samba.git/source3/passdb, branch talloc-2.4.2 Unnamed repository; edit this file 'description' to name the repository. s3:passdb: Fix memory leak caused by recursion of get_global_sam_sid() 2024-01-23T14:30:58+00:00 Andreas Schneider asn@samba.org 2024-01-23T10:07:19+00:00 13d98c8fa6d1971adc687f2de01586a3c4739f55 Direct leak of 68 byte(s) in 1 object(s) allocated from: #0 0x7f4f39cdc03f in malloc (/lib64/libasan.so.8+0xdc03f) (BuildId: 3e1694ad218c99a8b1b69231666a27df63cf19d0) #1 0x7f4f36fbe427 in malloc_ ../../source3/lib/util_malloc.c:38 #2 0x7f4f394b5e19 in pdb_generate_sam_sid ../../source3/passdb/machine_sid.c:90 #3 0x7f4f394b5e19 in get_global_sam_sid ../../source3/passdb/machine_sid.c:211 #4 0x7f4f394af366 in secrets_store_domain_sid ../../source3/passdb/machine_account_secrets.c:143 #5 0x7f4f394b5eb5 in pdb_generate_sam_sid ../../source3/passdb/machine_sid.c:110 #6 0x7f4f394b5eb5 in get_global_sam_sid ../../source3/passdb/machine_sid.c:211 #7 0x7f4f394af366 in secrets_store_domain_sid ../../source3/passdb/machine_account_secrets.c:143 #8 0x557a1f11d62c in net_setlocalsid ../../source3/utils/net.c:416 #9 0x557a1f1c9972 in net_run_function ../../source3/utils/net_util.c:464 #10 0x557a1f121129 in main ../../source3/utils/net.c:1372 #11 0x7f4f34c281af in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Jan 23 14:30:58 UTC 2024 on atb-devel-224 
Direct leak of 68 byte(s) in 1 object(s) allocated from:
    #0 0x7f4f39cdc03f in malloc (/lib64/libasan.so.8+0xdc03f) (BuildId: 3e1694ad218c99a8b1b69231666a27df63cf19d0)
    #1 0x7f4f36fbe427 in malloc_ ../../source3/lib/util_malloc.c:38
    #2 0x7f4f394b5e19 in pdb_generate_sam_sid ../../source3/passdb/machine_sid.c:90
    #3 0x7f4f394b5e19 in get_global_sam_sid ../../source3/passdb/machine_sid.c:211
    #4 0x7f4f394af366 in secrets_store_domain_sid ../../source3/passdb/machine_account_secrets.c:143
    #5 0x7f4f394b5eb5 in pdb_generate_sam_sid ../../source3/passdb/machine_sid.c:110
    #6 0x7f4f394b5eb5 in get_global_sam_sid ../../source3/passdb/machine_sid.c:211
    #7 0x7f4f394af366 in secrets_store_domain_sid ../../source3/passdb/machine_account_secrets.c:143
    #8 0x557a1f11d62c in net_setlocalsid ../../source3/utils/net.c:416
    #9 0x557a1f1c9972 in net_run_function ../../source3/utils/net_util.c:464
    #10 0x557a1f121129 in main ../../source3/utils/net.c:1372
    #11 0x7f4f34c281af in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jan 23 14:30:58 UTC 2024 on atb-devel-224
s3:passdb: Do not leak memory in pdb_tdb 2024-01-23T13:23:33+00:00 Andreas Schneider asn@samba.org 2023-10-27T10:09:53+00:00 18913d384edb8c49c69501fd6db5511312614594 ==19938==ERROR: LeakSanitizer: detected memory leaks Direct leak of 77 byte(s) in 1 object(s) allocated from: #0 0x7f7d482841f8 in strdup (/lib64/libasan.so.8+0x841f8) (BuildId: 3e1694ad218c99a8b1b69231666a27df63cf19d0) #1 0x7f7d47204846 (bin/shared/libsamba-util.so.0+0x4c846) (BuildId: 43b084eb9013442ac68eb1fc17649f142cbb0f94) #2 0x7f7d40b1d97a in pdb_init_tdbsam ../../source3/passdb/pdb_tdb.c:1361 #3 0x7f7d4715f266 (bin/shared/libsamba-passdb.so.0+0x76266) (BuildId: 13d2858e2217592a22a4ee9203fef759d52df733) #4 0x7f7d4715f57a (bin/shared/libsamba-passdb.so.0+0x7657a) (BuildId: 13d2858e2217592a22a4ee9203fef759d52df733) #5 0x7f7d47163700 (bin/shared/libsamba-passdb.so.0+0x7a700) (BuildId: 13d2858e2217592a22a4ee9203fef759d52df733) #6 0x55a9177d3853 in main ../../source3/smbd/server.c:1928 #7 0x7f7d434281af in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> 
