The branch, v4-4-stable has been updated
via fcdc0fa VERSION: Disable GIT_SNAPSHOTS for the Samba 4.4.11 release.
via c31433a WHATSNEW: Fix date.
via c248e53 WHATSNEW: Add release notes for Samba 4.4.11.
via 699c336 manpages/vfs_fruit: document global options
via 23389b7 s4/torture: some tests for kernel oplocks
via 5c0b988 s3/selftest: adopt config.h check from source4
via 7e436a3 s3/smbd: fix deferred open with streams and kernel oplocks
via ec6794d s3/smbd: all callers of defer_open() pass a lck
via 9bbccbb s3/smbd: remove async_open arg from defer_open()
via 5e94b38 s3/smbd: fix schedule_async_open() timer
via 621abab s3/smbd: add and use retry_open() instead of defer_open()
in two places
via ad3217c s3/smbd: simplify defer_open()
via a8db18a s3/smbd: req is already validated at the beginning of
open_file_ntcreate()
via 68c6af1 s3/smbd: add comments and some reformatting to
open_file_ntcreate()
via 1a15e42 s3/smbd: add const to get_lease_type() args
via 6bd678c s3/wscript: fix Linux kernel oplock detection
via 213759f replace: Include sysmacros.h
via 9359b07 smbd: Do an early exit on negprot failure
via b86d92b vfs_fruit: enabling AAPL extensions must be a global switch
via 083ff22 s3: smbd: Restart reading the incoming SMB2 fd when the
send queue is drained.
via 3f71253 s3:winbindd: fix endless forest trust scan
via 0915fd4 vfs_fruit: only veto AppleDouble files with
fruit:resource=file
via 38d0286 VERSION: Bump version up to 4.4.11...
from 51ad60b VERSION: Disable GIT_SNAPSHOTS for the 4.4.10 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-4-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 59 +++++-
docs-xml/manpages/vfs_fruit.8.xml | 161 ++++++++++------
lib/replace/replace.h | 4 +
selftest/target/Samba3.pm | 4 +
source3/modules/vfs_fruit.c | 21 +-
source3/selftest/tests.py | 36 ++--
source3/smbd/negprot.c | 23 ++-
source3/smbd/open.c | 390 +++++++++++++++++++++++++++-----------
source3/smbd/oplock.c | 3 +-
source3/smbd/proto.h | 3 +-
source3/smbd/smb2_server.c | 14 +-
source3/winbindd/winbindd_ads.c | 8 +
source3/winbindd/winbindd_util.c | 22 +++
source3/wscript | 6 +-
source4/selftest/tests.py | 2 +-
source4/torture/smb2/oplock.c | 140 ++++++++++++++
source4/torture/smb2/smb2.c | 1 +
18 files changed, 699 insertions(+), 200 deletions(-)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 6d585b7..9421ebb 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=4
-SAMBA_VERSION_RELEASE=10
+SAMBA_VERSION_RELEASE=11
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 7f74f34..60ee82f 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,59 @@
==============================
+ Release Notes for Samba 4.4.11
+ March 16, 2017
+ ==============================
+
+
+This is the latest stable release of Samba 4.4. Please note that this will
+very likely be the last maintenance release of the Samba 4.4 release branch.
+
+
+Changes since 4.4.10:
+---------------------
+
+o Jeremy Allison <[email protected]>
+ * BUG 12608: s3: smbd: Restart reading the incoming SMB2 fd when the send
+ queue is drained.
+
+o Ralph Boehme <[email protected]>
+ * BUG 7537: s3/smbd: Fix deferred open with streams and kernel oplocks.
+ * BUG 12604: vfs_fruit: Enabling AAPL extensions must be a global switch.
+ * BUG 12615: manpages/vfs_fruit: Document global options.
+
+o Volker Lendecke <[email protected]>
+ * BUG 12610: smbd: Do an early exit on negprot failure.
+
+o Stefan Metzmacher <[email protected]>
+ * BUG 11830: s3:winbindd: Fix endless forest trust scan.
