The branch, v4-6-test has been updated
via 6155eba s3: libsmb: Fix use-after-free when accessing pointer *p.
via 378886b smbd: Fix a connection run-down race condition
via c1e5a22 s3/notifyd: ensure notifyd doesn't return from
smbd_notifyd_init
via 8c0f377 ctdb-common: Set close-on-exec when creating PID file
via 791b217 vfs_fruit: don't use MS NFS ACEs with Windows clients
via 6af5fcc s3:client: The smbspool krb5 wrapper needs negotiate for
authentication
via 1714d0c vfs_fruit: add fruit:model = <modelname> parametric option
via 1ec8c4a idmap_ad: Retry query_user exactly once if we get
TLDAP_SERVER_DOWN
from 73550d1 selftest: Do not force run of kcc at start of selftest
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-6-test
- Log -----------------------------------------------------------------
commit 6155eba0dbde13f5ba5122b590cad6e3de9af186
Author: Thomas Jarosch <[email protected]>
Date: Sat Jul 22 09:36:18 2017 -0700
s3: libsmb: Fix use-after-free when accessing pointer *p.
talloc_asprintf_append() might call realloc()
and therefore move the memory address of "path".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12927
Signed-off-by: Thomas Jarosch <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
Reviewed-by: Ralph Böhme <[email protected]>
Autobuild-User(master): Jeremy Allison <[email protected]>
Autobuild-Date(master): Sat Jul 22 22:45:05 CEST 2017 on sn-devel-144
(cherry picked from commit 890137cffedcaf88a9ff808c01335ee14fcfd8da)
Autobuild-User(v4-6-test): Karolin Seeger <[email protected]>
Autobuild-Date(v4-6-test): Mon Jul 24 02:24:33 CEST 2017 on sn-devel-144
commit 378886b89c3570c8f4fee27a196dd347006d1445
Author: Volker Lendecke <[email protected]>
Date: Wed Jul 19 14:51:33 2017 +0200
smbd: Fix a connection run-down race condition
When we do a server exit with active aio jobs, we need to keep the
aio state active for the helper thread. Right now I don't see another
chance than to leak memory in this case. And, I don't really oversee
how cancelling requests works in this case, but this does fix crashes
seen at a customer site.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12925
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
(cherry picked from commit 0181fcc4aaa730e3a88ff5d397145332f4013950)
commit c1e5a2283e9d239e8a9ddbc02df2feb31180cfef
Author: Ralph Boehme <[email protected]>
Date: Fri Jul 14 16:38:36 2017 +0200
s3/notifyd: ensure notifyd doesn't return from smbd_notifyd_init
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12910
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
(cherry picked from commit 7f4e7cfd1b0bd917395c631a1a8195fffd13bbad)
commit 8c0f3775dd9e488e47e65f9c5be1a5c6d50ac7aa
Author: Martin Schwenke <[email protected]>
Date: Wed Jul 12 13:41:17 2017 +1000
ctdb-common: Set close-on-exec when creating PID file
Otherwise, for example, the file descriptor for the main PID file will
leak all the way down to event scripts.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12898
Signed-off-by: Martin Schwenke <[email protected]>
Reviewed-by: Amitay Isaacs <[email protected]>
(cherry picked from commit 3e85cbfd7541d8f30ce1f3244ebcc44332b394fe)
commit 791b217458d89a9c9fad6d29dd1998856ef5214f
Author: Ralph Boehme <[email protected]>
Date: Wed Jul 12 09:33:59 2017 +0200
vfs_fruit: don't use MS NFS ACEs with Windows clients
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12897
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Guenther Deschner <[email protected]>
Autobuild-User(master): Günther Deschner <[email protected]>
Autobuild-Date(master): Thu Jul 13 22:21:08 CEST 2017 on sn-devel-144
(cherry picked from commit df0db9d8f893f9245c6289200303b94a6e2d48d0)
commit 6af5fccbb9a7e8a12e6e598a7f81f20b50aa84a1
Author: Andreas Schneider <[email protected]>
Date: Fri Jul 7 14:08:49 2017 +0200
s3:client: The smbspool krb5 wrapper needs negotiate for authentication
If you create a new printer it doesn't have AuthInfoRequired set and so
cups calls the backend with:
AUTH_INFO_REQUIRED=none
In this case we need to return:
ATTR: auth-info-required=negotiate
and return an error that we require authentication.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12886
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
(cherry picked from commit 4cced4da4ca97f0c6db227e6b2c7e03c2e5c1f28)
commit 1714d0cfa22d7deb93d90ef134c522a9e57d1064
Author: Günther Deschner <[email protected]>
Date: Wed Jun 28 18:10:28 2017 +0200
vfs_fruit: add fruit:model = <modelname> parametric option
fruit:model = iMac
fruit:model = MacBook
fruit:model = MacPro
fruit:model = Xserve
will all display a different icon inside Finder.
