The branch, v4-5-test has been updated via d537977 VERSION: Up to Samba 4.5.8. via 28b3311 Merge tag 'samba-4.5.7' into v4-5-test via 3da28b8 VERSION: Disable GIT_SNAPSHOTS for the 4.5.7 release. via 818dd9e WHATSNEW: Add release notes for Samba 4.5.7. via 3bae150 CVE-2017-2619: s3: smbd: Use the new non_widelink_open() function. via 444d49b CVE-2017-2619: s3: smbd: Add the core functions to prevent symlink open races. via 7942f9d CVE-2017-2619: s3: smbd: Move special handling of symlink errno's into a utility function. via 52a1765 CVE-2017-2619: s3: smbd: Remove O_NOFOLLOW guards. We insist on O_NOFOLLOW existing. via e413f14 CVE-2017-2619: s3: smbd: Correctly fallback to open_dir_safely if FDOPENDIR not supported on system. via 2594b8b CVE-2017-2619: s3: smbd: Move the reference counting and destructor setup to just before retuning success. via 7e915c8 CVE-2017-2619: s3: smbd: OpenDir_fsp() - Fix memory leak on error. via 5e75a52 CVE-2017-2619: s3: smbd: OpenDir_fsp() use early returns. via 3e2bb3f CVE-2017-2619: s3: smbd: Create and use open_dir_safely(). Use from OpenDir(). via 039eb4a CVE-2017-2619: s3: smbd: Opendir_internal() early return if SMB_VFS_OPENDIR failed. via 92f17bb CVE-2017-2619: s3: smbd: Create wrapper function for OpenDir in preparation for making robust. via 0d6b518 CVE-2017-2619: s4/torture: add SMB2_FIND tests with SMB2_CONTINUE_FLAG_REOPEN flag via 5ef7df6 CVE-2017-2619: s3/smbd: re-open directory after dptr_CloseDir() via cac3807 VERSION: Bump version up to 4.5.7... via 6226261 replace: Include sysmacros.h via 708b1e2 manpages/vfs_fruit: document global options via f70070c s4/torture: some tests for kernel oplocks via e103ad5 s3/selftest: adopt config.h check from source4 via a54aa79 s3/smbd: fix deferred open with streams and kernel oplocks via 1b5e504 s3/smbd: all callers of defer_open() pass a lck via 5f09845 s3/smbd: remove async_open arg from defer_open() via 5e02ff1 s3/smbd: fix schedule_async_open() timer via 6f7f844 s3/smbd: add and use retry_open() instead of defer_open() in two places via 8707c86 s3/smbd: simplify defer_open() via 32faf95 s3/smbd: req is already validated at the beginning of open_file_ntcreate() via 5263453 s3/smbd: add comments and some reformatting to open_file_ntcreate() via c0d2c63 s3/smbd: add const to get_lease_type() args via 8f4bb3a s3/wscript: fix Linux kernel oplock detection from 73f6042 smbd: Do an early exit on negprot failure
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-5-test - Log ----------------------------------------------------------------- commit d537977721ee10d198ced5fd6ab141fe0636e28e Author: Karolin Seeger <ksee...@samba.org> Date: Thu Mar 23 10:20:48 2017 +0100 VERSION: Up to Samba 4.5.8. Signed-off-by: Karolin Seeger <ksee...@samba.org> commit 28b331169739c50c0b0565dbae05e996ac967990 Merge: 6226261 3da28b8 Author: Karolin Seeger <ksee...@samba.org> Date: Thu Mar 23 10:20:28 2017 +0100 Merge tag 'samba-4.5.7' into v4-5-test samba: tag release samba-4.5.7 commit 62262616abadb1dcf840ca3b864a3e4ed5e8db43 Author: Andreas Schneider <a...@samba.org> Date: Thu Jan 5 09:34:36 2017 +0100 replace: Include sysmacros.h In the GNU C Library, "makedev" is defined by <sys/sysmacros.h>. For historical compatibility, it is currently defined by <sys/types.h> as well, but it is planned to remove this soon. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12686 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> (cherry picked from commit 0127bdd33b251a52c6ffc44b6cb3b82b16a80741) commit 708b1e20f9106743750c2febf52c8367d3875e80 Author: Ralph Boehme <s...@samba.org> Date: Tue Mar 7 18:10:56 2017 +0100 manpages/vfs_fruit: document global options Some options MUST be set in the global section, better document that. Bug: https://bugzilla.samba.org/show_bug.cgi?id=12615 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> (cherry picked from commit 0c212c50b59081583572f807cf5214037d1517c4) commit f70070cb0e6b6623b706c192542c508c1c4ddffe Author: Ralph Boehme <s...