==19938==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 77 byte(s) in 1 object(s) allocated from:
    #0 0x7f7d482841f8 in strdup (/lib64/libasan.so.8+0x841f8) (BuildId: 3e1694ad218c99a8b1b69231666a27df63cf19d0)
    #1 0x7f7d47204846  (bin/shared/libsamba-util.so.0+0x4c846) (BuildId: 43b084eb9013442ac68eb1fc17649f142cbb0f94)
    #2 0x7f7d40b1d97a in pdb_init_tdbsam ../../source3/passdb/pdb_tdb.c:1361
    #3 0x7f7d4715f266  (bin/shared/libsamba-passdb.so.0+0x76266) (BuildId: 13d2858e2217592a22a4ee9203fef759d52df733)
    #4 0x7f7d4715f57a  (bin/shared/libsamba-passdb.so.0+0x7657a) (BuildId: 13d2858e2217592a22a4ee9203fef759d52df733)
    #5 0x7f7d47163700  (bin/shared/libsamba-passdb.so.0+0x7a700) (BuildId: 13d2858e2217592a22a4ee9203fef759d52df733)
    #6 0x55a9177d3853 in main ../../source3/smbd/server.c:1928
    #7 0x7f7d434281af in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
 s3:passdb: smbpasswd reset permissions only if not 0600 2024-01-18T10:28:19+00:00 Jones Syue jonessyue@qnap.com 2024-01-12T03:52:34+00:00 c82a267b2a1b7617e818548aa486b7cfbda74657 Browsing files or download files from samba server, smbd would check user's id to decide whether this user could access these files, by lookup user's information from the password file (e.g. /usr/local/samba/private/smbpasswd). smbd might goes through startsmbfilepwent(), this api calls [f]chmod() to make sure the password file has valid permissions 0600. Consider a scenario: we are doing a read performance benchmark about downloading a bunch of files (e.g. a thousand files) from a samba server, monitoring file system i/o activities counters, and expecting that should be only read operations on file system because this is just downloading, no uploading is involved. But actually found that still write operations on file system, because smbd lookup user and always reset 0600 permissions on password file while access each file, it makes dirty pages (inode modification) in ram, later triggered a kernel journal daemon to sync dirty pages into back storage (e.g. ext3 kjournald, or ext4 jbd2). This looks like not friendly for read performance benchmark if it happened on an entry-level systems with much less memory and limited computation power, because dirty pages syncing in the meantime slows down read performance. This patch adds fstat() before [f]chmod(), it would check whether password file has valid permissions 0600 or not. If 0600 smbd would bypass [f]chmod() to avoid making dirty pages on file systems. If not 0600 smbd would warn and go through [f]chmod() to set valid permissions 0600 to password file as earlier days. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15555 Signed-off-by: Jones Syue <jonessyue@qnap.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Thu Jan 18 10:28:19 UTC 2024 on atb-devel-224 
Browsing files or download files from samba server, smbd would check user's
id to decide whether this user could access these files, by lookup user's
information from the password file (e.g. /usr/local/samba/private/smbpasswd).
smbd might goes through startsmbfilepwent(), this api calls [f]chmod() to
make sure the password file has valid permissions 0600.