Formerly, we used "Samba" which resulted in a "?" icon in Finder, with
the new default "MacSamba" we appear with a computer box icon at least.
Guenther
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12840
Signed-off-by: Guenther Deschner <[email protected]>
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
Autobuild-User(master): Günther Deschner <[email protected]>
Autobuild-Date(master): Wed Jul 12 03:17:57 CEST 2017 on sn-devel-144
(cherry picked from commit 259e1706e3206b215e136ea9d5beef4c9e3fcdee)
commit 1ec8c4ab071305469cc9fbb9bb96e3886334649e
Author: Dustin L. Howett via samba-technical <[email protected]>
Date: Fri Jun 30 16:10:01 2017 -0700
idmap_ad: Retry query_user exactly once if we get TLDAP_SERVER_DOWN
All other ldap-querying methods in idmap_ad make a single retry attempt if
they get
TLDAP_SERVER_DOWN. This patch brings idmap_ad_query_user in line with that
design.
This fixes the symptom described in 12720 at the cost of an additional
reconnect per
failed lookup.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12720
Signed-off-by: Dustin L. Howett <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
(cherry picked from commit fe7020b0d1b6fe1ca9add4815e20c2e2262cb6c9)
-----------------------------------------------------------------------
Summary of changes:
ctdb/common/pidfile.c | 8 ++++++++
docs-xml/manpages/vfs_fruit.8.xml | 9 +++++++++
source3/client/smbspool_krb5_wrapper.c | 29 +++++++++++++++++++----------
source3/libsmb/libsmb_dir.c | 6 +++---
source3/modules/vfs_default.c | 33 +++++++++++++++++++++++++++------
source3/modules/vfs_fruit.c | 12 +++++++++++-
source3/smbd/server.c | 8 +++++++-
source3/winbindd/idmap_ad.c | 19 ++++++++++++++++++-
source4/torture/vfs/fruit.c | 8 +++++++-
9 files changed, 109 insertions(+), 23 deletions(-)
Changeset truncated at 500 lines:
diff --git a/ctdb/common/pidfile.c b/ctdb/common/pidfile.c
index b3f29e3..51c0c25 100644
--- a/ctdb/common/pidfile.c
+++ b/ctdb/common/pidfile.c
@@ -22,6 +22,8 @@
#include <talloc.h>
+#include "lib/util/blocking.h"
+
#include "common/pidfile.h"
struct pidfile_context {
@@ -61,6 +63,12 @@ int pidfile_create(TALLOC_CTX *mem_ctx, const char *pidfile,
goto fail;
}
+ if (! set_close_on_exec(fd)) {
+ close(fd);
+ ret = EIO;
+ goto fail;
+ }
+
pid_ctx->fd = fd;
lck = (struct flock) {
diff --git a/docs-xml/manpages/vfs_fruit.8.xml
b/docs-xml/manpages/vfs_fruit.8.xml
index cbeb12c..317415f 100644
--- a/docs-xml/manpages/vfs_fruit.8.xml
+++ b/docs-xml/manpages/vfs_fruit.8.xml
@@ -162,6 +162,15 @@
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>fruit:model = MacSamba</term>
+ <listitem>
+ <para>This option defines the model string inside the AAPL
+ extension and will determine the appearance of the icon
representing the
+ Samba server in the Finder window.</para>
+ <para>The default is <emphasis>MacSamba</emphasis>.</para>
+ </listitem>
+ </varlistentry>
</variablelist>
</refsect1>
diff --git a/source3/client/smbspool_krb5_wrapper.c
b/source3/client/smbspool_krb5_wrapper.c
index bf97d82..a72006a 100644
--- a/source3/client/smbspool_krb5_wrapper.c
+++ b/source3/client/smbspool_krb5_wrapper.c
@@ -95,17 +95,26 @@ int main(int argc, char *argv[])
