[SCM] Samba Shared Repository - branch v4-18-test updated
Jule Anger
janger at samba.org
Tue Jan 16 10:06:01 UTC 2024
The branch, v4-18-test has been updated
via ee2df0bbb34 smbd: move access override for previous versions to the SMB layer
via 1e108b3ac07 smbd: check for previous versions in check_any_access_fsp()
via d3f062e2122 smbd: use check_any_access_fsp() for all access checks
via 77a71bc9932 smbd: replace CHECK_WRITE() macro with calls to check_any_access_fsp()
via 15536403f63 smbd: set fsp->fsp_flags.can_write to false for access to previous-versions
via 8ee0768d6f2 smbd: return correct error when trying to create a hardlink to a VSS file
via 8c08511f97d smbd: fix check_any_access_fsp() for non-fsa fsps
via b775434b7eb smbd: rename check_access_fsp() to check_any_access_fsp()
via d87294724e6 smbd: set fsp_flags.is_fsa to true on printer file handles
via c8e1d26cea5 smbd: return the correct error in can_rename()
via 7080c5b4850 smbtorture: expand smb2.twrp.write test
via 469c91c4133 s4/libcli/raw: implemement RAW_SFILEINFO_LINK_INFORMATION
via 29f629a155f selftest: remove error_inject from shadow_write share
from a9862b23e00 docs-xml: use XML_CATALOG_FILES env var if defined
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-18-test
- Log -----------------------------------------------------------------
commit ee2df0bbb3429ca2bece2b651e00182453d1b089
Author: Ralph Boehme <slow at samba.org>
Date: Fri Dec 15 11:59:36 2023 +0100
smbd: move access override for previous versions to the SMB layer
Doing the previous version access checks and semantics at the SMB
layer means we can simplify the shadow_copy2 and remove the kludge.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Jan 8 16:58:26 UTC 2024 on atb-devel-224
(backported from commit f14a7065690b00e3c6af2c1f0b0aec51c1e0b372)
[slow at samba.org: vfs_shadow_copy2.c: no TALLOC_FREE() in context]
[slow at samba.org: open.c: assign result from calculate_open_access_flags()]
Autobuild-User(v4-18-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-18-test): Tue Jan 16 10:05:29 UTC 2024 on atb-devel-224
commit 1e108b3ac072ac396fc07f4cb4073217af2877bf
Author: Ralph Boehme <slow at samba.org>
Date: Wed Dec 20 15:09:59 2023 +0100
smbd: check for previous versions in check_any_access_fsp()
Now that check_any_access_fsp() is broadly used consistently to
restrict access for all modifying operations, we can add a check for
previous versions to check_any_access_fsp() and it gets enforced
consistently.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit fd4e41144a819b4403340e4a28664ac586722b41)
commit d3f062e21224f720ca724dee740ade5d56748da1
Author: Ralph Boehme <slow at samba.org>
Date: Wed Dec 20 18:01:57 2023 +0100
smbd: use check_any_access_fsp() for all access checks
Replaces the direct access to fsp->access_mask with a call to
check_any_access_fsp() which allows doing additional checks if needed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(backported from commit 02ed99343d19fd0845531ad99a46b1dd5b8a7a4f)
[slow at samba.org: vfs_acl_common.c: different chown_needed check]
commit 77a71bc9932acc7e73fe4b89443bf500c0374a98
Author: Ralph Boehme <slow at samba.org>
Date: Wed Dec 20 18:32:25 2023 +0100
smbd: replace CHECK_WRITE() macro with calls to check_any_access_fsp()
The additional check if fd underlying fd is valid and not -1 should not be done
at this place. I actually would prefer an write to fail with EBADF if this
happens, as it's likely easier to debug why this happened. These days we should
always have a valid fd.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 995a31c8d4c1789c16bae6b8196f2565d4b1dfdb)
commit 15536403f631e757b8d3db77ea442cb858e03bd3
Author: Ralph Boehme <slow at samba.org>
Date: Wed Dec 20 18:03:22 2023 +0100
smbd: set fsp->fsp_flags.can_write to false for access to previous-versions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit ee3035218df4cfd68b6aab6825c78f2b85234c6c)
commit 8ee0768d6f2c1b79a4ad381f0cef1ae32a9618b7
Author: Ralph Boehme <slow at samba.org>
Date: Fri Dec 22 11:19:38 2023 +0100
smbd: return correct error when trying to create a hardlink to a VSS file
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit a0ae45be770a13373c148a689b9761f14c4f942c)
commit 8c08511f97d0915fdc87c77f4c5a815e1dcfb42a
Author: Ralph Boehme <slow at samba.org>
Date: Thu Dec 21 10:58:09 2023 +0100
smbd: fix check_any_access_fsp() for non-fsa fsps
smbd_check_access_rights_fsp() requires *all* rights in access_mask to
be granted by the underlying ACL, but the semantics of this function
is supposed to grant access if any one of the rights in
access_requested is allowed.
