The branch, v4-0-test has been updated
via 7ba52a1 Regression test for bug #9571 - Unlink after open causes
smbd to panic
via 35f2333 Fix bug #9571 - Unlink after open causes smbd to panic.
via 0b7a432 Fix bug #9588 - ACLs are not inherited to directories for
DFS shares.
from 8464023 ldb: Ensure to decrement the transaction_active whenever we
delete a transaction
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -----------------------------------------------------------------
commit 7ba52a12bb930cfaddc3092cac291e4f7d503c05
Author: Jeremy Allison <[email protected]>
Date: Thu Jan 24 16:20:14 2013 -0800
Regression test for bug #9571 - Unlink after open causes smbd to panic
Replicates the protocol activity that triggers the crash.
Signed-off-by: Jeremy Allison <[email protected]>
Autobuild-User(v4-0-test): Karolin Seeger <[email protected]>
Autobuild-Date(v4-0-test): Mon Jan 28 21:40:31 CET 2013 on sn-devel-104
commit 35f23335e4ff3b350d6740755823df8583b18ed9
Author: Pavel Shilovsky <[email protected]>
Date: Wed Jan 16 15:02:26 2013 +0400
Fix bug #9571 - Unlink after open causes smbd to panic.
s3:smbd: fix wrong lock order in posix unlink
Signed-off-by: Pavel Shilovsky <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
commit 0b7a43250d2102c8e884763a8d4ae00125e4bc31
Author: Jeremy Allison <[email protected]>
Date: Fri Jan 25 10:21:48 2013 -0800
Fix bug #9588 - ACLs are not inherited to directories for DFS shares.
We can return with NT_STATUS_OK in an error code path. This
has a really strange effect in that it prevents the ACL editor
in Windows XP from recursively changing ACE entries on sub-directories
after a change in a DFS-root share (we end up returning a path
that looks like: \\IPV4\share1\xptest/testdir with a mixture
of Windows and POSIX pathname separators).
Signed-off-by: Jeremy Allison <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/msdfs.c | 13 +++++++++++++
source3/smbd/trans2.c | 6 +++---
source3/torture/torture.c | 45 +++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 61 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c
index b6ebaca..ccbd89c 100644
--- a/source3/smbd/msdfs.c
+++ b/source3/smbd/msdfs.c
@@ -1000,6 +1000,19 @@ NTSTATUS get_referred_path(TALLOC_CTX *ctx,
if (!NT_STATUS_EQUAL(status, NT_STATUS_PATH_NOT_COVERED)) {
DEBUG(3,("get_referred_path: No valid referrals for path %s\n",
dfs_path));
+ if (NT_STATUS_IS_OK(status)) {
+ /*
+ * We are in an error path here (we
+ * know it's not a DFS path), but
+ * dfs_path_lookup() can return
+ * NT_STATUS_OK. Ensure we always
+ * return a valid error code.
+ *
+ * #9588 - ACLs are not inherited to directories
+ * for DFS shares.
+ */
+ status = NT_STATUS_NOT_FOUND;
+ }
goto err_exit;
}
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 9b15698..27ff550 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -7662,8 +7662,8 @@ static NTSTATUS smb_posix_unlink(connection_struct *conn,
continue;
}
/* Fail with sharing violation. */
- close_file(req, fsp, NORMAL_CLOSE);
TALLOC_FREE(lck);
+ close_file(req, fsp, NORMAL_CLOSE);
return NT_STATUS_SHARING_VIOLATION;
}
}
@@ -7677,12 +7677,12 @@ static NTSTATUS smb_posix_unlink(connection_struct
*conn,
fsp,
smb_fname);
+ TALLOC_FREE(lck);
+
if (!NT_STATUS_IS_OK(status)) {
close_file(req, fsp, NORMAL_CLOSE);
- TALLOC_FREE(lck);
return status;
}
- TALLOC_FREE(lck);
return close_file(req, fsp, NORMAL_CLOSE);
}
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index 0cca680..cd885a1 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -5368,6 +5368,8 @@ static bool run_simple_posix_open_test(int dummy)
bool correct = false;
NTSTATUS status;
size_t nread;
+ const char *fname_windows = "windows_file";
+ uint16_t fnum2 = (uint16_t)-1;
printf("Starting simple POSIX open test\n");
@@ -5390,6 +5392,8 @@ static bool run_simple_posix_open_test(int dummy)
cli_posix_unlink(cli1, hname);
cli_setatr(cli1, sname, 0, 0);
cli_posix_unlink(cli1, sname);
+ cli_setatr(cli1, fname_windows, 0, 0);
+ cli_posix_unlink(cli1, fname_windows);
/* Create a directory. */
status = cli_posix_mkdir(cli1, dname, 0777);
@@ -5681,6 +5685,40 @@ static bool run_simple_posix_open_test(int dummy)
goto out;
}
+ /*
+ * Now create a Windows file, and attempt a POSIX unlink.
+ * This should fail with a sharing violation but due to:
+ *
+ * [Bug 9571] Unlink after open causes smbd to panic
+ *
+ * ensure we've fixed the lock ordering violation.
+ */
+
+ status = cli_ntcreate(cli1, fname_windows, 0,
+ FILE_READ_DATA|FILE_WRITE_DATA, 0,
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
+ FILE_CREATE,
+ 0x0, 0x0, &fnum2);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("Windows create of %s failed (%s)\n", fname_windows,
+ nt_errstr(status));
+ goto out;
+ }
+
+ /* Now try posix_unlink. */
+ status = cli_posix_unlink(cli1, fname_windows);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION)) {
+ printf("POSIX unlink of %s should fail "
+ "with NT_STATUS_SHARING_VIOLATION "
+ "got %s instead !\n",
+ fname_windows,
+ nt_errstr(status));
+ goto out;
+ }
+
+ cli_close(cli1, fnum2);
+
printf("Simple POSIX open test passed\n");
correct = true;
@@ -5691,6 +5729,11 @@ static bool run_simple_posix_open_test(int dummy)
fnum1 = (uint16_t)-1;
}
+ if (fnum2 != (uint16_t)-1) {
+ cli_close(cli1, fnum2);
+ fnum2 = (uint16_t)-1;
+ }
+
cli_setatr(cli1, sname, 0, 0);
cli_posix_unlink(cli1, sname);
cli_setatr(cli1, hname, 0, 0);
@@ -5699,6 +5742,8 @@ static bool run_simple_posix_open_test(int dummy)
cli_posix_unlink(cli1, fname);
cli_setatr(cli1, dname, 0, 0);
cli_posix_rmdir(cli1, dname);
+ cli_setatr(cli1, fname_windows, 0, 0);
+ cli_posix_unlink(cli1, fname_windows);
if (!torture_close_connection(cli1)) {
correct = false;
--
Samba Shared Repository