/* If not set, then just call smbspool. */
if (env == NULL) {
- CUPS_SMB_ERROR("AUTH_INFO_REQUIRED is not set");
- goto smbspool;
+ CUPS_SMB_DEBUG("AUTH_INFO_REQUIRED is not set - "
+ "execute smbspool");
+ goto smbspool;
} else {
- CUPS_SMB_DEBUG("AUTH_INFO_REQUIRED=%s", env);
- cmp = strcmp(env, "negotiate");
- /* If AUTH_INFO_REQUIRED != "negotiate" then call smbspool. */
- if (cmp != 0) {
- CUPS_SMB_ERROR(
- "AUTH_INFO_REQUIRED is not set to negotiate");
- goto smbspool;
- }
+ CUPS_SMB_DEBUG("AUTH_INFO_REQUIRED=%s", env);
+
+ cmp = strcmp(env, "username,password");
+ if (cmp == 0) {
+ CUPS_SMB_DEBUG("Authenticate using username/password - "
+ "execute smbspool");
+ goto smbspool;
+ }
+
+ /* if AUTH_INFO_REQUIRED=none */
+ cmp = strcmp(env, "negotiate");
+ if (cmp != 0) {
+ CUPS_SMB_ERROR("Authentication unsupported");
+ fprintf(stderr, "ATTR: auth-info-required=negotiate\n");
+ return CUPS_BACKEND_AUTH_REQUIRED;
+ }
}
uid = getuid();
diff --git a/source3/libsmb/libsmb_dir.c b/source3/libsmb/libsmb_dir.c
index 8bf3c6b..6314591 100644
--- a/source3/libsmb/libsmb_dir.c
+++ b/source3/libsmb/libsmb_dir.c
@@ -379,9 +379,9 @@ SMBC_opendir_ctx(SMBCCTX *context,
char *options = NULL;
char *workgroup = NULL;
char *path = NULL;
+ size_t path_len = 0;
uint16_t mode;
uint16_t port = 0;
- char *p = NULL;
SMBCSRV *srv = NULL;
SMBCFILE *dir = NULL;
struct sockaddr_storage rem_ss;
@@ -802,7 +802,7 @@ SMBC_opendir_ctx(SMBCCTX *context,
/* Now, list the files ... */
- p = path + strlen(path);
+ path_len = strlen(path);
path = talloc_asprintf_append(path, "\\*");
if (!path) {
if (dir) {
@@ -844,7 +844,7 @@ SMBC_opendir_ctx(SMBCCTX *context,
* got would have been EINVAL rather
* than ENOTDIR.
*/
- *p = '\0'; /* restore original path */
+ path[path_len] = '\0'; /* restore
original path */
if (SMBC_getatr(context, srv, path,
&mode, NULL,
diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index dcae861..53a116c 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -734,6 +734,7 @@ struct vfswrap_pread_state {
static void vfs_pread_do(void *private_data);
static void vfs_pread_done(struct tevent_req *subreq);
+static int vfs_pread_state_destructor(struct vfswrap_pread_state *state);
static struct tevent_req *vfswrap_pread_send(struct vfs_handle_struct *handle,
TALLOC_CTX *mem_ctx,
@@ -774,6 +775,8 @@ static struct tevent_req *vfswrap_pread_send(struct
vfs_handle_struct *handle,
}
tevent_req_set_callback(subreq, vfs_pread_done, req);
+ talloc_set_destructor(state, vfs_pread_state_destructor);
+
return req;
}
@@ -802,19 +805,23 @@ static void vfs_pread_do(void *private_data)
SMBPROFILE_BYTES_ASYNC_SET_IDLE(state->profile_bytes);
}
+static int vfs_pread_state_destructor(struct vfswrap_pread_state *state)
+{
+ return -1;
+}
+
static void vfs_pread_done(struct tevent_req *subreq)
{
struct tevent_req *req = tevent_req_callback_data(
subreq, struct tevent_req);
-#ifdef WITH_PROFILE
struct vfswrap_pread_state *state = tevent_req_data(
req, struct vfswrap_pread_state);
-#endif
int ret;
ret = pthreadpool_tevent_job_recv(subreq);
TALLOC_FREE(subreq);
SMBPROFILE_BYTES_ASYNC_END(state->profile_bytes);
+ talloc_set_destructor(state, NULL);
if (tevent_req_error(req, ret)) {
