The branch, v4-6-stable has been updated via fd09a02 VERSION: Disable GIT_SNAPSHOT for the 4.6.13 release. via 38e71ba WHATSNEW: Add release notes for Samba 4.6.13. via 666c680 build: fix ceph_statx check when configured with libcephfs_dir via 3015558 vfs_fruit: set delete-on-close for empty finderinfo via 9e47e9e vfs_fruit: filter out AFP_AfpInfo streams with pending delete-on-close via c1e0396 vfs_fruit: factor out delete_invalid_meta_stream() from fruit_streaminfo_meta_stream() via d95b278 s4/torture/fruit: enhance zero AFP_AfpInfo stream test via 26da45b s4/torture/fruit: ensure AFP_AfpInfo blobs are 0-initialized via 21d0446 vfs_default: use VFS statvfs macro in fs_capabilities via a6b780c vfs_ceph: add fs_capabilities hook to avoid local statvfs via 579b6a4 s3: smbd: Use identical logic to test for kernel oplocks on a share. via 6ba6125 smbd: Fix coredump on failing chdir during logoff via 60eb51d selftest: Add test for failing chdir call in smbd via e6ec5ae selftest: Make location of log file available in tests via 90d87d4 selftest: Add share for error injection testing via 919d16e vfs_error_inject: Add new module via d932fcf ctdb-recovery-helper: Deregister message handler in error paths via a3dc640 sysacls: change datatypes to 32 bits via e64528a pysmbd: fix use of sysacl API via f502340 HEIMDAL:kdc: fix dh->q allocation check in get_dh_param() via c6dfb4e HEIMDAL: don't bother seeing q if not sent via 03c69a5 HEIMDAL: allow optional q in DH DomainParameters via f69814f g_lock: fix cleanup of stale entries in g_lock_trylock() via e39dcec s4:kdc: only map SDB_ERR_NOT_FOUND_HERE to HDB_ERR_NOT_FOUND_HERE via 51fb772 VERSION: Bump version up to 4.6.13... from 1377b56 VERSION: Disable GIT_SNAPSHOT for the 4.6.12 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-6-stable - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 74 +++++++++++++- ctdb/server/ctdb_recovery_helper.c | 16 ++- selftest/selftest.pl | 1 + selftest/target/Samba3.pm | 4 + source3/include/smb_acls.h | 10 +- source3/lib/g_lock.c | 6 +- source3/modules/vfs_ceph.c | 15 +++ source3/modules/vfs_default.c | 14 +-- source3/modules/vfs_error_inject.c | 99 ++++++++++++++++++ source3/modules/vfs_fruit.c | 172 ++++++++++++++++++++++++-------- source3/modules/wscript_build | 7 ++ source3/script/tests/test_smbd_error.sh | 56 +++++++++++ source3/selftest/tests.py | 3 + source3/smbd/oplock.c | 25 +++-- source3/smbd/pysmbd.c | 43 +++++++- source3/smbd/server_exit.c | 4 - source3/wscript | 10 +- source4/heimdal/kdc/pkinit.c | 11 +- source4/heimdal/lib/asn1/rfc2459.asn1 | 2 +- source4/heimdal/lib/krb5/pkinit.c | 7 +- source4/kdc/hdb-samba4.c | 24 +++-- source4/torture/vfs/fruit.c | 89 ++++++++++++++++- 23 files changed, 604 insertions(+), 90 deletions(-) create mode 100644 source3/modules/vfs_error_inject.c create mode 100755 source3/script/tests/test_smbd_error.sh Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 0c4ca38..8a613d1 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ ######################################################## SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=6 -SAMBA_VERSION_RELEASE=12 +SAMBA_VERSION_RELEASE=13 ######################################################## # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index a759fa9..992007d 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,74 @@ ============================== + Release Notes for Samba 4.6.13 + February 14, 2017 + ============================= + + +This is the latest stable release of the Samba 4.6 release series. + + +Changes since 4.6.12: +--------------------- + +o Jeremy Allison <j...@samba.org> + * BUG 13193: s3: smbd: Use identical logic to test for kernel oplocks on a + share. + +o Love Hornquist Astrand <l...