@samba.org> Date: Wed Mar 1 18:13:35 2017 +0100 s4/torture: some tests for kernel oplocks Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> (backported from commit fd03420c4f59d3248b80d07a302d1404ce78b09f) commit e103ad524f307a15d09d573c1215a8dda001042f Author: Ralph Boehme <s...@samba.org> Date: Wed Mar 8 07:18:36 2017 +0100 s3/selftest: adopt config.h check from source4 No change in behaviour. Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> (backported from commit 6e54d8d2bda2c9232676f8c08c626f22de50f52b) commit a54aa79b3e5c50ed2896df94993da6a89e9127f4 Author: Ralph Boehme <s...@samba.org> Date: Tue Mar 7 16:27:39 2017 +0100 s3/smbd: fix deferred open with streams and kernel oplocks I noticed smbd can get stuck in an open() call with kernel oplocks enabled and named streams (provided by vfs_streams_xattr): - client opens a file and with an exclusive oplock - client starts writing to the file - client opens an existing stream of the file - the smbd process gets stuck in an open() What happens is: we had setup a locking.tdb record watch in defer_open(), the watch was triggered, we reattempted the open and got stuck in a blocking open because the oplock holder (ourselves) hadn't given up the oplock yet. Cf e576bf5310bc9de9686a71539e9a1b60b4fba5cc for the commit that added the kernel oplock retry logic. tldr: with kernel oplocks the first open is non-blocking, but the second one is blocking. Detailed analysis follows. When opening a named stream of a file, Samba internally opens the underlying "base" file first. This internal open of the basefile suceeds and does *not* trigger an oplock break (because it is an internal open that doesn't call open() at all) but it is added as an entry to the locking.tdb record of the file. Next, the stream open ends up in streams_xattr where a non-blocking open() on the base file is called. This open fails with EWOULDBLOCK because we have another fd with a kernel oplock on the file. So we call defer_open() which sets up a watch on the locking.tdb record. In the subsequent error unwinding code in open_file_ntcreate() and callers we close the internal open file handle of the basefile which also removes the entry from the locking.tdb record and so *changes the record*. This fires the record watch and in the callback defer_open_done() we don't check whether the condition (oplock gone) we're interested in is actually met. The callback blindly reschedules the open request with schedule_deferred_open_message_smb(). schedule_deferred_open_message_smb() schedules an immediate tevent event which has precedence over the IPC fd events in messaging, so the open is always (!) reattempted before processing the oplock break message. As explained above, this second open will be a blocking one so we get stuck in a blocking open. It doesn't help to make all opens non-blocking, that would just result in a busy loop failing the open, as we never process the oplock break message (remember, schedule_deferred_open_message_smb() used immediate tevent events). To fix this we must add some logic to the record watch callback to check whether the record watch was done for a kernel oplock file and if yes, check if the oplock state changed. If not, simply reschedule the deferred open and keep waiting. This logic is only needed for kernel oplocks, not for Samba-level oplocks, because there's no risk of deadlocking, the worst that can happen is a rescheduled open that fails again in the oplock checks and gets deferred again. Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> (cherry picked from commit b35a296a27a0807c780f2a9e7af2f2e93feefaa8) commit 1b5e50400c32bd5941ed6a3149dd814295359a24 Author: Ralph Boehme <s...