return;
}
@@ -850,6 +857,7 @@ struct vfswrap_pwrite_state {
static void vfs_pwrite_do(void *private_data);
static void vfs_pwrite_done(struct tevent_req *subreq);
+static int vfs_pwrite_state_destructor(struct vfswrap_pwrite_state *state);
static struct tevent_req *vfswrap_pwrite_send(struct vfs_handle_struct *handle,
TALLOC_CTX *mem_ctx,
@@ -890,6 +898,8 @@ static struct tevent_req *vfswrap_pwrite_send(struct
vfs_handle_struct *handle,
}
tevent_req_set_callback(subreq, vfs_pwrite_done, req);
+ talloc_set_destructor(state, vfs_pwrite_state_destructor);
+
return req;
}
@@ -918,19 +928,23 @@ static void vfs_pwrite_do(void *private_data)
SMBPROFILE_BYTES_ASYNC_SET_IDLE(state->profile_bytes);
}
+static int vfs_pwrite_state_destructor(struct vfswrap_pwrite_state *state)
+{
+ return -1;
+}
+
static void vfs_pwrite_done(struct tevent_req *subreq)
{
struct tevent_req *req = tevent_req_callback_data(
subreq, struct tevent_req);
-#ifdef WITH_PROFILE
struct vfswrap_pwrite_state *state = tevent_req_data(
req, struct vfswrap_pwrite_state);
-#endif
int ret;
ret = pthreadpool_tevent_job_recv(subreq);
TALLOC_FREE(subreq);
SMBPROFILE_BYTES_ASYNC_END(state->profile_bytes);
+ talloc_set_destructor(state, NULL);
if (tevent_req_error(req, ret)) {
return;
}
@@ -963,6 +977,7 @@ struct vfswrap_fsync_state {
static void vfs_fsync_do(void *private_data);
static void vfs_fsync_done(struct tevent_req *subreq);
+static int vfs_fsync_state_destructor(struct vfswrap_fsync_state *state);
static struct tevent_req *vfswrap_fsync_send(struct vfs_handle_struct *handle,
TALLOC_CTX *mem_ctx,
@@ -996,6 +1011,8 @@ static struct tevent_req *vfswrap_fsync_send(struct
vfs_handle_struct *handle,
}
tevent_req_set_callback(subreq, vfs_fsync_done, req);
+ talloc_set_destructor(state, vfs_fsync_state_destructor);
+
return req;
}
@@ -1019,19 +1036,23 @@ static void vfs_fsync_do(void *private_data)
state->vfs_aio_state.duration = nsec_time_diff(&end_time, &start_time);
}
+static int vfs_fsync_state_destructor(struct vfswrap_fsync_state *state)
+{
+ return -1;
+}
+
static void vfs_fsync_done(struct tevent_req *subreq)
{
struct tevent_req *req = tevent_req_callback_data(
subreq, struct tevent_req);
-#ifdef WITH_PROFILE
struct vfswrap_fsync_state *state = tevent_req_data(
req, struct vfswrap_fsync_state);
-#endif
int ret;
ret = pthreadpool_tevent_job_recv(subreq);
TALLOC_FREE(subreq);
SMBPROFILE_BASIC_ASYNC_END(state->profile_basic);
+ talloc_set_destructor(state, NULL);
if (tevent_req_error(req, ret)) {
return;
}
diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
index 9a55c9e..df0a700 100644
--- a/source3/modules/vfs_fruit.c
+++ b/source3/modules/vfs_fruit.c
@@ -136,6 +136,7 @@ struct fruit_config_data {
bool veto_appledouble;
bool posix_rename;
bool aapl_zero_file_id;
+ const char *model;
/*
* Additional options, all enabled by default,
@@ -1604,6 +1605,9 @@ static int init_fruit_config(vfs_handle_struct *handle)
config->readdir_attr_max_access = lp_parm_bool(
SNUM(handle->conn), "readdir_attr", "aapl_max_access", true);
+ config->model = lp_parm_const_string(
+ -1, FRUIT_PARAM_TYPE_NAME, "model", "MacSamba");
+
SMB_VFS_HANDLE_SET_DATA(handle, config,
NULL, struct fruit_config_data,