Fix this by looping over the requested access mask. If
smbd_check_access_rights_fsp() returns sucess, mask will be non-null
and when assigned to access_granted, the subsequent check will pass,
fail otherwise.
I'm not doing an early exit on purpose because a subsequent commit
adds additional security checks that are done in the subsequent code
path common for fsa and non-fsa fsps.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit bf497819e61131cfa6469971596af3aa9bd4bb49)
commit b775434b7eb1a08fff283e153817f3e0376c9af8
Author: Ralph Boehme <slow at samba.org>
Date: Thu Dec 21 10:58:09 2023 +0100
smbd: rename check_access_fsp() to check_any_access_fsp()
The semantics of the access check in check_access_fsp() itself is to
allow access if *at least* one or more rights of the rights in
access_mask are allowed. The name check_any_access_fsp() better
reflects this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 96b577c380fa914eb1ffa95849c82bdb88aa1ec6)
commit d87294724e6066870346ff90b16c76fcfd294b9c
Author: Ralph Boehme <slow at samba.org>
Date: Thu Dec 21 16:27:42 2023 +0100
smbd: set fsp_flags.is_fsa to true on printer file handles
Printer file handles went through SMB_VFS_CREATE_FILE() and are network
callable, so it makes sense to set this on them.
This ensures that check_access_fsp() doesn't take the codepath calling
smbd_check_access_rights_fsp(), but just checks the request rights from
fsp->access_mask.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 76c8fe16bff36a29fa326355256b50737d04bd85)
commit c8e1d26cea525c6d0642923bf1b5196813145744
Author: Ralph Boehme <slow at samba.org>
Date: Tue Dec 19 13:06:55 2023 +0100
smbd: return the correct error in can_rename()
This is what Windows returns for this case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 276c5bd851ab6ab818a49d9c47f6b96de8024778)
commit 7080c5b4850c39c63e61d458d5928151fa7f1c00
Author: Ralph Boehme <slow at samba.org>
Date: Fri Dec 15 19:55:23 2023 +0100
smbtorture: expand smb2.twrp.write test
Test more modifying operations are blocked and access masks are correct.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 537eedfe2a79fba2e1f062f14ba7a0c5f8f70a88)
commit 469c91c4133e18700a19558910449e59957afccd
Author: Ralph Boehme <slow at samba.org>
Date: Fri Dec 22 10:40:39 2023 +0100
s4/libcli/raw: implemement RAW_SFILEINFO_LINK_INFORMATION
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit c62484bc2c60ebac42635793d94cb8e62629acbf)
commit 29f629a155faae5945414b912a5f248c1d7fd43a
Author: Ralph Boehme <slow at samba.org>
Date: Thu Dec 21 19:40:21 2023 +0100
selftest: remove error_inject from shadow_write share
Frankly, I can't remember why I added this as part of bug 13688. The
goal of the corresponding test is to verify a write on a read-only
file han