[SCM] Samba Shared Repository - branch master updated
Stefan Metzmacher
metze at samba.org
Fri Jul 26 11:11:01 UTC 2024
The branch, master has been updated
via 07c0afe91d5 WHATSNEW.txt: document "veto files" and "hide files"
via 607d2c1e3e9 s3/lib: return error from set_namearray()
via 02ae847b453 smbd: return errors from token_contains_name()
via 0f27c521449 s3/lib: use lookup_name_smbconf_ex() in token_contains_name()
via 8364db8a3cd s3/passdb: add lookup_name_smbconf_ex() using lookup_name_internal()
via 01b0b856210 s3/passdb: factor out lookup_name_internal()
via 1d6feea6772 s3/passdb: use winbind_lookup_name_ex() in lookup_name() instead of winbind_lookup_name()
via 3a13b90ceef s3/passdb: add winbind_lookup_name_ex()
via 5d3c6dbf61b s3-errormap: add WBC_ERR_NOT_MAPPED -> NT_STATUS_NONE_MAPPED
via 1b63d503fce s3-errormap: move map_nt_error_from_wbcErr() back into errormap.c
via 02da9704a05 s3/rpc_client: fix handling of NT_STATUS_SOME_NOT_MAPPED
via 148a102800f winbindd: let LookupNames return NT_STATUS_OK and SID_NAME_UNKNOWN for unmapped names
via 12c5adb49ae libwbclient: prepare wbcCtxLookupName() for dealing with WBC_SID_NAME_UNKNOWN
via 315ee3801b9 libwbclient: add error WBC_ERR_NOT_MAPPED
via 21b9eb5b8c1 winbindd: properly initialize sid and type in wb_cache_name_to_sid()
via cbd4aee50b5 winbindd: collapse two if expressions
via 6baf9547e53 winbindd: reformatting
via dc95763757b winbindd: rename variable old_status to was_online in wb_cache_name_to_sid()
via 89a26b50f42 CI: add a test for per-user (and per-group) veto files
via 7e835339daf CI: fix test file cleanup
via b8b2f218352 s3/lib: add per-user support to set_namearray()
via 02e7c70ab31 smbd: move token_contains_name() to util_namearray.c and make it public
via 2f273a50855 selftest: add groups "group1" and "group2" to Samba3
via c4ede22db0d s3/lib: move set_namearray() to util_namearray.c
via 8ab29157b9b smbd: maintain veto_list and hide_list in the vuid cache
via cfa9a73319e smbd: prepare free_conn_session_info_if_unused() for more cleanup logic
via 630f1228d17 smbd: move target code out of loop body
via 7fc74c7883c s3/lib: modernize set_namearray()
via f564fcb7c1a s3/lib: move path_to_strv() to util_path.c
via 0c6725a73ce s3/lib: remove name_compare_entry typedef
via a1c1057f620 selftest: remove net groupmap delete stuff
via 5160da2997f selftest: ensure the "fileserver" test environment is removed before provisioning
via a1d5df42034 selftest: setup "fileserver" testenv specific directories after calling provision()
via 2cd9da518dd selftest: setup "simpleserver" testenv specific directories after calling provision()
via 25ff9e59630 selftest: remove check for $no_delete_prefix
from 8903876f65d libcli:security: allow spaces after BAD:
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 07c0afe91d5c4631a2fa6424bb38fff1ddc89b0c
Author: Ralph Boehme <slow at samba.org>
Date: Fri Feb 2 15:14:27 2024 +0100
WHATSNEW.txt: document "veto files" and "hide files"
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Jul 26 11:10:42 UTC 2024 on atb-devel-224
commit 607d2c1e3e9017d260e4a76eeac7e2c638eaff03
Author: Ralph Boehme <slow at samba.org>
Date: Wed Feb 7 11:40:29 2024 +0100
s3/lib: return error from set_namearray()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 02ae847b45375091cc9c0ef76c49b6b1edcdb4e8
Author: Ralph Boehme <slow at samba.org>
Date: Fri Feb 2 08:10:54 2024 +0100
smbd: return errors from token_contains_name()
Invalid names in "valid users", "invalid users", "read list", "write list",
"veto files" and "hide files" are logged and ignored, but a failure to contact
winbind or a DC from winbind, or a memory allocation failure, now all trigger a
failure of the tree connect.