+
+o Andreas Schneider <[email protected]>
+ * BUG 12686: Fix build with newer glibc.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+ ==============================
Release Notes for Samba 4.4.10
March 1, 2017
==============================
@@ -102,8 +157,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
=============================
Release Notes for Samba 4.4.9
diff --git a/docs-xml/manpages/vfs_fruit.8.xml
b/docs-xml/manpages/vfs_fruit.8.xml
index 0f4d941..74cdd5e 100644
--- a/docs-xml/manpages/vfs_fruit.8.xml
+++ b/docs-xml/manpages/vfs_fruit.8.xml
@@ -71,8 +71,81 @@
</refsect1>
<refsect1>
+ <title>GLOBAL OPTIONS</title>
+
+ <para>The following options must be set in the global smb.conf section
+ and won't take effect when set per share.</para>
+
+ <variablelist>
+
+ <varlistentry>
+ <term>fruit:aapl = yes | no</term>
+ <listitem>
+ <para>A <emphasis>global</emphasis> option whether to enable
Apple's SMB2+
+ extension codenamed AAPL. Default
+ <emphasis>yes</emphasis>. This extension enhances
+ several deficiencies when connecting from Macs:</para>
+
+ <itemizedlist>
+ <listitem><para>directory enumeration is enriched with
+ Mac relevant filesystem metadata (UNIX mode,
+ FinderInfo, resource fork size and effective
+ permission), as a result the Mac client doesn't need
+ to fetch this metadata individuallly per directory
+ entry resulting in an often tremendous performance
+ increase.</para></listitem>
+
+ <listitem><para>The ability to query and modify the
+ UNIX mode of directory entries.</para></listitem>
+ </itemizedlist>
+
+ <para>There's a set of per share options that come into play when
+ <emphasis>fruit:aapl</emphasis> is enabled. These opions, listed
+ below, can be used to disable the computation of specific Mac
+ metadata in the directory enumeration context, all are enabled by
+ default:</para>
+
+ <itemizedlist>
+ <listitem><para>readdir_attr:aapl_rsize = yes |
no</para></listitem>
+ <listitem><para>readdir_attr:aapl_finder_info = yes |
no</para></listitem>
+ <listitem><para>readdir_attr:aapl_max_access = yes |
no</para></listitem>
+ </itemizedlist>
+
+ <para>See below for a description of these options.</para>
+
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>fruit:nfs_aces = yes | no</term>
+ <listitem>
+ <para>A <emphasis>global</emphasis> option whether support for
+ querying and modifying the UNIX mode of directory entries via NFS
+ ACEs is enabled, default <emphasis>yes</emphasis>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>fruit:copyfile = yes | no</term>
+ <listitem>
+ <para>A <emphasis>global</emphasis> option whether to enable OS X
+ specific copychunk ioctl that requests a copy of a whole file
+ along with all attached metadata.</para>
+ <para>WARNING: the copyfile request is blocking the
+ client while the server does the copy.</para>.
