[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Tue Oct 25 03:34:03 UTC 2016
The branch, master has been updated
via 7594165 s3:smbd: only pass UCF_PREP_CREATEFILE to filename_convert() if we may create a new file
via 3f82db5 smbd: in ntlm auth, do not map empty domain in case of \user at realm
via 8e88b56 winbindd: do not modify credentials in NTLM passthrough
via 6e4c66e selftest: test NTLM user at realm authentication
from 1366385 s3: vfs: streams_depot. Use conn->connectpath not conn->cwd.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 759416582c54a16aacbef0e0dfe4649bddff8c5e
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Oct 13 12:42:59 2016 +0200
s3:smbd: only pass UCF_PREP_CREATEFILE to filename_convert() if we may create a new file
This fixes a regression introduced by commit
f98d10af2a05f0261611f4cabdfe274cd9fe91c0
(smbd: Always use UCF_PREP_CREATEFILE for filename_convert calls to resolve a path for open)
The main problem was that Windows client seem to verify
the access to user.V2\ntuser.ini is rejected with NT_STATUS_ACCESS_DENIED,
using the machine credentials.
Passing UCF_PREP_CREATEFILE to filename_convert() triggers a code path
that implements a dropbox behaviour. A dropbox is a directory with only -wx permissions,
so get_real_filename fails with EACCESS, it needs to list the directory.
EACCESS is ignored with UCF_PREP_CREATEFILE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10297
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Oct 25 05:33:36 CEST 2016 on sn-devel-144
commit 3f82db56cbf2727abd465e28ac02ad2242b47c29
Author: Uri Simchoni <uri at samba.org>
Date: Sat Oct 22 22:47:08 2016 +0300
smbd: in ntlm auth, do not map empty domain in case of \user at realm
When mapping user and domain during NTLM authentication, an empty domain
is mapped to the local SAM db. However, an empty domain may legitimately
be used if the user field has both user and domain in upn at realm format.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12375
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 8e88b56ebc314a5e3a722d63ca23b4a49b7ac2dc
Author: Uri Simchoni <uri at samba.org>
Date: Sat Oct 22 22:40:26 2016 +0300
winbindd: do not modify credentials in NTLM passthrough
When doing NTLM validation of credentials, do not modify the
credentials - they might be used in the calculation of
the response.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12375
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 6e4c66e339d2eb11c5cb981aac2e20fcff464025
Author: Uri Simchoni <uri at samba.org>
Date: Sat Oct 22 13:33:42 2016 +0300
selftest: test NTLM user at realm authentication
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/auth/auth_util.c | 10 +++++---
source3/selftest/tests.py | 1 +
source3/smbd/filename.c | 23 +++++++++++++++++++
source3/smbd/nttrans.c | 8 +++----
source3/smbd/proto.h | 1 +
source3/smbd/reply.c | 38 ++++++++++++++++---------------
source3/smbd/smb2_create.c | 10 ++++----
source3/winbindd/winbindd_pam_auth_crap.c | 11 ++++-----
8 files changed, 67 insertions(+), 35 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 5473fa2..2da2896 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -107,6 +107,11 @@ NTSTATUS make_user_info_map(TALLOC_CTX *mem_ctx,
NTSTATUS result;
bool was_mapped;
char *internal_username = NULL;
+ bool upn_form = false;
+
+ if (client_domain[0] == '\0' && strchr(smb_name, '@')) {
+ upn_form = true;
+ }
was_mapped = map_username(talloc_tos(), smb_name, &internal_username);
if (!internal_username) {
@@ -126,10 +131,9 @@ NTSTATUS make_user_info_map(TALLOC_CTX *mem_ctx,
* non-domain member box will also map to WORKSTATION\user.