Manually tested with smbclient with the following hack in winbindd:
---8<---
$ git di
source3/winbindd/winbindd_cache.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index c889489dbbbc..8ccf0a28e11a 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -1821,6 +1821,13 @@ NTSTATUS wb_cache_name_to_sid(struct winbindd_domain *domain,
ZERO_STRUCTP(sid);
*type = SID_NAME_UNKNOWN;
+ if (strequal(name, "unknown")) {
+ return NT_STATUS_OK;
+ }
+ if (strequal(name, "iotimeout")) {
+ return NT_STATUS_IO_TIMEOUT;
+ }
+
status = wcache_name_to_sid(domain, domain_name, name, sid, type);
if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
return status;
---8<---
veto files = ../unknown/file1/../slow/file2
$ bin/smbclient -U slow%x //localhost/test -c quit
$
In the log:
[2024/03/04 15:21:33.659356, 1, pid=977167, effective(0, 0), real(0, 0)] ../../source3/lib/util_namearray.c:128(token_contains_name)
token_contains_name: lookup_name 'unknown' failed
veto files = ../iotimeout/file1/../slow/file2
$ bin/smbclient -U slow%x //localhost/test -c quit
tree connect failed: NT_STATUS_LOGON_FAILURE
$
[2024/03/04 15:22:15.655811, 0, pid=977177, effective(0, 0), real(0, 0)] ../../source3/lib/util_namearray.c:131(token_contains_name)
token_contains_name: lookup_name 'iotimeout' failed NT_STATUS_NO_SUCH_DOMAIN
[2024/03/04 15:22:15.655846, 1, pid=977177, effective(0, 0), real(0, 0)] ../../source3/smbd/uid.c:381(change_to_user_impersonate)
change_to_user_impersonate: SMB user slow (unix user slow) not permitted access to share test.
[2024/03/04 15:22:15.655855, 0, pid=977177, effective(0, 0), real(0, 0)] ../../source3/smbd/smb2_service.c:689(make_connection_snum)
make_connection_snum: Can't become connected user!
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 0f27c52144937d6f12a169f13cfe7c9cb6af78e4
Author: Ralph Boehme <slow at samba.org>
Date: Fri Feb 9 15:24:27 2024 +0100
s3/lib: use lookup_name_smbconf_ex() in token_contains_name()
No change in behaviour as we still ignore lookup erros as well as a not-found
result.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 8364db8a3cdeccf97d1804f0dde61664686ccb82
Author: Ralph Boehme <slow at samba.org>
Date: Fri Feb 9 09:40:23 2024 +0100
s3/passdb: add lookup_name_smbconf_ex() using lookup_name_internal()
Returns NTSTATUS instead of bool. lookup_name_smbconf() becomes a thin
wrapper around lookup_name_smbconf_ex().
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 01b0b8562103f434edc9bd2eb33f69cad0cc69e9
Author: Ralph Boehme <slow at samba.org>
Date: Fri Feb 9 10:53:35 2024 +0100
s3/passdb: factor out lookup_name_internal()
lookup_name() becomes a thin wrapper around lookup_name_internal(). Prepares for
adding more callers to lookup_name_internal() that are interested in the
NTSTATUS return value to distinguish between NAME_NOT_FOUND lookup results and
real errors.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 1d6feea6772dbef16a79212416fde44ffd86eeda
Author: Ralph Boehme <slow at samba.org>
Date: Thu Feb 8 18:20:15 2024 +0100
s3/passdb: use winbind_lookup_name_ex() in lookup_name() instead of winbind_lookup_name()
No change in behaviour, prepares for returning NTSTATUS instead of bool from
lookup_name().
Review-with: git show -w
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 3a13b90ceef28ce655a0f4665a2531f7581d81b6
Author: Ralph Boehme <slow at samba.org>
Date: Thu Feb 8 18:20:15 2024 +0100
s3/passdb: add winbind_lookup_name_ex()
Differs from winbind_lookup_name() by
- returning NTSTATUS instead of bool, so callers can distinguish between
STATUS_NAME_NOT_FOUND lookup results and real errors.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 5d3c6dbf61b87952330e5e076afbe1fce8fa183f
Author: Ralph Boehme <slow at samba.org>
Date: Fri Feb 16 17:16:57 2024 +0100
s3-errormap: add WBC_ERR_NOT_MAPPED -> NT_STATUS_NONE_MAPPED
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 1b63d503fce9f09fd13d16f705a5a75bfc86e521
Author: Ralph Boehme <slow at samba.org>
Date: Thu Feb 8 12:09:33 2024 +0100
s3-errormap: move map_nt_error_from_wbcErr() back into errormap.c
This basically reverts commit 313db81ad3de6cf7759d6a0fc21ee32419b2e62b.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 02da9704a05467f7c33e3ade582f62336ff55141
Author: Ralph Boehme <slow at samba.org>
Date: Wed Mar 6 14:23:45 2024 +0100
s3/rpc_client: fix handling of NT_STATUS_SOME_NOT_MAPPED
In this case names that couldn't be resolved will be have a NULL sid pointer
which would trigger a crash in sid_copy().
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 148a102800f36ad61689e0e0f879841bf42e40b0
Author: Ralph Boehme <slow at samba.org>
Date: Fri Feb 16 16:44:57 2024 +0100
winbindd: let LookupNames return NT_STATUS_OK and SID_NAME_UNKNOWN for unmapped names
Previously LookupNames would fail if a name could not be translated, so winbindd
clients like libwbclient couldn't differentiate between not being able to talk
to a DC and just an unkown name.
