[SCM] Samba Shared Repository - branch master updated

Stefan Metzmacher Mon, 28 Jan 2013 06:36:35 -0800

The branch, master has been updated
       via  e104e5a Regression test for bug #9571 - Unlink after open causes 
smbd to panic
       via  578909a Fix bug #9571 - Unlink after open causes smbd to panic.
      from  34854ae Fix bug #9588 - ACLs are not inherited to directories for 
DFS shares.


http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit e104e5a8192e9d9a2637035bec343de3c35ca21e
Author: Jeremy Allison <j...@samba.org>
Date:   Thu Jan 24 16:20:14 2013 -0800

    Regression test for bug #9571 - Unlink after open causes smbd to panic
    
    Replicates the protocol activity that triggers the crash.
    
    Signed-off-by: Jeremy Allison <j...@samba.org>
    Reviewed-by: Stefan Metzmacher <me...@samba.org>
    
    Autobuild-User(master): Stefan Metzmacher <me...@samba.org>
    Autobuild-Date(master): Mon Jan 28 15:33:17 CET 2013 on sn-devel-104

commit 578909ae19d7ec9dacb960626bd1985a2915365b
Author: Pavel Shilovsky <pias...@etersoft.ru>
Date:   Wed Jan 16 15:02:26 2013 +0400

    Fix bug #9571 - Unlink after open causes smbd to panic.
    
    s3:smbd: fix wrong lock order in posix unlink
    
    Signed-off-by: Pavel Shilovsky <pias...@etersoft.ru>
    
    Reviewed-by: Jeremy Allison <j...@samba.org>
    Reviewed-by: Stefan Metzmacher <me...@samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source3/smbd/trans2.c     |    6 +++---
 source3/torture/torture.c |   44 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 47 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 9c77f4d..92d047a 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -7663,8 +7663,8 @@ static NTSTATUS smb_posix_unlink(connection_struct *conn,
                                continue;
                        }
                        /* Fail with sharing violation. */
-                       close_file(req, fsp, NORMAL_CLOSE);
                        TALLOC_FREE(lck);
+                       close_file(req, fsp, NORMAL_CLOSE);
                        return NT_STATUS_SHARING_VIOLATION;
                }
        }
@@ -7678,12 +7678,12 @@ static NTSTATUS smb_posix_unlink(connection_struct 
*conn,
                                                fsp,
                                                smb_fname);
 
+       TALLOC_FREE(lck);
+
        if (!NT_STATUS_IS_OK(status)) {
                close_file(req, fsp, NORMAL_CLOSE);
-               TALLOC_FREE(lck);
                return status;
        }
-       TALLOC_FREE(lck);
        return close_file(req, fsp, NORMAL_CLOSE);
 }
 
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index 799c911..b59ac30 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -5368,6 +5368,8 @@ static bool run_simple_posix_open_test(int dummy)
        bool correct = false;
        NTSTATUS status;
        size_t nread;
+       const char *fname_windows = "windows_file";
+       uint16_t fnum2 = (uint16_t)-1;
 
        printf("Starting simple POSIX open test\n");
 
@@ -5390,6 +5392,8 @@ static bool run_simple_posix_open_test(int dummy)
        cli_posix_unlink(cli1, hname);
        cli_setatr(cli1, sname, 0, 0);
        cli_posix_unlink(cli1, sname);
+       cli_setatr(cli1, fname_windows, 0, 0);
+       cli_posix_unlink(cli1, fname_windows);
 
        /* Create a directory. */
        status = cli_posix_mkdir(cli1, dname, 0777);
@@ -5681,6 +5685,39 @@ static bool run_simple_posix_open_test(int dummy)
                goto out;
        }
 
+       /*
+        * Now create a Windows file, and attempt a POSIX unlink.
+        * This should fail with a sharing violation but due to:
+        *
+        * [Bug 9571] Unlink after open causes smbd to panic
+        *
+        * ensure we've fixed the lock ordering violation.
+        */
+
+       status = cli_ntcreate(cli1, fname_windows, 0,
+                       FILE_READ_DATA|FILE_WRITE_DATA, 0,
+                       FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
+                       FILE_CREATE,
+                       0x0, 0x0, &fnum2);
+       if (!NT_STATUS_IS_OK(status)) {
+               printf("Windows create of %s failed (%s)\n", fname_windows,
+                       nt_errstr(status));
+               goto out;
+       }
+
+       /* Now try posix_unlink. */
+       status = cli_posix_unlink(cli1, fname_windows);
+       if (!NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION)) {
+               printf("POSIX unlink of %s should fail "
+                       "with NT_STATUS_SHARING_VIOLATION "
+                       "got %s instead !\n",
+                       fname_windows,
+                       nt_errstr(status));
+               goto out;
+       }
+
+       cli_close(cli1, fnum2);
+
        printf("Simple POSIX open test passed\n");
        correct = true;
 
@@ -5691,6 +5728,11 @@ static bool run_simple_posix_open_test(int dummy)
                fnum1 = (uint16_t)-1;
        }
 
+       if (fnum2 != (uint16_t)-1) {
+               cli_close(cli1, fnum2);
+               fnum2 = (uint16_t)-1;
+       }
+
        cli_setatr(cli1, sname, 0, 0);
        cli_posix_unlink(cli1, sname);
        cli_setatr(cli1, hname, 0, 0);
@@ -5699,6 +5741,8 @@ static bool run_simple_posix_open_test(int dummy)
        cli_posix_unlink(cli1, fname);
        cli_setatr(cli1, dname, 0, 0);
        cli_posix_rmdir(cli1, dname);
+       cli_setatr(cli1, fname_windows, 0, 0);
+       cli_posix_unlink(cli1, fname_windows);
 
        if (!torture_close_connection(cli1)) {
                correct = false;


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

Reply via email to