* This also deals with the client passing in a "" domain */
- if (!is_trusted_domain(domain) &&
+ if (!upn_form && !is_trusted_domain(domain) &&
!strequal(domain, my_sam_name()) &&
- !strequal(domain, get_global_sam_name()))
- {
+ !strequal(domain, get_global_sam_name())) {
if (lp_map_untrusted_to_domain())
domain = my_sam_name();
else
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index ff61714..eaaeff1 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -345,6 +345,7 @@ for t in tests:
plansmbtorture4testsuite(t, env, '//$SERVER/tmp -U$DC_USERNAME@$REALM%$DC_PASSWORD --option=torture:addc=$DC_SERVER')
plansmbtorture4testsuite(t, env, '//$SERVER/tmp -k yes -U$DC_USERNAME@$REALM%$DC_PASSWORD --option=torture:addc=$DC_SERVER', description='kerberos connection')
plansmbtorture4testsuite(t, env, '//$SERVER/tmpguest -U% --option=torture:addc=$DC_SERVER', description='anonymous connection')
+ plansmbtorture4testsuite(t, env, '//$SERVER/tmp -k no -U$DC_USERNAME@$REALM%$DC_PASSWORD', description='ntlm user at realm')
elif t == "raw.samba3posixtimedlock":
plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmpguest -U$USERNAME%$PASSWORD --option=torture:localdir=$SELFTEST_PREFIX/nt4_dc/share')
plansmbtorture4testsuite(t, "ad_dc", '//$SERVER_IP/tmpguest -U$USERNAME%$PASSWORD --option=torture:localdir=$SELFTEST_PREFIX/ad_dc/share')
diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
index 7062060..a8cfb55 100644
--- a/source3/smbd/filename.c
+++ b/source3/smbd/filename.c
@@ -30,6 +30,29 @@
#include "smbd/smbd.h"
#include "smbd/globals.h"
+uint32_t filename_create_ucf_flags(struct smb_request *req, uint32_t create_disposition)
+{
+ uint32_t ucf_flags = 0;
+
+ if (req != NULL && req->posix_pathnames) {
+ ucf_flags |= UCF_POSIX_PATHNAMES;
+ }
+
+ switch (create_disposition) {
+ case FILE_OPEN:
+ case FILE_OVERWRITE:
+ break;
+ case FILE_SUPERSEDE:
+ case FILE_CREATE:
+ case FILE_OPEN_IF:
+ case FILE_OVERWRITE_IF:
+ ucf_flags |= UCF_PREP_CREATEFILE;
+ break;
+ }
+
+ return ucf_flags;
+}
+
static NTSTATUS build_stream_path(TALLOC_CTX *mem_ctx,
connection_struct *conn,
struct smb_filename *smb_fname);
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 05f3cae..5f122a9 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -461,8 +461,7 @@ void reply_ntcreate_and_X(struct smb_request *req)
int oplock_request;
uint8_t oplock_granted = NO_OPLOCK_RETURN;
struct case_semantics_state *case_state = NULL;
- uint32_t ucf_flags = UCF_PREP_CREATEFILE |
- (req->posix_pathnames ? UCF_POSIX_PATHNAMES : 0);
+ uint32_t ucf_flags;
TALLOC_CTX *ctx = talloc_tos();
START_PROFILE(SMBntcreateX);
@@ -536,6 +535,7 @@ void reply_ntcreate_and_X(struct smb_request *req)
}
}
+ ucf_flags = filename_create_ucf_flags(req, create_disposition);
status = filename_convert(ctx,
conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
@@ -1024,8 +1024,7 @@ static void call_nt_transact_create(connection_struct *conn,
int oplock_request;
uint8_t oplock_granted;
struct case_semantics_state *case_state = NULL;
- uint32_t ucf_flags = UCF_PREP_CREATEFILE |
- (req->posix_pathnames ? UCF_POSIX_PATHNAMES : 0);
+ uint32_t ucf_flags;
TALLOC_CTX *ctx = talloc_tos();
DEBUG(5,("call_nt_transact_create\n"));
@@ -1106,6 +1105,7 @@ static void call_nt_transact_create(connection_struct *conn,
}
}
+ ucf_flags = filename_create_ucf_flags(req, create_disposition);
status = filename_convert(ctx,
conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
index fb30a9e..352d28c 100644
--- a/source3/smbd/proto.h
+++ b/source3/smbd/proto.h