As a visible change this alters
$ bin/wbinfo -n Idontexist
failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup name Idontexist
to
$ bin/wbinfo -n Idontexist
failed to call wbcLookupName: WBC_ERR_SOME_NOT_MAPPED
Could not lookup name Idontexist
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 12c5adb49ae103c2bb706d92a4b2fd29b7a91f70
Author: Ralph Boehme <slow at samba.org>
Date: Fri Feb 16 16:38:11 2024 +0100
libwbclient: prepare wbcCtxLookupName() for dealing with WBC_SID_NAME_UNKNOWN
This changes the wbcErr from WBC_ERR_DOMAIN_NOT_FOUND to WBC_ERR_NOT_MAPPED.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 315ee3801b901702d0c91c8725b3783181cb5cf4
Author: Ralph Boehme <slow at samba.org>
Date: Fri Feb 16 16:33:57 2024 +0100
libwbclient: add error WBC_ERR_NOT_MAPPED
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 21b9eb5b8c14bf0a5255f8e5897a214e004e32e1
Author: Ralph Boehme <slow at samba.org>
Date: Fri Feb 16 16:42:59 2024 +0100
winbindd: properly initialize sid and type in wb_cache_name_to_sid()
No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit cbd4aee50b51b5de129bcfc15a3f2c348a9140c8
Author: Ralph Boehme <slow at samba.org>
Date: Fri Feb 16 16:19:34 2024 +0100
winbindd: collapse two if expressions
No change in behaviour.
After calling set_domain_offline() domain->offline will be set to false, iow
everytime
if (!domain->internal && was_online)
is true,
if (!domain->internal &&
!domain->online &&
was_online)
will also true, so we can drop the second if expression.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 6baf9547e53fbfe7aaefb8112db3a17bdf550a2c
Author: Ralph Boehme <slow at samba.org>
Date: Fri Feb 16 16:17:33 2024 +0100
winbindd: reformatting
No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit dc95763757bf4b7a2139de5c93dc62bae70dd01d
Author: Ralph Boehme <slow at samba.org>
Date: Fri Feb 16 16:12:43 2024 +0100
winbindd: rename variable old_status to was_online in wb_cache_name_to_sid()
A lot easier to make sense of the complex logic when using this name.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 89a26b50f42942623ea6bcff3dbe17187d271c2d
Author: Ralph Boehme <slow at samba.org>
Date: Thu Jan 25 15:03:10 2024 +0100
CI: add a test for per-user (and per-group) veto files
Not adding a specific test for per-user hide files as that uses the exact same
mechanism as the per-user veto files.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 7e835339daf921e76e3a8800fa4b760e0062b821
Author: Ralph Boehme <slow at samba.org>
Date: Thu Jan 25 16:26:42 2024 +0100
CI: fix test file cleanup
Test files are stored beneath "$SHAREPATH/dir1", not "$SHAREPATH/dir_1".
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit b8b2f218352a8432293b74f297be608d4ec4f782
Author: Ralph Boehme <slow at samba.org>
Date: Fri Feb 2 12:04:10 2024 +0100
s3/lib: add per-user support to set_namearray()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 02e7c70ab3198f72c988327200cfa90da0096253
Author: Ralph Boehme <slow at samba.org>
Date: Wed Feb 7 08:46:43 2024 +0100
smbd: move token_contains_name() to util_namearray.c and make it public
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 2f273a50855207698e64edaf477fe41c638623f9
Author: Ralph Boehme <slow at samba.org>
Date: Thu Jan 25 08:07:49 2024 +0100
selftest: add groups "group1" and "group2" to Samba3
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit c4ede22db0dfbafad9b7ba9acab3f7cf3a3895a9
Author: Ralph Boehme <slow at samba.org>
Date: Wed Feb 7 10:21:33 2024 +0100
s3/lib: move set_namearray() to util_namearray.c
Needed to fix circular dependencies between samba-passdb, secrets3 and
samba3util (iirc).
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 8ab29157b9b52bccbcec041a2acc90cac1fc10f1
Author: Ralph Boehme <slow at samba.org>
Date: Wed Feb 7 10:18:13 2024 +0100
smbd: maintain veto_list and hide_list in the vuid cache
Prepares for adding per-user support to both options. I don't think it makes
sense also adding per-user support to "veto oplock files" and "aio write behind"
so I'm ignoring those.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit cfa9a73319ea786176c8603880bfb388f7e7b439
Author: Ralph Boehme <slow at samba.org>
Date: Tue Jan 23 15:29:17 2024 +0100
smbd: prepare free_conn_session_info_if_unused() for more cleanup logic
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 630f1228d17c282a3661de050801b3aaf642accf
Author: Ralph Boehme <slow at samba.org>
Date: Tue Jan 23 15:19:12 2024 +0100
smbd: move target code out of loop body
Reduces indentation of the code code that is run in this function and prepares
for adding more of it.