+ <para>The default is <emphasis>no</emphasis>.</para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+</refsect1>
+
+<refsect1>
<title>OPTIONS</title>
+ <para>The following options can be set either in the global smb.conf
section
+ or per share.</para>
+
<variablelist>
<varlistentry>
@@ -177,85 +250,59 @@
</varlistentry>
<varlistentry>
- <term>fruit:aapl = yes | no</term>
+ <term>fruit:veto_appledouble = yes | no</term>
<listitem>
- <para>A global option whether to enable Apple's SMB2+
- extension codenamed AAPL. Default
- <emphasis>yes</emphasis>. This extension enhances
- several deficiencies when connecting from Macs:</para>
-
- <itemizedlist>
- <listitem><para>directory enumeration is enriched with
- Mac relevant filesystem metadata (UNIX mode,
- FinderInfo, resource fork size and effective
- permission), as a result the Mac client doesn't need
- to fetch this metadata individuallly per directory
- entry resulting in an often tremendous performance
- increase.</para></listitem>
-
- <listitem><para>The ability to query and modify the
- UNIX mode of directory entries.</para></listitem>
- </itemizedlist>
-
- <para>There's a set of per share options that can be
- used to disable the computation of specific Mac metadata
- in the directory enumeration context, all are enabled by
- default:</para>
-
- <itemizedlist>
- <listitem><para>readdir_attr:aapl_rsize = true |
false</para></listitem>
- <listitem><para>readdir_attr:aapl_finder_info = true |
false</para></listitem>
- <listitem><para>readdir_attr:aapl_max_access = true |
false</para></listitem>
- </itemizedlist>
-
+ <para><emphasis>Note:</emphasis> this option only applies when
+ <parameter>fruit:resource</parameter> is set to
+ <parameter>file</parameter> (the default).</para>
+
+ <para>When <parameter>fruit:resource</parameter> is set to
+ <parameter>file</parameter>, vfs_fruit may create ._ AppleDouble
+ files. This options controls whether these ._ AppleDouble files
+ are vetoed which prevents the client from accessing them.</para>
+ <para>Vetoing ._ files may break some applications, eg
+ extracting Mac ZIP archives from Mac clients failes,
+ because they contain ._ files. Setting this option to
+ false will fix this, but the abstraction leak of
+ exposing the internally created ._ files may have other
+ unknown side effects.</para>
+ <para>The default is <emphasis>yes</emphasis>.</para>
</listitem>
</varlistentry>
<varlistentry>
- <term>fruit:nfs_aces = yes | no</term>
+ <term>fruit:posix_rename = yes | no</term>
<listitem>
- <para>Whether support for querying and modifying the
- UNIX mode of directory entries via NFS ACEs is enabled,
- default <emphasis>yes</emphasis>.</para>
+ <para>Whether to enable POSIX directory rename behaviour
+ for OS X clients. Without this, directories can't be
+ renamed if any client has any file inside it
+ (recursive!) open.</para>
+ <para>The default is <emphasis>yes</emphasis>.</para>
</listitem>
</varlistentry>
<varlistentry>
- <term>fruit:veto_appledouble = yes | no</term>
+ <term>readdir_attr:aapl_rsize = yes | no</term>
<listitem>
- <para>Whether ._ AppleDouble files are vetoed which
- prevents the client from seing and accessing internal
- AppleDouble files created by vfs_fruit itself for the
- purpose of storing a Mac resource fork.</para>
- <para>Vetoing ._ files may break some applications, eg
- extracting Mac ZIP archives from Mac clients failes,
- because they contain ._ files. Setting this option to
- false will fix this, but the abstraction leak of
- exposing the internally created ._ files may have other
- unknown side effects.</para>
+ <para>Return resource fork size in SMB2 FIND responses.</para>
<para>The default is <emphasis>yes</emphasis>.</para>
</listitem>
</varlistentry>
<varlistentry>
- <term>fruit:copyfile = yes | no</term>
+ <term>readdir_attr:aapl_finder_info = yes | no</term>
<listitem>
- <para>Whether to enable OS X specific copychunk ioctl
- that requests a copy of a whole file along with all
- attached metadata.</para>
- <para>WARNING: the copyfile request is blocking the
- client while the server does the copy.</para>.