@samba.org> Date: Tue Mar 7 15:48:05 2017 +0100 s3/smbd: all callers of defer_open() pass a lck No change in behaviour. Update the function comment explaining how it works and relies on lck for a record watch. Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> (cherry picked from commit 1a6c82e5d5a3462827ee3fe1edab01f535f831a9) commit 5f0984590154153ef91f884416994f0ad7d54f93 Author: Ralph Boehme <s...@samba.org> Date: Tue Mar 7 19:11:20 2017 +0100 s3/smbd: remove async_open arg from defer_open() All remaining callers pass false. Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> (cherry picked from commit 7fa2f1159437c9f1aa47f51e65655b4d9afa5c0a) commit 5e02ff151fdce4ac41e4932b1aaea99cb23fbc27 Author: Ralph Boehme <s...@samba.org> Date: Tue Mar 7 15:33:55 2017 +0100 s3/smbd: fix schedule_async_open() timer schedule_async_open() was calling defer_open with sharemode lock = NULL, as a result there was never an active 20 s timeout. This has been broken since the commits in $ git log --reverse -p -10 8283fd0e0090ed12b0b12d5acb550642d621b026 Just roll our own deferred record instead of calling defer_open() and also set up timer that, as a last resort, catches stuck opens and just exits for now. Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> (cherry picked from commit ad8c36125f72e0d5f9ebfc94037a4ae9e7608aad) commit 6f7f844358e20ad191a5bd665ba4a58e61723909 Author: Ralph Boehme <s...@samba.org> Date: Tue Mar 7 15:03:12 2017 +0100 s3/smbd: add and use retry_open() instead of defer_open() in two places Add a new function that does an immediate open rescheduling. The first deferred open this commit changes was never scheduled, as the scheduling relies on a timeout of the watch on the sharemode lock. This has been broken since the commits in $ git log --reverse -p -10 8283fd0e0090ed12b0b12d5acb550642d621b026 That patchset added the dbwrap watch record logic to defer_open() and removed the timers. I'm doing this mainly to untangle the defer_open() logic which is complicated by the lck arg. Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> (cherry picked from commit beaba6222848fb4ff4392b2247c5be1094b1d65b) commit 8707c863ec56d41a1909b4d0af4190066fadccf1 Author: Ralph Boehme <s...@samba.org> Date: Tue Mar 7 14:37:54 2017 +0100 s3/smbd: simplify defer_open() Add a helper function deferred_open_record_create() that creates a deferred_open_record and let all callers pass all needed arguments individually. While we're at it, enhance the debug message in defer_open() to print all variables. Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> (cherry picked from commit b17ff9b181b7b9730d32534e720c45faabfa6799) commit 32faf95ad5b350fc04191affd3c0a6bd2d6156a5 Author: Ralph Boehme <s...@samba.org> Date: Tue Mar 7 14:10:39 2017 +0100 s3/smbd: req is already validated at the beginning of open_file_ntcreate() req can't be NULL because the if condition surrounding this code checks !(oplock_request & INTERNAL_OPEN_ONLY). Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> (cherry picked from commit 8580adc1d968304b69237f289d13950972394b48) commit 52634536e5a768cb12fa77fd6da505091e253fda Author: Ralph Boehme <s...@samba.org> Date: Mon Mar 6 11:43:08 2017 +0100 s3/smbd: add comments and some reformatting to open_file_ntcreate() No change in behaviour. Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> (cherry picked from commit f5631f6b3520326d4c9a6bae5636fd8d53e66b29) commit c0d2c6314a1564ca91ed68a18e3ecb1b3cc70dc5 Author: Ralph Boehme <s...@samba.org> Date: Sat Mar 4 13:55:55 2017 +0100 s3/smbd: add const to get_lease_type() args Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> (cherry picked from commit 6924e72ade20e98ac470fcb6ba7120c61b06bb0f) commit 8f4bb3afb0b15f8d3d739f7561dc6c737e459eb1 Author: Ralph Boehme <s...