@h5l.org> + * BUG 12986: Kerberos: PKINIT: Can't decode algorithm parameters in + clientPublicValue. + +o Ralph Boehme <s...@samba.org> + * BUG 13181: vfs_fruit: Fail to copy file with empty FinderInfo from Windows + client to Samba share with fruit. + +o David Disseldorp <dd...@suse.de> + * BUG 13208: vfs_default: Use VFS statvfs macro in fs_capabilities. + * BUG 13250: build: Fix ceph_statx check when configured with libcephfs_dir. + +o Amitay Isaacs <ami...@gmail.com> + * BUG 13188: ctdb-recovery-helper: Deregister message handler in error + paths. + +o Christof Schmitt <c...@samba.org> + * BUG 13189: smbd: Fix coredump on failing chdir during logoff. + +o Stefan Metzmacher <me...@samba.org> + * BUG 12986: Kerberos: PKINIT: Can't decode algorithm parameters in + clientPublicValue. + * BUG 13132: s4:kdc: Only map SDB_ERR_NOT_FOUND_HERE to + HDB_ERR_NOT_FOUND_HERE. + * BUG 13195: g_lock: fix cleanup of stale entries in g_lock_trylock(). + +o Uri Simchoni <u...@samba.org> + * BUG 13176: Fix POSIX ACL support on hpux and possibly other + big-endian OSs. + + +####################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the "Samba 4.1 and newer" product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +Release notes for older releases follow: +---------------------------------------- + + ============================== Release Notes for Samba 4.6.12 December 20, 2017 ============================= @@ -90,8 +160,8 @@ database (https://bugzilla.samba.org/). ====================================================================== -Release notes for older releases follow: ----------------------------------------- +---------------------------------------------------------------------- + ============================== Release Notes for Samba 4.6.11 diff --git a/ctdb/server/ctdb_recovery_helper.c b/ctdb/server/ctdb_recovery_helper.c index 474b900..2c7bb4b 100644 --- a/ctdb/server/ctdb_recovery_helper.c +++ b/ctdb/server/ctdb_recovery_helper.c @@ -428,6 +428,7 @@ struct pull_database_state { uint32_t pnn; uint64_t srvid; int num_records; + int result; }; static void pull_database_handler(uint64_t srvid, TDB_DATA data, @@ -625,8 +626,8 @@ static void pull_database_new_done(struct tevent_req *subreq) if (! status) { LOG("control DB_PULL failed for %s on node %u, ret=%d\n", recdb_name(state->recdb), state->pnn, ret); - tevent_req_error(req, ret); - return; + state->result = ret; + goto unregister; } ret = ctdb_reply_control_db_pull(reply, &num_records); @@ -634,13 +635,15 @@ static void pull_database_new_done(struct tevent_req *subreq) if (num_records != state->num_records) { LOG("mismatch (%u != %u) in DB_PULL records for %s\n", num_records, state->num_records, recdb_name(state->recdb)); - tevent_req_error(req, EIO); - return; + state->result = EIO; + goto unregister; } LOG("Pulled %d records for db %s from node %d\n", state->num_records, recdb_name(state->recdb), state->pnn); +unregister: + subreq = ctdb_client_remove_message_handler_send( state, state->ev, state->client, state->srvid, req); @@ -668,6 +671,11 @@ static void pull_database_unregister_done(struct tevent_req *subreq) return; } + if (state->result != 0) { + tevent_req_error(req, state->result); + return; + } + tevent_req_done(req); } diff --git a/selftest/selftest.pl b/selftest/selftest.pl index c54ea68..c4a5464 100755 --- a/selftest/selftest.pl +++ b/selftest/selftest.pl @@ -843,6 +843,7 @@ my @exported_envvars = ( "DNS_FORWARDER2", "RESOLV_CONF", "UNACCEPTABLE_PASSWORD", + "SMBD_TEST_LOG", # nss_wrapper "NSS_WRAPPER_PASSWD", diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index dbfad1c..77716e9 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -2010,6 +2010,10 @@ sub provision($$$$$$$$) copy = tmp kernel oplocks = yes vfs objects = streams_xattr