- <para>The default is <emphasis>no</emphasis>.</para>
+ <para>Return FinderInfo in SMB2 FIND responses.</para>
+ <para>The default is <emphasis>yes</emphasis>.</para>
</listitem>
</varlistentry>
<varlistentry>
- <term>fruit:posix_rename = yes | no</term>
+ <term>readdir_attr:aapl_max_access = yes | no</term>
<listitem>
- <para>Whether to enable POSIX directory rename behaviour
- for OS X clients. Without this, directories can't be
- renamed if any client has any file inside it
- (recursive!) open.</para>
+ <para>Return the user's effective maximum permissions in SMB2 FIND
+ responses. This is an expensive computation, setting this to off
+ pretends the use has maximum effective permissions.</para>
<para>The default is <emphasis>yes</emphasis>.</para>
</listitem>
</varlistentry>
diff --git a/lib/replace/replace.h b/lib/replace/replace.h
index 7080373..926b353 100644
--- a/lib/replace/replace.h
+++ b/lib/replace/replace.h
@@ -171,6 +171,10 @@
#include <sys/types.h>
#endif
+#ifdef HAVE_SYS_SYSMACROS_H
+#include <sys/sysmacros.h>
+#endif
+
#ifdef HAVE_SETPROCTITLE_H
#include <setproctitle.h>
#endif
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 4596a0a..619ae1e 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -1717,6 +1717,10 @@ sub provision($$$$$$$$)
copy = tmp
acl_xattr:ignore system acls = yes
acl_xattr:default acl style = windows
+[kernel_oplocks]
+ copy = tmp
+ kernel oplocks = yes
+ vfs objects = streams_xattr xattr_tdb
";
close(CONF);
diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
index ecd150e..6ef27da 100644
--- a/source3/modules/vfs_fruit.c
+++ b/source3/modules/vfs_fruit.c
@@ -94,6 +94,11 @@
static int vfs_fruit_debug_level = DBGC_VFS;
+static struct global_fruit_config {
+ bool nego_aapl; /* client negotiated AAPL */
+
+} global_fruit_config;
+
#undef DBGC_CLASS
#define DBGC_CLASS vfs_fruit_debug_level
@@ -126,7 +131,6 @@ struct fruit_config_data {
enum fruit_locking locking;
enum fruit_encoding encoding;
bool use_aapl; /* config from smb.conf */
- bool nego_aapl; /* client negotiated AAPL */
bool use_copyfile;
bool readdir_attr_enabled;
bool unix_info_enabled;
@@ -1343,9 +1347,12 @@ static int init_fruit_config(vfs_handle_struct *handle)
}
config->encoding = (enum fruit_encoding)enumval;
- config->veto_appledouble = lp_parm_bool(
- SNUM(handle->conn), FRUIT_PARAM_TYPE_NAME,
- "veto_appledouble", true);
+ if (config->rsrc == FRUIT_RSRC_ADFILE) {
+ config->veto_appledouble = lp_parm_bool(SNUM(handle->conn),
+ FRUIT_PARAM_TYPE_NAME,
+ "veto_appledouble",
+ true);
+ }
config->use_aapl = lp_parm_bool(
-1, FRUIT_PARAM_TYPE_NAME, "aapl", true);
@@ -1932,7 +1939,7 @@ static NTSTATUS check_aapl(vfs_handle_struct *handle,
SMB2_CREATE_TAG_AAPL,
blob);
if (NT_STATUS_IS_OK(status)) {
- config->nego_aapl = true;
+ global_fruit_config.nego_aapl = true;
}
return status;
@@ -3419,7 +3426,7 @@ static NTSTATUS fruit_create_file(vfs_handle_struct
*handle,
fsp = *result;
- if (config->nego_aapl) {
+ if (global_fruit_config.nego_aapl) {
if (config->copyfile_enabled) {
/*
* Set a flag in the fsp. Gets used in
@@ -3496,7 +3503,7 @@ static NTSTATUS fruit_readdir_attr(struct
vfs_handle_struct *handle,
struct fruit_config_data,
return NT_STATUS_UNSUCCESSFUL);
- if (!config->nego_aapl) {
+ if (!global_fruit_config.nego_aapl) {
return SMB_VFS_NEXT_READDIR_ATTR(handle, fname, mem_ctx,
pattr_data);
}
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index fd4f615..9915fb6 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -36,6 +36,26 @@ def plansmbtorture4testsuite(name, env, options,
description=''):
selftesthelpers.plansmbtorture4testsuite(