Review with: git show -w
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 7fc74c7883ca9a9682b809e37b724bfe3bb4c64d
Author: Ralph Boehme <slow at samba.org>
Date: Sat Jan 20 12:58:52 2024 +0100
s3/lib: modernize set_namearray()
No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit f564fcb7c1ab78af7c2e0ae0ff5b292a1058e1cc
Author: Ralph Boehme <slow at samba.org>
Date: Tue Jan 23 12:29:36 2024 +0100
s3/lib: move path_to_strv() to util_path.c
More callers are coming.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 0c6725a73ce8c595f276b304aace8978784f2b78
Author: Ralph Boehme <slow at samba.org>
Date: Sat Jan 20 19:12:09 2024 +0100
s3/lib: remove name_compare_entry typedef
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit a1c1057f620ac63f230375417e21889a05ffc488
Author: Ralph Boehme <slow at samba.org>
Date: Wed Jan 31 17:48:07 2024 +0100
selftest: remove net groupmap delete stuff
Likely not needed anymore since we now cleanup the fileserver env.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 5160da2997fbf446cf85c7b678aef330ba12f954
Author: Ralph Boehme <slow at samba.org>
Date: Wed Jan 31 17:45:29 2024 +0100
selftest: ensure the "fileserver" test environment is removed before provisioning
This was likely taken by copy/paste from somewhere else where it might have made
sense.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit a1d5df42034314c185ba53a7432115f1f0264fdd
Author: Ralph Boehme <slow at samba.org>
Date: Wed Jan 31 19:37:54 2024 +0100
selftest: setup "fileserver" testenv specific directories after calling provision()
This ensures provision() can remove st/fileserver/* from previous runs.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 2cd9da518dd2021099ce91cb5ae5d1dee09ac9c4
Author: Ralph Boehme <slow at samba.org>
Date: Wed Jan 31 19:36:33 2024 +0100
selftest: setup "simpleserver" testenv specific directories after calling provision()
This ensures provision() can remove st/simpleserver/* from previous runs.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 25ff9e59630482c38e9523a8cba4ed5fdaee9ccf
Author: Ralph Boehme <slow at samba.org>
Date: Wed Jan 31 17:44:00 2024 +0100
selftest: remove check for $no_delete_prefix
provision_ctdb() was always called with $no_delete_prefix undefined
from setup_ctdb(), so we can just remove the check.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 26 ++
docs-xml/smbdotconf/filename/hidefiles.xml | 16 ++
docs-xml/smbdotconf/filename/vetofiles.xml | 18 +-
nsswitch/krb5_plugin/winbind_krb5_localauth.c | 3 +
nsswitch/libwbclient/wbc_sid.c | 7 +-
nsswitch/libwbclient/wbclient.c | 2 +
nsswitch/libwbclient/wbclient.h | 3 +-
nsswitch/pam_winbind.c | 2 +
selftest/target/Samba3.pm | 51 ++--
source3/include/proto.h | 19 +-
source3/include/vfs.h | 16 +-
source3/lib/namearray.c | 39 ---
source3/lib/util.c | 119 +--------
source3/lib/util_namearray.c | 283 +++++++++++++++++++++
source3/lib/util_path.c | 11 +
source3/lib/util_path.h | 1 +
source3/lib/winbind_util.c | 40 +++
source3/lib/winbind_util.h | 4 +
source3/libsmb/errormap.c | 40 +++
source3/libsmb/errormap_wbc.c | 62 -----
source3/libsmb/errormap_wbc.h | 29 ---
source3/modules/vfs_virusfilter.c | 22 +-
source3/modules/vfs_virusfilter_common.h | 4 +-
...passdb-0.28.0.sigs => samba-passdb-0.29.0.sigs} | 1 +
source3/passdb/lookup_sid.c | 261 +++++++++++++------
source3/passdb/lookup_sid.h | 7 +
source3/rpc_client/cli_lsarpc.c | 19 +-
source3/script/tests/test_veto_files.sh | 26 +-
source3/smbd/conn.c | 71 +++---
source3/smbd/files.c | 11 -
source3/smbd/proto.h | 6 +-
source3/smbd/share_access.c | 223 +++++-----------
source3/smbd/smb2_service.c | 24 +-
source3/smbd/uid.c | 62 ++++-
source3/torture/test_matching.c | 6 +-
source3/winbindd/winbindd_cache.c | 43 ++--
source3/winbindd/winbindd_getgrnam.c | 3 +
source3/winbindd/winbindd_getgroups.c | 3 +
source3/winbindd/winbindd_getpwnam.c | 3 +
source3/winbindd/winbindd_idmap.c | 3 +
source3/winbindd/winbindd_irpc.c | 3 +
source3/winbindd/winbindd_msrpc.c | 67 ++++-
source3/winbindd/winbindd_samr.c | 7 +
source3/wscript_build | 12 +-
44 files changed, 1040 insertions(+), 638 deletions(-)
delete mode 100644 source3/lib/namearray.c
create mode 100644 source3/lib/util_namearray.c
delete mode 100644 source3/libsmb/errormap_wbc.c
delete mode 100644 source3/libsmb/errormap_wbc.h
copy source3/passdb/ABI/{samba-passdb-0.28.0.sigs => samba-passdb-0.29.0.sigs} (99%)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index be93dd5ae61..d366393249a 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -12,6 +12,17 @@ Samba 4.21 will be the next version of the Samba suite.