@samba.org> Date: Mon Mar 6 12:09:53 2017 +0100 s3/wscript: fix Linux kernel oplock detection Fix a copy/paste error, the Linux kernel oplocks check was copied from the change notify support check. Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> (cherry picked from commit fe473f805af885a23bb16046c9d26d756e164f30) ----------------------------------------------------------------------- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 75 +++- docs-xml/manpages/vfs_fruit.8.xml | 155 +++++--- lib/replace/replace.h | 4 + selftest/target/Samba3.pm | 4 + source3/selftest/tests.py | 36 +- source3/smbd/dir.c | 161 ++++++--- source3/smbd/open.c | 701 +++++++++++++++++++++++++++++------- source3/smbd/oplock.c | 3 +- source3/smbd/proto.h | 3 +- source3/smbd/smb2_query_directory.c | 17 + source3/wscript | 6 +- source4/selftest/tests.py | 2 +- source4/torture/smb2/dir.c | 12 +- source4/torture/smb2/oplock.c | 140 +++++++ source4/torture/smb2/smb2.c | 1 + 16 files changed, 1072 insertions(+), 250 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 3847e29..da28b78 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ ######################################################## SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=5 -SAMBA_VERSION_RELEASE=7 +SAMBA_VERSION_RELEASE=8 ######################################################## # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index cc26d56..591fbc6 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,75 @@ ============================= + Release Notes for Samba 4.5.7 + March 23, 2017 + ============================= + + +This is a security release in order to address the following defect: + +o CVE-2017-2619 (Symlink race allows access outside share definition) + +======= +Details +======= + +o CVE-2017-2619: + All versions of Samba prior to 4.6.1, 4.5.7, 4.4.11 are vulnerable to + a malicious client using a symlink race to allow access to areas of + the server file system not exported under the share definition. + + Samba uses the realpath() system call to ensure when a client requests + access to a pathname that it is under the exported share path on the + server file system. + + Clients that have write access to the exported part of the file system + via SMB1 unix extensions or NFS to create symlinks can race the server + by renaming a realpath() checked path and then creating a symlink. If + the client wins the race it can cause the server to access the new + symlink target after the exported share path check has been done. This + new symlink target can point to anywhere on the server file system. + + This is a difficult race to win, but theoretically possible. Note that + the proof of concept code supplied wins the race reliably only when + the server is slowed down using the strace utility running on the + server. Exploitation of this bug has not been seen in the wild. + + +Changes since 4.5.6: +-------------------- + +o Jeremy Allison <j...@samba.org> + * BUG 12496: CVE-2017-2619: Symlink race permits opening files outside share + directory. + +o Ralph Boehme <s...@samba.org> + * BUG 12496: CVE-2017-2619: Symlink race permits opening files outside share + directory. + + +####################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +Release notes for older releases follow: +---------------------------------------- + + ============================= Release Notes for Samba 4.5.6 March 9, 2017 ============================= @@ -102,8 +173,8 @@ database (https://bugzilla.samba.org/). ====================================================================== -Release notes for older releases follow: ----------------------------------------- +---------------------------------------------------------------------- + ============================= Release Notes for Samba 4.5.5 diff --git a/docs-xml/manpages/vfs_fruit.8.xml b/docs-xml/manpages/vfs_fruit.8.xml index 83ebb68..ea3d84a 100644 --- a/docs-xml/manpages/vfs_fruit.8.xml +++ b/docs-xml/manpages/vfs_fruit.8.xml @@ -79,8 +79,81 @@ </refsect1> <refsect1> + <title>GLOBAL OPTIONS</title> + + <para>The following options must be set in the global smb.conf section + and won't take effect when set per share.