Consider a scenario: we are doing a read performance benchmark about
downloading a bunch of files (e.g. a thousand files) from a samba server,
monitoring file system i/o activities counters, and expecting that should
be only read operations on file system because this is just downloading, no
uploading is involved. But actually found that still write operations on file
system, because smbd lookup user and always reset 0600 permissions on password
file while access each file, it makes dirty pages (inode modification) in ram,
later triggered a kernel journal daemon to sync dirty pages into back storage
(e.g. ext3 kjournald, or ext4 jbd2).
This looks like not friendly for read performance benchmark if it happened on
an entry-level systems with much less memory and limited computation power,
because dirty pages syncing in the meantime slows down read performance.

This patch adds fstat() before [f]chmod(), it would check whether password
file has valid permissions 0600 or not. If 0600 smbd would bypass [f]chmod()
to avoid making dirty pages on file systems. If not 0600 smbd would warn and
go through [f]chmod() to set valid permissions 0600 to password file as
earlier days.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15555

Signed-off-by: Jones Syue <jonessyue@qnap.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jan 18 10:28:19 UTC 2024 on atb-devel-224
Use python.h from libreplace 2023-11-20T15:37:33+00:00 Andreas Schneider asn@samba.org 2023-11-09T10:35:56+00:00 9621a3d7a6949aa833425884cd22379387738cfa BUG: https://bugzilla.samba.org/show_bug.cgi?id=15513 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15513

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 s3:passdb: Do not leak memory if memcache add fails 2023-10-27T05:54:33+00:00 Andreas Schneider asn@samba.org 2023-10-26T12:28:19+00:00 b3234c55743d8329ba1d387943865b23233e22c7 Indirect leak of 496 byte(s) in 1 object(s) allocated from: #0 0x7ffb062dc03f in malloc (/lib64/libasan.so.8+0xdc03f) (BuildId: 3e1694ad218c99a8b1b69231666a27df63cf19d0) #1 0x7ffb06025b3e in __talloc_with_prefix ../../lib/talloc/talloc.c:783 #2 0x7ffb06027512 in __talloc ../../lib/talloc/talloc.c:825 #3 0x7ffb06027512 in _talloc_named_const ../../lib/talloc/talloc.c:982 #4 0x7ffb06027512 in _talloc_zero ../../lib/talloc/talloc.c:2421 #5 0x7ffb05a0332c in samu_new ../../source3/passdb/passdb.c:63 #6 0x7ffb05a2031f in pdb_getsampwnam ../../source3/passdb/pdb_interface.c:351 #7 0x7ffb05a0540b in local_password_change ../../source3/passdb/passdb.c:752 #8 0x56291ddd4b8b in password_change ../../source3/utils/smbpasswd.c:273 #9 0x56291ddd5b59 in process_root ../../source3/utils/smbpasswd.c:478 #10 0x56291ddd5b59 in main ../../source3/utils/smbpasswd.c:661 #11 0x7ffb024281af in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Indirect leak of 496 byte(s) in 1 object(s) allocated from:
    #0 0x7ffb062dc03f in malloc (/lib64/libasan.so.8+0xdc03f) (BuildId: 3e1694ad218c99a8b1b69231666a27df63cf19d0)
    #1 0x7ffb06025b3e in __talloc_with_prefix ../../lib/talloc/talloc.c:783
    #2 0x7ffb06027512 in __talloc ../../lib/talloc/talloc.c:825
    #3 0x7ffb06027512 in _talloc_named_const ../../lib/talloc/talloc.c:982
    #4 0x7ffb06027512 in _talloc_zero ../../lib/talloc/talloc.c:2421
    #5 0x7ffb05a0332c in samu_new ../../source3/passdb/passdb.c:63
    #6 0x7ffb05a2031f in pdb_getsampwnam ../../source3/passdb/pdb_interface.c:351
    #7 0x7ffb05a0540b in local_password_change ../../source3/passdb/passdb.c:752
    #8 0x56291ddd4b8b in password_change ../../source3/utils/smbpasswd.c:273
    #9 0x56291ddd5b59 in process_root ../../source3/utils/smbpasswd.c:478
    #10 0x56291ddd5b59 in main ../../source3/utils/smbpasswd.c:661
    #11 0x7ffb024281af in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 s3:passdb: Fix code spelling 2023-10-25T22:23:37+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2023-09-26T23:39:03+00:00 1a670182f463f9b20cf6dc435de2726a16386b1a Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s3:passdb: Fix code formatting 2023-10-25T22:23:37+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2023-09-26T23:39:14+00:00 a0c1c4691dc394bcf407e0086fc4a6339ee2af59 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
pdb: Slightly simplify pdb_samba_dsdb_set_trusteddom_pw() 2023-10-10T23:23:40+00:00 Volker Lendecke vl@samba.org 2023-10-06T05:51:27+00:00 770f279ab751fb984e6cc8a3f80ae076c8fcad90 This is easier to read to me. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
This is easier to read to me.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
s3:passdb: Initialize ‘tm’ structure 2023-09-27T02:43:28+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2023-09-20T05:05:21+00:00 67f3fead5fe591887068cd63002d1a0b4dd8dcfa ‘tm’ must be initialized prior to calling strptime(). Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
‘tm’ must be initialized prior to calling strptime().

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
passdb: Fix a DBG statement 2023-08-14T19:53:37+00:00 Volker Lendecke vl@samba.org 2023-01-24T09:28:26+00:00 2bea8a80e576714227de8bcc61dbf2c6d1e4d744 This is not pdb_getsampwent() Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
This is not pdb_getsampwent()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>