UPGRADING
=========
+Hardening of "valid users", "invalid users", "read list" and "write list"
+-------------------------------------------------------------------------
+
+In previous versions of Samba, if a user or group name in either of the
+mentioned options could not be resolved to a valid SID, the user (or group)
+would be skipped without any notification. This could result in unexpected and
+insecure behaviour. Starting with this version of Samba, if any user or group
+name in any of the options cannot be resolved due to a communication error with
+a domain controller, Samba will log an error and the tree connect will fail.
+Non existing users (or groups) are ignored.
+
LDAP TLS/SASL channel binding support
-------------------------------------
@@ -164,6 +175,15 @@ NOTE: Domains upgraded from older Samba versions will not have this
set, even after the functional level preparation, matching the
behaviour of upgraded Windows AD domains.
+Per-user and group "veto files" and "hide files"
+------------------------------------------------
+
+"veto files" and "hide files" can optionally be restricted to certain users and
+groups. To apply a veto or hide directive to a filename for a specific user or
+group, prefix the filename with "../USERNAME/" or "../GROUPNAME/". For details
+consult the updated smb.conf manpage.
+
+
REMOVED FEATURES
================
@@ -179,6 +199,12 @@ smb.conf changes
tls trust system cas new
tls ca directories new
dns hostname client dns name [netbios name].[realm]
+ valid users Hardening
+ invalid users Hardening
+ read list Hardening
+ write list Hardening
+ veto files Added per-user and per-group vetos
+ hide files Added per-user and per-group hides
KNOWN ISSUES
diff --git a/docs-xml/smbdotconf/filename/hidefiles.xml b/docs-xml/smbdotconf/filename/hidefiles.xml
index d4e3da39ee6..f93885e43a3 100644
--- a/docs-xml/smbdotconf/filename/hidefiles.xml
+++ b/docs-xml/smbdotconf/filename/hidefiles.xml
@@ -13,6 +13,16 @@
and '?' can be used to specify multiple files or directories
as in DOS wildcards.</para>
+ <para>
+ If a file or directory name is prefixed by "../USERNAME/"
+ or "../GROUPNAME/", then the subsequent filename is only hidden for the
+ given user or group. Instead of specifying users or groups by name, they
+ can also be specified by SID.
+ </para>
+
+ <para>User and group names use the same format as <smbconfoption
+ name="valid users"/>.</para>
+
<para>Each entry must be a Unix path, not a DOS path and must
not include the Unix directory separator '/'.</para>
@@ -34,6 +44,12 @@
An example of us of this parameter is:
<programlisting>
hide files = /.*/DesktopFolderDB/TrashFor%m/resource.frk/
+
+; Hide some files for anyone and some files for specific users and groups
+hide files = hideforall1/../joe/hideforuserjoe/hideforall2/../students/hideforstudents/hideforall3
+hide files = ../UNIVERSITY\Alumnis/somefile.txt/../john at university.org/anotherfile.txt
+hide files = ../S-1-5-21-123-456-789-1000/secretfile.txt
+
</programlisting>
</para>
</description>
diff --git a/docs-xml/smbdotconf/filename/vetofiles.xml b/docs-xml/smbdotconf/filename/vetofiles.xml
index 11bb51e6c76..e47490ee49d 100644
--- a/docs-xml/smbdotconf/filename/vetofiles.xml
+++ b/docs-xml/smbdotconf/filename/vetofiles.xml
@@ -11,7 +11,18 @@
</para>
<para>
- Each entry must be a unix path, not a DOS path and must <emphasis>not</emphasis> include the
+ If a file or directory name is prefixed by "../USERNAME/"
+ or "../GROUPNAME/", then the subsequent filename is only hidden for the
+ given user or group. Instead of specifying users or groups by name, they
+ can also be specified by SID.
+ </para>
+
+ <para>User and group names use the same format as <smbconfoption
+ name="valid users"/>.</para>
+
+ <para>
+ Each filename must be a unix path, not a DOS path and must
+ <emphasis>not</emphasis> include the
unix directory separator '/'.
</para>
@@ -39,6 +50,11 @@
; word root.
veto files = /*Security*/*.tmp/*root*/
+; Veto some files for anyone and some files for specific users and groups
+veto files = /vetoforall1/../USER/vetoforuser/vetoforall2/../GROUP/vetoforgroup/vetoforall3/
+veto files = ../UNIVERSITY\Alumnis/somefile.txt/../john at university.org/anotherfile.txt
+veto files = ../S-1-5-21-123-456-789-1000/secretfile.txt
+
; Veto the Apple specific files that a NetAtalk server
; creates.
veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/
diff --git a/nsswitch/krb5_plugin/winbind_krb5_localauth.c b/nsswitch/krb5_plugin/winbind_krb5_localauth.c
index f610b0cdf8c..80a35de412f 100644
--- a/nsswitch/krb5_plugin/winbind_krb5_localauth.c
+++ b/nsswitch/krb5_plugin/winbind_krb5_localauth.c
@@ -113,6 +113,7 @@ static krb5_error_code winbind_userok(krb5_context context,
/* match other insane libwbclient return codes */
case WBC_ERR_WINBIND_NOT_AVAILABLE:
case WBC_ERR_DOMAIN_NOT_FOUND:
+ case WBC_ERR_NOT_MAPPED:
code = KRB5_PLUGIN_NO_HANDLE;
break;
default:
@@ -136,6 +137,7 @@ static krb5_error_code winbind_userok(krb5_context context,
/* match other insane libwbclient return codes */
case WBC_ERR_WINBIND_NOT_AVAILABLE:
case WBC_ERR_DOMAIN_NOT_FOUND:
+ case WBC_ERR_NOT_MAPPED:
code = KRB5_PLUGIN_NO_HANDLE;
break;
default:
@@ -219,6 +221,7 @@ static krb5_error_code winbind_an2ln(krb5_context context,
/* match other insane libwbclient return codes */
case WBC_ERR_WINBIND_NOT_AVAILABLE:
case WBC_ERR_DOMAIN_NOT_FOUND:
+ case WBC_ERR_NOT_MAPPED:
code = KRB5_LNAME_NOTRANS;
break;
default:
diff --git a/nsswitch/libwbclient/wbc_sid.c b/nsswitch/libwbclient/wbc_sid.c
index fd825102950..747addb1f5b 100644
--- a/nsswitch/libwbclient/wbc_sid.c
+++ b/nsswitch/libwbclient/wbc_sid.c
@@ -218,11 +218,14 @@ wbcErr wbcCtxLookupName(struct wbcContext *ctx,
&response);
BAIL_ON_WBC_ERROR(wbc_status);
+ *name_type = (enum wbcSidType)response.data.sid.type;
+ if (*name_type == WBC_SID_NAME_UNKNOWN) {
+ return WBC_ERR_NOT_MAPPED;
+ }
+
wbc_status = wbcStringToSid(response.data.sid.sid, sid);
BAIL_ON_WBC_ERROR(wbc_status);
- *name_type = (enum wbcSidType)response.data.sid.type;
-
wbc_status = WBC_ERR_SUCCESS;
done:
diff --git a/nsswitch/libwbclient/wbclient.c b/nsswitch/libwbclient/wbclient.c
index 4562046a9fe..b6816ccd570 100644
--- a/nsswitch/libwbclient/wbclient.c
+++ b/nsswitch/libwbclient/wbclient.c
@@ -176,6 +176,8 @@ const char *wbcErrorString(wbcErr error)
return "WBC_ERR_AUTH_ERROR";
case WBC_ERR_PWD_CHANGE_FAILED:
return "WBC_ERR_PWD_CHANGE_FAILED";
+ case WBC_ERR_NOT_MAPPED:
+ return "WBC_ERR_NOT_MAPPED";
}
return "unknown wbcErr value";
diff --git a/nsswitch/libwbclient/wbclient.h b/nsswitch/libwbclient/wbclient.h
index 3ff1fe6d7b9..b7786266074 100644
--- a/nsswitch/libwbclient/wbclient.h
+++ b/nsswitch/libwbclient/wbclient.h
@@ -47,7 +47,8 @@ enum _wbcErrType {
WBC_ERR_AUTH_ERROR, /**< Authentication failed **/
WBC_ERR_UNKNOWN_USER, /**< User account cannot be found */
WBC_ERR_UNKNOWN_GROUP, /**< Group account cannot be found */
- WBC_ERR_PWD_CHANGE_FAILED /**< Password Change has failed */
+ WBC_ERR_PWD_CHANGE_FAILED, /**< Password Change has failed */
+ WBC_ERR_NOT_MAPPED /**< Translation function failed on some element **/
};
typedef enum _wbcErrType wbcErr;
diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
index 5e5cf0af8b8..968a72bccc0 100644
--- a/nsswitch/pam_winbind.c
+++ b/nsswitch/pam_winbind.c
@@ -40,6 +40,7 @@ static int wbc_error_to_pam_error(wbcErr status)
case WBC_ERR_WINBIND_NOT_AVAILABLE:
return PAM_AUTHINFO_UNAVAIL;
case WBC_ERR_DOMAIN_NOT_FOUND:
+ case WBC_ERR_NOT_MAPPED:
return PAM_AUTHINFO_UNAVAIL;
case WBC_ERR_INVALID_RESPONSE:
return PAM_BUF_ERR;
@@ -2143,6 +2144,7 @@ static int valid_user(struct pwb_context *ctx,
/* match other insane libwbclient return codes */
case WBC_ERR_WINBIND_NOT_AVAILABLE:
case WBC_ERR_DOMAIN_NOT_FOUND:
+ case WBC_ERR_NOT_MAPPED:
return 1;
case WBC_ERR_SUCCESS:
return 0;
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index b35769266ae..23c7d284e85 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -1712,11 +1712,8 @@ sub setup_simpleserver
print "PROVISIONING simple server...";
my $prefix_abs = abs_path($path);
- mkdir($prefix_abs, 0777);
my $external_streams_depot="$prefix_abs/external_streams_depot";
- remove_tree($external_streams_depot);
- mkdir($external_streams_depot, 0777);
my $simpleserver_options_globals = "