xattr_tdb +[error_inject] + copy = tmp + vfs objects = error_inject + include = $libdir/error_inject.conf "; close(CONF); diff --git a/source3/include/smb_acls.h b/source3/include/smb_acls.h index 3ac23db..cd2452b 100644 --- a/source3/include/smb_acls.h +++ b/source3/include/smb_acls.h @@ -26,8 +26,14 @@ struct vfs_handle_struct; struct files_struct; typedef int SMB_ACL_TYPE_T; -typedef mode_t *SMB_ACL_PERMSET_T; -typedef mode_t SMB_ACL_PERM_T; +/* + * struct smb_acl_entry is defined in IDL as + * using mode_t values, pidl always converts these + * to uint32_t. Ensure the external type definitions + * match. + */ +typedef uint32_t *SMB_ACL_PERMSET_T; +typedef uint32_t SMB_ACL_PERM_T; typedef enum smb_acl_tag_t SMB_ACL_TAG_T; typedef struct smb_acl_t *SMB_ACL_T; diff --git a/source3/lib/g_lock.c b/source3/lib/g_lock.c index f954978..6a661cd 100644 --- a/source3/lib/g_lock.c +++ b/source3/lib/g_lock.c @@ -133,7 +133,9 @@ static NTSTATUS g_lock_trylock(struct db_record *rec, struct server_id self, return NT_STATUS_INTERNAL_ERROR; } - for (i=0; i<num_locks; i++) { + i=0; + + while (i < num_locks) { if (serverid_equal(&self, &locks[i].pid)) { status = NT_STATUS_INTERNAL_ERROR; goto done; @@ -160,7 +162,9 @@ static NTSTATUS g_lock_trylock(struct db_record *rec, struct server_id self, locks[i] = locks[num_locks-1]; num_locks -= 1; modified = true; + continue; } + i++; } tmp = talloc_realloc(talloc_tos(), locks, struct g_lock_rec, diff --git a/source3/modules/vfs_ceph.c b/source3/modules/vfs_ceph.c index e3d22bf..2842647 100644 --- a/source3/modules/vfs_ceph.c +++ b/source3/modules/vfs_ceph.c @@ -251,6 +251,20 @@ static int cephwrap_statvfs(struct vfs_handle_struct *handle, const char *path, return ret; } +static uint32_t cephwrap_fs_capabilities(struct vfs_handle_struct *handle, + enum timestamp_set_resolution *p_ts_res) +{ + uint32_t caps = FILE_CASE_SENSITIVE_SEARCH | FILE_CASE_PRESERVED_NAMES; + +#ifdef HAVE_CEPH_STATX + *p_ts_res = TIMESTAMP_SET_NT_OR_BETTER; +#else + *p_ts_res = TIMESTAMP_SET_MSEC; +#endif + + return caps; +} + /* Directory operations */ static DIR *cephwrap_opendir(struct vfs_handle_struct *handle, @@ -1339,6 +1353,7 @@ static struct vfs_fn_pointers ceph_fns = { .get_quota_fn = cephwrap_get_quota, .set_quota_fn = cephwrap_set_quota, .statvfs_fn = cephwrap_statvfs, + .fs_capabilities_fn = cephwrap_fs_capabilities, /* Directory operations */ diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c index ce1b6e2..4889591 100644 --- a/source3/modules/vfs_default.c +++ b/source3/modules/vfs_default.c @@ -121,8 +121,14 @@ static uint32_t vfswrap_fs_capabilities(struct vfs_handle_struct *handle, struct vfs_statvfs_struct statbuf; int ret; + smb_fname_cpath = synthetic_smb_fname(talloc_tos(), conn->connectpath, + NULL, NULL, 0); + if (smb_fname_cpath == NULL) { + return caps; + } + ZERO_STRUCT(statbuf); - ret = sys_statvfs(conn->connectpath, &statbuf); + ret = SMB_VFS_STATVFS(conn, conn->connectpath, &statbuf); if (ret == 0) { caps = statbuf.FsCapabilities; } @@ -132,12 +138,6 @@ static uint32_t vfswrap_fs_capabilities(struct vfs_handle_struct *handle, /* Work out what timestamp resolution we can * use when setting a timestamp. */ - smb_fname_cpath = synthetic_smb_fname(talloc_tos(), conn->connectpath, - NULL, NULL, 0); - if (smb_fname_cpath == NULL) { - return caps; - } - ret = SMB_VFS_STAT(conn, smb_fname_cpath); if (ret == -1) { TALLOC_FREE(smb_fname_cpath); diff --git a/source3/modules/vfs_error_inject.c b/source3/modules/vfs_error_inject.c new file mode 100644 index 0000000..3196a2f --- /dev/null +++ b/source3/modules/vfs_error_inject.c @@ -0,0 +1,99 @@ +/* + * Unix SMB/CIFS implementation. + * Samba VFS module for error injection in VFS calls + * Copyright (C) Christof Schmitt 2017 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see <http://www.gnu.org/licenses/>. + */ + +#include "includes.h" +#include "smbd/smbd.