name, env, options, target='samba3', modname=modname)
+# find config.h
+try:
+ config_h = os.environ["CONFIG_H"]
+except KeyError:
+ samba4bindir = bindir()
+ config_h = os.path.join(samba4bindir, "default/include/config.h")
+
+# check available features
+config_hash = dict()
+f = open(config_h, 'r')
+try:
+ lines = f.readlines()
+ config_hash = dict((x[0], ' '.join(x[1:]))
+ for x in map(lambda line: line.strip().split(' ')[1:],
+ filter(lambda line: (line[0:7] == '#define') and
(len(line.split(' ')) > 2), lines)))
+finally:
+ f.close()
+
+have_libarchive = ("HAVE_LIBARCHIVE" in config_hash)
+have_linux_kernel_oplocks = ("HAVE_KERNEL_OPLOCKS_LINUX" in config_hash)
plantestsuite("samba3.blackbox.success", "nt4_dc:local",
[os.path.join(samba3srcdir, "script/tests/test_success.sh")])
plantestsuite("samba3.blackbox.failure", "nt4_dc:local",
[os.path.join(samba3srcdir, "script/tests/test_failure.sh")])
@@ -194,19 +214,6 @@ for env in ["fileserver"]:
# tar command tests
#
- # find config.h
- try:
- config_h = os.environ["CONFIG_H"]
- except KeyError:
- config_h = os.path.join(samba4bindir, "default/include/config.h")
-
- # see if libarchive is supported
- f = open(config_h, 'r')
- try:
- have_libarchive = ("HAVE_LIBARCHIVE 1" in f.read())
- finally:
- f.close()
-
# tar command enabled only if built with libarchive
if have_libarchive:
# Test smbclient/tarmode
@@ -412,6 +419,9 @@ for t in tests:
plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp
-U$USERNAME%$PASSWORD --signing=required')
elif t == "smb2.dosmode":
plansmbtorture4testsuite(t, "simpleserver", '//$SERVER/dosmode
-U$USERNAME%$PASSWORD')
+ elif t == "smb2.kernel-oplocks":
+ if have_linux_kernel_oplocks:
+ plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER/kernel_oplocks
-U$USERNAME%$PASSWORD')
elif t == "vfs.acl_xattr":
plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp
-U$USERNAME%$PASSWORD')
else:
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index 793306a..176dbd7 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -723,17 +723,26 @@ void reply_negprot(struct smb_request *req)
break;
}
- if(choice != -1) {
- fstrcpy(remote_proto,supported_protocols[protocol].short_name);
- reload_services(sconn, conn_snum_used, true);
- supported_protocols[protocol].proto_reply_fn(req, choice);
- DEBUG(3,("Selected protocol
%s\n",supported_protocols[protocol].proto_name));
- } else {
- DEBUG(0,("No protocol supported !\n"));
+ if (choice == -1) {
+ bool ok;
+
+ DBG_NOTICE("No protocol supported !\n");
reply_outbuf(req, 1, 0);
SSVAL(req->outbuf, smb_vwv0, choice);
+
+ ok = srv_send_smb(xconn, (char *)req->outbuf,
+ false, 0, false, NULL);
+ if (!ok) {
+ DBG_NOTICE("srv_send_smb failed\n");
+ }
+ exit_server_cleanly("no protocol supported\n");
}
+ fstrcpy(remote_proto,supported_protocols[protocol].short_name);
+ reload_services(sconn, conn_snum_used, true);
+ supported_protocols[protocol].proto_reply_fn(req, choice);
+ DEBUG(3,("Selected protocol
%s\n",supported_protocols[protocol].proto_name));
+
DEBUG( 5, ( "negprot index=%d\n", choice ) );
/* We always have xconn->smb1.signing_state also for >= SMB2_02 */
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 25cf417..1c67684 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -44,6 +44,13 @@ struct deferred_open_record {
bool delayed_for_oplocks;
bool async_open;
struct file_id id;
+
+ /*
+ * Timer for async opens, needed because they don't use a watch on
+ * a locking.tdb record. This is currently only used for real async
+ * opens and just terminates smbd if the async open times out.
--
Samba Shared Repository