lanman auth = yes
@@ -1790,6 +1787,9 @@ sub setup_simpleserver
$vars or return undef;
+ remove_tree($external_streams_depot);
+ mkdir($external_streams_depot, 0777);
+
my $pam_service_dir = "$prefix_abs/pam_services";
remove_tree($pam_service_dir);
mkdir($pam_service_dir, 0777);
@@ -1848,10 +1848,6 @@ sub setup_fileserver
my $usershare_dir="$prefix_abs/lib/usershare";
- mkdir("$prefix_abs/lib", 0755);
- remove_tree($usershare_dir);
- mkdir($usershare_dir, 01770);
-
my $share_dir="$prefix_abs/share";
# Create share directory structure
@@ -2038,7 +2034,7 @@ sub setup_fileserver
[veto_files]
path = $veto_sharedir
- veto files = /veto_name*/
+ veto files = /veto_name*/../user1/user1file/../user2/user2file/../+group1/group1file/../+group2/group2file
[delete_yes_unwrite]
read only = no
@@ -2095,11 +2091,14 @@ sub setup_fileserver
domain => "WORKGROUP",
server => $server,
password => "fileserver",
- extra_options => $fileserver_options,
- no_delete_prefix => 1);
+ extra_options => $fileserver_options);
$vars or return undef;
+ mkdir("$prefix_abs/lib", 0755);
+ remove_tree($usershare_dir);
+ mkdir($usershare_dir, 01770);
+
if (not $self->check_or_start(
env_vars => $vars,
nmbd => "yes",
@@ -2851,6 +2850,8 @@ sub provision($$)
my ($gid_force_user);
my ($gid_jackthemapper);
my ($gid_jacknomapper);
+ my ($gid_group1);
+ my ($gid_group2);
my ($uid_user1);
my ($uid_user2);
my ($uid_gooduser);
@@ -2901,6 +2902,8 @@ sub provision($$)
$gid_force_user = $max_gid - 8;
$gid_jackthemapper = $max_gid - 9;
$gid_jacknomapper = $max_gid - 10;
+ $gid_group1 = $max_gid - 11;
+ $gid_group2 = $max_gid - 12;
##
## create conffile
@@ -3768,6 +3771,8 @@ everyone:x:$gid_everyone:
force_user:x:$gid_force_user:
jackthemappergroup:x:$gid_jackthemapper:jackthemapper
jacknomappergroup:x:$gid_jacknomapper:jacknomapper
+group1:x:$gid_group1:user1
+group2:x:$gid_group2:user2
";
if ($unix_gids[0] != 0) {
print GROUP "root:x:$gid_root:
@@ -4003,9 +4008,6 @@ sub wait_for_start($$$$$)
$netcmd .= "UID_WRAPPER_ROOT='1' ";
$netcmd .= Samba::bindir_path($self, "net") ." $envvars->{CONFIGURATION} ";
- $cmd = $netcmd . "groupmap delete ntgroup=domusers";
- $ret = system($cmd);
-
$cmd = $netcmd . "groupmap add rid=513 unixgroup=domusers type=domain";
$ret = system($cmd);
if ($ret != 0) {
@@ -4013,20 +4015,28 @@ sub wait_for_start($$$$$)
return 1;
}
- $cmd = $netcmd . "groupmap delete ntgroup=domadmins";
+ $cmd = $netcmd . "groupmap add rid=512 unixgroup=domadmins type=domain";
$ret = system($cmd);
+ if ($ret != 0) {
+ print("\"$cmd\" failed\n");
+ return 1;
+ }
- $cmd = $netcmd . "groupmap add rid=512 unixgroup=domadmins type=domain";
+ $cmd = $netcmd . "groupmap add sid=S-1-1-0 unixgroup=everyone type=builtin";
$ret = system($cmd);
if ($ret != 0) {
print("\"$cmd\" failed\n");
return 1;
}
- $cmd = $netcmd . "groupmap delete ntgroup=everyone";
+ $cmd = $netcmd . "groupmap add unixgroup=group1 type=domain";
$ret = system($cmd);
+ if ($ret != 0) {
+ print("\"$cmd\" failed\n");
+ return 1;
+ }
- $cmd = $netcmd . "groupmap add sid=S-1-1-0 unixgroup=everyone type=builtin";
+ $cmd = $netcmd . "groupmap add unixgroup=group2 type=domain";
$ret = system($cmd);
if ($ret != 0) {
print("\"$cmd\" failed\n");
@@ -4116,7 +4126,7 @@ sub setup_ctdb($$)
sub provision_ctdb($$$$)
{
- my ($self, $prefix, $num_nodes, $no_delete_prefix) = @_;
+ my ($self, $prefix, $num_nodes) = @_;
my $rc;
print "PROVISIONING CTDB...\n";
@@ -4132,10 +4142,7 @@ sub provision_ctdb($$$$)
mkdir ($prefix_abs, 0777);
print "CREATE CTDB TEST ENVIRONMENT in '$prefix_abs'...\n";
-
- if (not defined($no_delete_prefix) or not $no_delete_prefix) {
- system("rm -rf $prefix_abs/*");
- }
+ system("rm -rf $prefix_abs/*");
#
# Per-node data
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 1db239f0559..966d038cc40 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -27,6 +27,7 @@
#include <regex.h>
#include "lib/util/access.h"
+#include "nsswitch/libwbclient/wbclient.h"