</para> + + <variablelist> + + <varlistentry> + <term>fruit:aapl = yes | no</term> + <listitem> + <para>A <emphasis>global</emphasis> option whether to enable Apple's SMB2+ + extension codenamed AAPL. Default + <emphasis>yes</emphasis>. This extension enhances + several deficiencies when connecting from Macs:</para> + + <itemizedlist> + <listitem><para>directory enumeration is enriched with + Mac relevant filesystem metadata (UNIX mode, + FinderInfo, resource fork size and effective + permission), as a result the Mac client doesn't need + to fetch this metadata individuallly per directory + entry resulting in an often tremendous performance + increase.</para></listitem> + + <listitem><para>The ability to query and modify the + UNIX mode of directory entries.</para></listitem> + </itemizedlist> + + <para>There's a set of per share options that come into play when + <emphasis>fruit:aapl</emphasis> is enabled. These opions, listed + below, can be used to disable the computation of specific Mac + metadata in the directory enumeration context, all are enabled by + default:</para> + + <itemizedlist> + <listitem><para>readdir_attr:aapl_rsize = yes | no</para></listitem> + <listitem><para>readdir_attr:aapl_finder_info = yes | no</para></listitem> + <listitem><para>readdir_attr:aapl_max_access = yes | no</para></listitem> + </itemizedlist> + + <para>See below for a description of these options.</para> + + </listitem> + </varlistentry> + + <varlistentry> + <term>fruit:nfs_aces = yes | no</term> + <listitem> + <para>A <emphasis>global</emphasis> option whether support for + querying and modifying the UNIX mode of directory entries via NFS + ACEs is enabled, default <emphasis>yes</emphasis>.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>fruit:copyfile = yes | no</term> + <listitem> + <para>A <emphasis>global</emphasis> option whether to enable OS X + specific copychunk ioctl that requests a copy of a whole file + along with all attached metadata.</para> + <para>WARNING: the copyfile request is blocking the + client while the server does the copy.</para>. + <para>The default is <emphasis>no</emphasis>.</para> + </listitem> + </varlistentry> + + </variablelist> +</refsect1> + +<refsect1> <title>OPTIONS</title> + <para>The following options can be set either in the global smb.conf section + or per share.</para> + <variablelist> <varlistentry> @@ -189,50 +262,6 @@ </varlistentry> <varlistentry> - <term>fruit:aapl = yes | no</term> - <listitem> - <para>A global option whether to enable Apple's SMB2+ - extension codenamed AAPL. Default - <emphasis>yes</emphasis>. This extension enhances - several deficiencies when connecting from Macs:</para> - - <itemizedlist> - <listitem><para>directory enumeration is enriched with - Mac relevant filesystem metadata (UNIX mode, - FinderInfo, resource fork size and effective - permission), as a result the Mac client doesn't need - to fetch this metadata individuallly per directory - entry resulting in an often tremendous performance - increase.</para></listitem> - - <listitem><para>The ability to query and modify the - UNIX mode of directory entries.</para></listitem> - </itemizedlist> - - <para>There's a set of per share options that can be - used to disable the computation of specific Mac metadata - in the directory enumeration context, all are enabled by - default:</para> - - <itemizedlist> - <listitem><para>readdir_attr:aapl_rsize = true | false</para></listitem> - <listitem><para>readdir_attr:aapl_finder_info = true | false</para></listitem> - <listitem><para>readdir_attr:aapl_max_access = true | false</para></listitem> - </itemizedlist> - - </listitem> - </varlistentry> - - <varlistentry> - <term>fruit:nfs_aces = yes | no</term> - <listitem> - <para>Whether support for querying and modifying the - UNIX mode of directory entries via NFS ACEs is enabled, - default <emphasis>yes</emphasis>.