return -1);
@@ -2227,7 +2231,7 @@ static NTSTATUS check_aapl(vfs_handle_struct *handle,
if (req_bitmap & SMB2_CRTCTX_AAPL_MODEL_INFO) {
ok = convert_string_talloc(req,
CH_UNIX, CH_UTF16LE,
- "Samba", strlen("Samba"),
+ config->model, strlen(config->model),
&model, &modellen);
if (!ok) {
return NT_STATUS_UNSUCCESSFUL;
@@ -2557,6 +2561,9 @@ static NTSTATUS check_ms_nfs(vfs_handle_struct *handle,
struct fruit_config_data,
return NT_STATUS_UNSUCCESSFUL);
+ if (!global_fruit_config.nego_aapl) {
+ return NT_STATUS_OK;
+ }
if (psd->dacl == NULL || !config->unix_info_enabled) {
return NT_STATUS_OK;
}
@@ -5136,6 +5143,9 @@ static NTSTATUS fruit_fget_nt_acl(vfs_handle_struct
*handle,
/*
* Add MS NFS style ACEs with uid, gid and mode
*/
+ if (!global_fruit_config.nego_aapl) {
+ return NT_STATUS_OK;
+ }
if (!config->unix_info_enabled) {
return NT_STATUS_OK;
}
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 3cbd089..f97b5e8 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -383,6 +383,7 @@ static bool smbd_notifyd_init(struct messaging_context
*msg, bool interactive,
struct tevent_req *req;
pid_t pid;
NTSTATUS status;
+ bool ok;
if (interactive) {
req = notifyd_req(msg, ev);
@@ -424,7 +425,12 @@ static bool smbd_notifyd_init(struct messaging_context
*msg, bool interactive,
messaging_send(msg, pid_to_procid(getppid()), MSG_SMB_NOTIFY_STARTED,
NULL);
- return tevent_req_poll(req, ev);
+ ok = tevent_req_poll(req, ev);
+ if (!ok) {
+ DBG_WARNING("tevent_req_poll returned %s\n", strerror(errno));
+ exit(1);
+ }
+ exit(0);
}
static void notifyd_init_trigger(struct tevent_req *req);
diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c
index 5039e9b..2bee08a 100644
--- a/source3/winbindd/idmap_ad.c
+++ b/source3/winbindd/idmap_ad.c
@@ -511,9 +511,26 @@ static NTSTATUS idmap_ad_query_user(struct idmap_domain
*domain,
return NT_STATUS_OK;
}
+static NTSTATUS idmap_ad_query_user_retry(struct idmap_domain *domain,
+ struct wbint_userinfo *info)
+{
+ const NTSTATUS status_server_down =
+ NT_STATUS_LDAP(TLDAP_RC_V(TLDAP_SERVER_DOWN));
+ NTSTATUS status;
+
+ status = idmap_ad_query_user(domain, info);
+
+ if (NT_STATUS_EQUAL(status, status_server_down)) {
+ TALLOC_FREE(domain->private_data);
+ status = idmap_ad_query_user(domain, info);
+ }
+
+ return status;
+}
+
static NTSTATUS idmap_ad_initialize(struct idmap_domain *dom)
{
- dom->query_user = idmap_ad_query_user;
+ dom->query_user = idmap_ad_query_user_retry;
dom->private_data = NULL;
return NT_STATUS_OK;
}
diff --git a/source4/torture/vfs/fruit.c b/source4/torture/vfs/fruit.c
index bb8f36e..10ef020 100644
--- a/source4/torture/vfs/fruit.c
+++ b/source4/torture/vfs/fruit.c
@@ -1252,7 +1252,13 @@ static bool enable_aapl(struct torture_context *tctx,
torture_assert_goto(tctx, aapl != NULL, ret, done, "missing AAPL
context");
if (!is_osx_server) {
- torture_assert_goto(tctx, aapl->data.length == 50, ret, done,
"bad AAPL size");
+ size_t exptected_aapl_ctx_size;
+
+ exptected_aapl_ctx_size = strlen("MacSamba") * 2 + 40;
+
+ torture_assert_goto(
+ tctx, aapl->data.length == exptected_aapl_ctx_size,
+ ret, done, "bad AAPL size");
}
aapl_server_caps = BVAL(aapl->data.data, 16);
--
Samba Shared Repository