/* The following definitions come from lib/adt_tree.c */
@@ -315,9 +316,20 @@ gid_t nametogid(const char *name);
void smb_panic_s3(const char *why);
void log_panic_action(const char *msg);
const char *readdirname(DIR *p);
-bool is_in_path(const char *name, name_compare_entry *namelist, bool case_sensitive);
-void set_namearray(name_compare_entry **ppname_array, const char *namelist);
-void free_namearray(name_compare_entry *name_array);
+bool is_in_path(const char *name,
+ struct name_compare_entry *namelist,
+ bool case_sensitive);
+bool token_contains_name(TALLOC_CTX *mem_ctx,
+ const char *username,
+ const char *domain,
+ const char *sharename,
+ const struct security_token *token,
+ const char *name,
+ bool *match);
+bool set_namearray(TALLOC_CTX *mem_ctx,
+ const char *namelist,
+ const struct security_token *token,
+ struct name_compare_entry **_name_array);
bool fcntl_lock(int fd, int op, off_t offset, off_t count, int type);
bool fcntl_getlock(int fd, int op, off_t *poffset, off_t *pcount, int *ptype, pid_t *ppid);
int map_process_lock_to_ofd_lock(int op);
@@ -571,6 +583,7 @@ void flush_negative_conn_cache_for_domain(const char *domain);
/* The following definitions come from libsmb/errormap.c */
NTSTATUS dos_to_ntstatus(uint8_t eclass, uint32_t ecode);
+NTSTATUS map_nt_error_from_wbcErr(wbcErr wbc_err);
/* The following definitions come from libsmb/namecache.c */
diff --git a/source3/include/vfs.h b/source3/include/vfs.h
index 1e2e88d65ce..374d7e03c33 100644
--- a/source3/include/vfs.h
+++ b/source3/include/vfs.h
@@ -692,6 +692,8 @@ typedef struct files_struct {
struct vuid_cache_entry {
struct auth_session_info *session_info;
+ struct name_compare_entry *hide_list;
+ struct name_compare_entry *veto_list;
uint64_t vuid; /* SMB2 compat */
bool read_only;
uint32_t share_access;
@@ -702,10 +704,10 @@ struct vuid_cache {
struct vuid_cache_entry array[VUID_CACHE_SIZE];
};
-typedef struct {
- char *name;
+struct name_compare_entry {
+ const char *name;
bool is_wild;
-} name_compare_entry;
+};
struct share_params {
int service;
@@ -767,10 +769,10 @@ typedef struct connection_struct {
Used to ensure unique FileIndex returns. */
SMB_DEV_T base_share_dev;
- name_compare_entry *hide_list; /* Per-share list of files to return as hidden. */
- name_compare_entry *veto_list; /* Per-share list of files to veto (never show). */
- name_compare_entry *veto_oplock_list; /* Per-share list of files to refuse oplocks on. */
- name_compare_entry *aio_write_behind_list; /* Per-share list of files to use aio write behind on. */
+ struct name_compare_entry *hide_list; /* Per-share list of files to return as hidden. */
+ struct name_compare_entry *veto_list; /* Per-share list of files to veto (never show). */
+ struct name_compare_entry *veto_oplock_list; /* Per-share list of files to refuse oplocks on. */
+ struct name_compare_entry *aio_write_behind_list; /* Per-share list of files to use aio write behind on. */
struct trans_state *pending_trans;
struct rpc_pipe_client *spoolss_pipe;
diff --git a/source3/lib/namearray.c b/source3/lib/namearray.c
deleted file mode 100644
index e5c3bd983b5..00000000000
--- a/source3/lib/namearray.c
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- Samba utility functions
- Copyright (C) Andrew Tridgell 1992-1998
- Copyright (C) Jeremy Allison 2001-2007
- Copyright (C) Simo Sorce 2001
- Copyright (C) Jim McDonough <jmcd at us.ibm.com> 2003
- Copyright (C) James Peach 2006
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-/****************************************************************************
- Routine to free a namearray.
-****************************************************************************/
-
-void free_namearray(name_compare_entry *name_array)
-{
- int i;
-
- if(name_array == NULL)
- return;
-
- for(i=0; name_array[i].name!=NULL; i++)
- SAFE_FREE(name_array[i].name);
--
Samba Shared Repository
More information about the samba-cvs
mailing list