, state=0x7ffe7756abb8) at ../source3/winbindd/winbindd_dual.c:666 32 0x000055da7459ae58 in child_handler (ev=0x55da7602c2b0, fde=0x55da7603f8a0, flags=1, private_data=0x7ffe7756abb0) at ../source3/winbindd/winbindd_dual.c:1567 33 0x00007f77f0af85f1 in epoll_event_loop (epoll_ev=0x55da76048b00, tvalp=0x7ffe7756aab0) at ../lib/tevent/tevent_epoll.c:728 34 0x00007f77f0af8c29 in epoll_event_loop_once (ev=0x55da7602c2b0, location=0x55da74628b08 "../source3/winbindd/winbindd_dual.c:1766") at ../lib/tevent/tevent_epoll.c:930 35 0x00007f77f0af5925 in std_event_loop_once (ev=0x55da7602c2b0, location=0x55da74628b08 "../source3/winbindd/winbindd_dual.c:1766") at ../lib/tevent/tevent_standard.c:114 36 0x00007f77f0aef201 in _tevent_loop_once (ev=0x55da7602c2b0, location=0x55da74628b08 "../source3/winbindd/winbindd_dual.c:1766") at ../lib/tevent/tevent.c:725 37 0x000055da7459b9e9 in fork_domain_child (child=0x55da74874bc0 <static_idmap_child>) at ../source3/winbindd/winbindd_dual.c:1766 38 0x000055da74596e96 in wb_child_request_waited (subreq=0x0) at ../source3/winbindd/winbindd_dual.c:188 39 0x00007f77f0af0fd0 in _tevent_req_notify_callback (req=0x55da7604f820, location=0x7f77f0af90f8 "../lib/tevent/tevent_queue.c:355") at ../lib/tevent/tevent_req.c:125 40 0x00007f77f0af10a5 in tevent_req_finish (req=0x55da7604f820, state=TEVENT_REQ_DONE, location=0x7f77f0af90f8 "../lib/tevent/tevent_queue.c:355") at ../lib/tevent/tevent_req.c:162 41 0x00007f77f0af10cd in _tevent_req_done (req=0x55da7604f820, location=0x7f77f0af90f8 "../lib/tevent/tevent_queue.c:355") at ../lib/tevent/tevent_req.c:168 42 0x00007f77f0af0cc1 in tevent_queue_wait_trigger (req=0x55da7604f820, private_data=0x0) at ../lib/tevent/tevent_queue.c:355 43 0x00007f77f0af06f2 in tevent_queue_immediate_trigger (ev=0x55da7602c2b0, im=0x55da760466a0, private_data=0x55da76046580) at ../lib/tevent/tevent_queue.c:149 44 0x00007f77f0af0378 in tevent_common_loop_immediate (ev=0x55da7602c2b0) at ../lib/tevent/tevent_immediate.c:135 45 0x00007f77f0af8b8f in epoll_event_loop_once (ev=0x55da7602c2b0, location=0x55da74612630 "../source3/winbindd/winbindd.c:1803") at ../lib/tevent/tevent_epoll.c:911 46 0x00007f77f0af5925 in std_event_loop_once (ev=0x55da7602c2b0, location=0x55da74612630 "../source3/winbindd/winbindd.c:1803") at ../lib/tevent/tevent_standard.c:114 47 0x00007f77f0aef201 in _tevent_loop_once (ev=0x55da7602c2b0, location=0x55da74612630 "../source3/winbindd/winbindd.c:1803") at ../lib/tevent/tevent.c:725 48 0x000055da74561431 in main (argc=2, argv=0x7ffe7756c968) at ../source3/winbindd/winbindd.c:1803 subreq is a child of the state of req which will already be free by the callback of req. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13776 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit 9465292d4109f710f8fcd141a076f5c8278577bc)
* s3:vfs: Correctly check if OFD locks should be enabled or notAndreas Schneider2019-02-214-16/+16
| | | | | | | | | | | | | | | Also the smb.conf options should only be checked once and a reload of the config should not switch to a different locking mode. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13770 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Feb 9 03:43:50 CET 2019 on sn-devel-144 (cherry picked from commit 7ff94b18e2e39567ef7a208084cc5c914c39d3bd)
* s3:vfs: Initialize pid to 0 in test_netatalk_lock()Andreas Schneider2019-02-211-1/+1
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13770 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 2ff2594b2bd878928cec30bc72a95a6d38bee154)
* s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility code.Jeremy Allison2019-02-211-106/+96