</para> - </listitem> - </varlistentry> - - <varlistentry> <term>fruit:veto_appledouble = yes | no</term> <listitem> <para><emphasis>Note:</emphasis> this option only applies when @@ -254,18 +283,6 @@ </varlistentry> <varlistentry> - <term>fruit:copyfile = yes | no</term> - <listitem> - <para>Whether to enable OS X specific copychunk ioctl - that requests a copy of a whole file along with all - attached metadata.</para> - <para>WARNING: the copyfile request is blocking the - client while the server does the copy.</para>. - <para>The default is <emphasis>no</emphasis>.</para> - </listitem> - </varlistentry> - - <varlistentry> <term>fruit:posix_rename = yes | no</term> <listitem> <para>Whether to enable POSIX directory rename behaviour @@ -276,6 +293,32 @@ </listitem> </varlistentry> + <varlistentry> + <term>readdir_attr:aapl_rsize = yes | no</term> + <listitem> + <para>Return resource fork size in SMB2 FIND responses.</para> + <para>The default is <emphasis>yes</emphasis>.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>readdir_attr:aapl_finder_info = yes | no</term> + <listitem> + <para>Return FinderInfo in SMB2 FIND responses.</para> + <para>The default is <emphasis>yes</emphasis>.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>readdir_attr:aapl_max_access = yes | no</term> + <listitem> + <para>Return the user's effective maximum permissions in SMB2 FIND + responses. This is an expensive computation, setting this to off + pretends the use has maximum effective permissions.</para> + <para>The default is <emphasis>yes</emphasis>.</para> + </listitem> + </varlistentry> + </variablelist> </refsect1> diff --git a/lib/replace/replace.h b/lib/replace/replace.h index c69a069..1dbeacf 100644 --- a/lib/replace/replace.h +++ b/lib/replace/replace.h @@ -171,6 +171,10 @@ #include <sys/types.h> #endif +#ifdef HAVE_SYS_SYSMACROS_H +#include <sys/sysmacros.h> +#endif + #ifdef HAVE_SETPROCTITLE_H #include <setproctitle.h> #endif diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index 938d195..e4d7dcd 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -1824,6 +1824,10 @@ sub provision($$$$$$$$) copy = tmp acl_xattr:ignore system acls = yes acl_xattr:default acl style = windows +[kernel_oplocks] + copy = tmp + kernel oplocks = yes + vfs objects = streams_xattr xattr_tdb "; close(CONF); diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index 5d9584e..e169506 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -36,6 +36,26 @@ def plansmbtorture4testsuite(name, env, options, description=''): selftesthelpers.plansmbtorture4testsuite( name, env, options, target='samba3', modname=modname) +# find config.h +try: + config_h = os.environ["CONFIG_H"] +except KeyError: + samba4bindir = bindir() + config_h = os.path.join(samba4bindir, "default/include/config.h") + +# check available features +config_hash = dict() +f = open(config_h, 'r') +try: + lines = f.readlines() + config_hash = dict((x[0], ' '.join(x[1:])) + for x in map(lambda line: line.strip().split(' ')[1:], + filter(lambda line: (line[0:7] == '#define') and (len(line.split(' ')) > 2), lines))) +finally: + f.close() + +have_libarchive = ("HAVE_LIBARCHIVE" in config_hash) +have_linux_kernel_oplocks = ("HAVE_KERNEL_OPLOCKS_LINUX" in config_hash) plantestsuite("samba3.blackbox.success", "nt4_dc:local", [os.path.join(samba3srcdir, "script/tests/test_success.sh")]) plantestsuite("samba3.blackbox.failure", "nt4_dc:local", [os.path.join(samba3srcdir, "script/tests/test_failure.sh")]) @@ -204,19 +224,6 @@ for env