@@ -339,6 +339,7 @@ int fsp_stat(files_struct *fsp);
/* The following definitions come from smbd/filename.c */
+uint32_t filename_create_ucf_flags(struct smb_request *req, uint32_t create_disposition);
NTSTATUS unix_convert(TALLOC_CTX *ctx,
connection_struct *conn,
const char *orig_path,
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 4f1ecb1..0aec433 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -2111,8 +2111,7 @@ void reply_open(struct smb_request *req)
uint32_t create_options = 0;
uint32_t private_flags = 0;
NTSTATUS status;
- uint32_t ucf_flags = UCF_PREP_CREATEFILE |
- (req->posix_pathnames ? UCF_POSIX_PATHNAMES : 0);
+ uint32_t ucf_flags;
TALLOC_CTX *ctx = talloc_tos();
START_PROFILE(SMBopen);
@@ -2141,6 +2140,8 @@ void reply_open(struct smb_request *req)
goto out;
}
+ ucf_flags = filename_create_ucf_flags(req, create_disposition);
+
status = filename_convert(ctx,
conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
@@ -2265,8 +2266,7 @@ void reply_open_and_X(struct smb_request *req)
uint32_t create_disposition;
uint32_t create_options = 0;
uint32_t private_flags = 0;
- uint32_t ucf_flags = UCF_PREP_CREATEFILE |
- (req->posix_pathnames ? UCF_POSIX_PATHNAMES : 0);
+ uint32_t ucf_flags;
TALLOC_CTX *ctx = talloc_tos();
START_PROFILE(SMBopenX);
@@ -2313,6 +2313,8 @@ void reply_open_and_X(struct smb_request *req)
goto out;
}
+ ucf_flags = filename_create_ucf_flags(req, create_disposition);
+
status = filename_convert(ctx,
conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
@@ -2525,8 +2527,7 @@ void reply_mknew(struct smb_request *req)
uint32_t share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
uint32_t create_disposition;
uint32_t create_options = 0;
- uint32_t ucf_flags = UCF_PREP_CREATEFILE |
- (req->posix_pathnames ? UCF_POSIX_PATHNAMES : 0);
+ uint32_t ucf_flags;
TALLOC_CTX *ctx = talloc_tos();
START_PROFILE(SMBcreate);
@@ -2540,6 +2541,14 @@ void reply_mknew(struct smb_request *req)
fattr = SVAL(req->vwv+0, 0);
oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
+ if (req->cmd == SMBmknew) {
+ /* We should fail if file exists. */
+ create_disposition = FILE_CREATE;
+ } else {
+ /* Create if file doesn't exist, truncate if it does. */
+ create_disposition = FILE_OVERWRITE_IF;
+ }
+
/* mtime. */
ft.mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+1));
@@ -2550,6 +2559,7 @@ void reply_mknew(struct smb_request *req)
goto out;
}
+ ucf_flags = filename_create_ucf_flags(req, create_disposition);
status = filename_convert(ctx,
conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
@@ -2574,14 +2584,6 @@ void reply_mknew(struct smb_request *req)
smb_fname_str_dbg(smb_fname)));
}
- if(req->cmd == SMBmknew) {
- /* We should fail if file exists. */
- create_disposition = FILE_CREATE;
- } else {
- /* Create if file doesn't exist, truncate if it does. */
- create_disposition = FILE_OVERWRITE_IF;
- }
-
status = SMB_VFS_CREATE_FILE(
conn, /* conn */
req, /* req */
@@ -2658,8 +2660,7 @@ void reply_ctemp(struct smb_request *req)
char *s;
NTSTATUS status;
int i;
- uint32_t ucf_flags = UCF_PREP_CREATEFILE |
- (req->posix_pathnames ? UCF_POSIX_PATHNAMES : 0);
+ uint32_t ucf_flags;
TALLOC_CTX *ctx = talloc_tos();
START_PROFILE(SMBctemp);
@@ -2696,6 +2697,7 @@ void reply_ctemp(struct smb_request *req)
goto out;
}
+ ucf_flags = filename_create_ucf_flags(req, FILE_CREATE);
status = filename_convert(ctx, conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
fname,
@@ -6133,8 +6135,7 @@ void reply_mkdir(struct smb_request *req)
struct smb_filename *smb_dname = NULL;