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This exhibited itself as a problem with OFD locks reported as: BUG: https://bugzilla.samba.org/show_bug.cgi?id=13770 However, due to underlying bugs in the vfs_fruit code the file locks were not being properly applied. There are two problems in fruit_check_access(). Problem #1: Inside fruit_check_access() we have: flags = fcntl(fsp->fh->fd, F_GETFL); .. if (flags & (O_RDONLY|O_RDWR)) { We shouldn't be calling fcntl(fsp->fh->fd, ..) directly. fsp->fh->fd may be a made up number from an underlying VFS module that has no meaning to a system call. Secondly, in all POSIX systems - O_RDONLY is defined as *zero*. O_RDWR = 2. Which means flags & (O_RDONLY|O_RDWR) becomes (flags & 2), not what we actually thought. Problem #2: deny_mode is *not* a bitmask, it's a set of discrete values. Inside fruit_check_access() we have: if (deny_mode & DENY_READ) and also (deny_mode & DENY_WRITE) However, deny modes are defined as: /* deny modes */ define DENY_DOS 0 define DENY_ALL 1 define DENY_WRITE 2 define DENY_READ 3 define DENY_NONE 4 define DENY_FCB 7 so if deny_mode = DENY_WRITE, or if deny_mode = DENY_READ then it's going to trigger both the if (deny_mode & DENY_READ) *and* the (deny_mode & DENY_WRITE) conditions. These problems allowed the original test test_netatalk_lock code to pass (which was added for BUG: https://bugzilla.samba.org/show_bug.cgi?id=13584 to demonstrate the lock order violation). This patch refactors the fruit_check_access() code to be much simpler (IMHO) to understand. Firstly, pass in the SMB1/2 share mode, not old DOS deny modes. Secondly, read all the possible NetAtalk locks into local variables: netatalk_already_open_for_reading netatalk_already_open_with_deny_read netatalk_already_open_for_writing netatalk_already_open_with_deny_write Then do the share mode/access mode checks with the requested values against any stored netatalk modes/access modes. Finally add in NetATalk compatible locks that represent our share modes/access modes into the file, with an early return if we don't have FILE_READ_DATA (in which case we can't write locks anyway). The patch is easier to understand by looking at the completed patched fruit_check_access() function, rather than trying to look at the diff. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Böhme <slow@samba.org> (cherry picked from commit 3204dc66f6801a7c8c87c48f601e0ebdee9e3d40)
* smbd: uid: Don't crash if 'force group' is added to an existing share ↵Jeremy Allison2019-02-211-2/+33
| | | | | | | | | | | | | | | | | | | | | | connection. smbd could crash if "force group" is added to a share definition whilst an existing connection to that share exists. In that case, don't change the existing credentials for force group, only do so for new connections. Remove knownfail from regression test. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13690 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Fri Jan 25 16:31:27 CET 2019 on sn-devel-144 (cherry picked from commit e37f9956c1f2416408bad048a4618f6366086b6a)
* s3: tests: Add regression test for smbd crash on share force group change ↵Jeremy Allison2019-02-212-0/+76
| | | | | | | | | | | | with existing connection. Mark as known fail for now. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13690 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 7b21b4c1f538650f23ec77fb3c02fe1e224d89aa)
* printing: check lp_load_printers() prior to pcap cache updateDavid Disseldorp2019-02-212-1/+6
| | | | | | | | | | | | | | Avoid explicit and housekeeping timer triggered printcap cache updates if lp_load_printers() is disabled. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13766 Signed-off-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): Noel Power <npower@samba.org> Autobuild-Date(master): Fri Feb 1 19:25:03 CET 2019 on sn-devel-144 (cherry picked from commit 6a77237c50dd258521f356af0b5dc9942dd5592e)
View Lorry Controller Status