in ["fileserver"]: # tar command tests # - # find config.h - try: - config_h = os.environ["CONFIG_H"] - except KeyError: - config_h = os.path.join(samba4bindir, "default/include/config.h") - - # see if libarchive is supported - f = open(config_h, 'r') - try: - have_libarchive = ("HAVE_LIBARCHIVE 1" in f.read()) - finally: - f.close() - # tar command enabled only if built with libarchive if have_libarchive: # Test smbclient/tarmode @@ -426,6 +433,9 @@ for t in tests: plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD --signing=required') elif t == "smb2.dosmode": plansmbtorture4testsuite(t, "simpleserver", '//$SERVER/dosmode -U$USERNAME%$PASSWORD') + elif t == "smb2.kernel-oplocks": + if have_linux_kernel_oplocks: + plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER/kernel_oplocks -U$USERNAME%$PASSWORD') elif t == "vfs.acl_xattr": plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD') else: diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c index 3c6f000..1348d12 100644 --- a/source3/smbd/dir.c +++ b/source3/smbd/dir.c @@ -1630,7 +1630,8 @@ static int smb_Dir_destructor(struct smb_Dir *dirp) Open a directory. ********************************************************************/ -struct smb_Dir *OpenDir(TALLOC_CTX *mem_ctx, connection_struct *conn, +static struct smb_Dir *OpenDir_internal(TALLOC_CTX *mem_ctx, + connection_struct *conn, const struct smb_filename *smb_dname, const char *mask, uint32_t attr) @@ -1642,29 +1643,23 @@ struct smb_Dir *OpenDir(TALLOC_CTX *mem_ctx, connection_struct *conn, return NULL; } - dirp->conn = conn; - dirp->name_cache_size = lp_directory_name_cache_size(SNUM(conn)); + dirp->dir = SMB_VFS_OPENDIR(conn, smb_dname, mask, attr); - dirp->dir_smb_fname = cp_smb_filename(dirp, smb_dname); - if (!dirp->dir_smb_fname) { - errno = ENOMEM; + if (!dirp->dir) { + DEBUG(5,("OpenDir: Can't open %s. %s\n", + smb_dname->base_name, + strerror(errno) )); goto fail; } + dirp->conn = conn; + dirp->name_cache_size = lp_directory_name_cache_size(SNUM(conn)); + if (sconn && !sconn->using_smb2) { sconn->searches.dirhandles_open++; } talloc_set_destructor(dirp, smb_Dir_destructor); - dirp->dir = SMB_VFS_OPENDIR(conn, dirp->dir_smb_fname, mask, attr); - - if (!dirp->dir) { - DEBUG(5,("OpenDir: Can't open %s. %s\n", - dirp->dir_smb_fname->base_name, - strerror(errno) )); - goto fail; - } - return dirp; fail: @@ -1672,6 +1667,87 @@ struct smb_Dir *OpenDir(TALLOC_CTX *mem_ctx, connection_struct *conn, return NULL; } +/**************************************************************************** + Open a directory handle by pathname, ensuring it's under the share path. +****************************************************************************/ + +static struct smb_Dir *open_dir_safely(TALLOC_CTX *ctx, + connection_struct *conn, + const struct smb_filename *smb_dname, + const char *wcard, + uint32_t attr) +{ + struct smb_Dir *dir_hnd = NULL; + struct smb_filename *smb_fname_cwd = NULL; + char *saved_dir = vfs_GetWd(ctx, conn); + NTSTATUS status; + + if (saved_dir == NULL) { + return NULL; + } + + if (vfs_ChDir(conn, smb_dname->base_name) == -1) { + goto out; + } + + smb_fname_cwd = synthetic_smb_fname(talloc_tos(), + ".", + NULL, + NULL, + smb_dname->flags); + if (smb_fname_cwd == NULL) { + goto out; + } + + /* + * Now the directory is pinned, use + * REALPATH to ensure we can access it. + */ + status = check_name(conn, "."); + if (!NT_STATUS_IS_OK(status)) { + goto out; + } + + dir_hnd = OpenDir_internal(ctx, + conn, + smb_fname_cwd, + wcard, + attr); + + if (dir_hnd == NULL) { + goto out; + } + + /* + * OpenDir_internal only gets "." as the dir name. + * Store the real dir name here. + */ + + dir_hnd->dir_smb_fname = cp_smb_filename(dir_hnd, smb_dname); + if (!dir_hnd->dir_smb_fname) { + TALLOC_FREE(dir_hnd); + errno = ENOMEM; -- Samba Shared Repository