char *directory = NULL;
NTSTATUS status;
- uint32_t ucf_flags = UCF_PREP_CREATEFILE |
- (req->posix_pathnames ? UCF_POSIX_PATHNAMES : 0);
+ uint32_t ucf_flags;
TALLOC_CTX *ctx = talloc_tos();
START_PROFILE(SMBmkdir);
@@ -6146,6 +6147,7 @@ void reply_mkdir(struct smb_request *req)
goto out;
}
+ ucf_flags = filename_create_ucf_flags(req, FILE_CREATE);
status = filename_convert(ctx, conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
directory,
diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c
index 75da8a1..8211991 100644
--- a/source3/smbd/smb2_create.c
+++ b/source3/smbd/smb2_create.c
@@ -374,12 +374,12 @@ static bool smb2_lease_key_valid(const struct smb2_lease_key *key)
return ((key->data[0] != 0) || (key->data[1] != 0));
}
-static NTSTATUS smbd_smb2_create_durable_lease_check(
+static NTSTATUS smbd_smb2_create_durable_lease_check(struct smb_request *smb1req,
const char *requested_filename, const struct files_struct *fsp,
const struct smb2_lease *lease_ptr)
{
struct smb_filename *smb_fname = NULL;
- uint32_t ucf_flags = UCF_PREP_CREATEFILE;
+ uint32_t ucf_flags;
NTSTATUS status;
if (lease_ptr == NULL) {
@@ -404,6 +404,7 @@ static NTSTATUS smbd_smb2_create_durable_lease_check(
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
+ ucf_flags = filename_create_ucf_flags(smb1req, FILE_OPEN);
status = filename_convert(talloc_tos(), fsp->conn, false,
requested_filename, ucf_flags,
NULL, &smb_fname);
@@ -1057,7 +1058,7 @@ static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx,
(unsigned)result->oplock_type, lease_ptr));
status = smbd_smb2_create_durable_lease_check(
- fname, result, lease_ptr);
+ smb1req, fname, result, lease_ptr);
if (!NT_STATUS_IS_OK(status)) {
close_file(smb1req, result, SHUTDOWN_CLOSE);
tevent_req_nterror(req, status);
@@ -1078,7 +1079,7 @@ static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx,
info = FILE_WAS_OPENED;
} else {
struct smb_filename *smb_fname = NULL;
- uint32_t ucf_flags = UCF_PREP_CREATEFILE;
+ uint32_t ucf_flags;
if (requested_oplock_level == SMB2_OPLOCK_LEVEL_LEASE) {
if (lease_ptr == NULL) {
@@ -1102,6 +1103,7 @@ static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx,
}
}
+ ucf_flags = filename_create_ucf_flags(smb1req, in_create_disposition);
status = filename_convert(req,
smb1req->conn,
smb1req->flags2 & FLAGS2_DFS_PATHNAMES,
diff --git a/source3/winbindd/winbindd_pam_auth_crap.c b/source3/winbindd/winbindd_pam_auth_crap.c
index ffbc322..e6a47c8 100644
--- a/source3/winbindd/winbindd_pam_auth_crap.c
+++ b/source3/winbindd/winbindd_pam_auth_crap.c
@@ -37,6 +37,7 @@ struct tevent_req *winbindd_pam_auth_crap_send(
struct tevent_req *req, *subreq;
struct winbindd_pam_auth_crap_state *state;
struct winbindd_domain *domain;
+ const char *auth_domain = NULL;
req = tevent_req_create(mem_ctx, &state,
struct winbindd_pam_auth_crap_state);
@@ -77,14 +78,12 @@ struct tevent_req *winbindd_pam_auth_crap_send(
return tevent_req_post(req, ev);
}
- if ((request->data.auth_crap.domain[0] == '\0')
- && lp_winbind_use_default_domain()) {
- fstrcpy(request->data.auth_crap.domain,
- lp_workgroup());
+ auth_domain = request->data.auth_crap.domain;
+ if (auth_domain[0] == '\0') {
+ auth_domain = lp_workgroup();
}
- domain = find_auth_domain(
- request->flags, request->data.auth_crap.domain);
+ domain = find_auth_domain(request->flags, auth_domain);
if (domain == NULL) {
tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
return tevent_req_post(req, ev);
--
Samba Shared Repository
More information about the samba-cvs
mailing list