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_VFS + +struct unix_error_map { + const char *err_str; + int error; +} unix_error_map_array[] = { + { "ESTALE", ESTALE }, +}; + +static int find_unix_error_from_string(const char *err_str) +{ + int i; + + for (i = 0; i < ARRAY_SIZE(unix_error_map_array); i++) { + struct unix_error_map *m = &unix_error_map_array[i]; + + if (strequal(err_str, m->err_str)) { + return m->error; + } + } + + return 0; +} + +static int inject_unix_error(const char *vfs_func, vfs_handle_struct *handle) +{ + const char *err_str; + + err_str = lp_parm_const_string(SNUM(handle->conn), + "error_inject", vfs_func, NULL); + + if (err_str != NULL) { + int error; + + error = find_unix_error_from_string(err_str); + if (error != 0) { + DBG_WARNING("Returning error %s for VFS function %s\n", + err_str, vfs_func); + return error; + } + + if (strequal(err_str, "panic")) { + DBG_ERR("Panic in VFS function %s\n", vfs_func); + smb_panic("error_inject"); + } + + DBG_ERR("Unknown error inject %s requested " + "for vfs function %s\n", err_str, vfs_func); + } + + return 0; +} + +static int vfs_error_inject_chdir(vfs_handle_struct *handle, const char *path) +{ + int error; + + error = inject_unix_error("chdir", handle); + if (error != 0) { + errno = error; + return -1; + } + + return SMB_VFS_NEXT_CHDIR(handle, path); +} + +static struct vfs_fn_pointers vfs_error_inject_fns = { + .chdir_fn = vfs_error_inject_chdir, +}; + +static_decl_vfs; +NTSTATUS vfs_error_inject_init(void) +{ + return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "error_inject", + &vfs_error_inject_fns); +} diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c index f7e57d0..7ae51ee 100644 --- a/source3/modules/vfs_fruit.c +++ b/source3/modules/vfs_fruit.c @@ -4065,26 +4065,35 @@ static ssize_t fruit_pwrite_meta_stream(vfs_handle_struct *handle, size_t n, off_t offset) { AfpInfo *ai = NULL; - int ret; + size_t nwritten; + bool ok; ai = afpinfo_unpack(talloc_tos(), data); if (ai == NULL) { return -1; } - if (ai_empty_finderinfo(ai)) { - ret = SMB_VFS_NEXT_UNLINK(handle, fsp->fsp_name); - if (ret != 0 && errno != ENOENT && errno != ENOATTR) { - DBG_ERR("Can't delete metadata for %s: %s\n", - fsp_str_dbg(fsp), strerror(errno)); - TALLOC_FREE(ai); - return -1; - } + nwritten = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset); + if (nwritten != n) { + return -1; + } + if (!ai_empty_finderinfo(ai)) { return n; } - return SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset); + ok = set_delete_on_close( + fsp, + true, + handle->conn->session_info->security_token, + handle->conn->session_info->unix_token); + if (!ok) { + DBG_ERR("set_delete_on_close on [%s] failed\n", + fsp_str_dbg(fsp)); + return -1; + } + + return n; } static ssize_t fruit_pwrite_meta_netatalk(vfs_handle_struct *handle, @@ -4095,26 +4104,13 @@ static ssize_t fruit_pwrite_meta_netatalk(vfs_handle_struct *handle, AfpInfo *ai = NULL; char *p = NULL; int ret; + bool ok; ai = afpinfo_unpack(talloc_tos(), data); if (ai == NULL) { return -1; } - if (ai_empty_finderinfo(ai)) { - ret = SMB_VFS_REMOVEXATTR(handle->conn, - fsp->fsp_name->base_name, - AFPINFO_EA_NETATALK); - - if (ret != 0 && errno != ENOENT && errno != ENOATTR) { - DBG_ERR("Can't delete metadata for %s: %s\n", - fsp_str_dbg(fsp), strerror(errno)); - return -1; - } - - return n; - } - ad = ad_fget(talloc_tos(), handle, fsp, ADOUBLE_META); if (ad == NULL) { ad = ad_init(talloc_tos(), handle, ADOUBLE_META); @@ -4139,6 +4135,22 @@ static ssize_t fruit_pwrite_meta_netatalk(vfs_handle_struct *handle, } TALLOC_FREE(ad); + + if (!ai_empty_finderinfo(ai)) { + return n; + } + + ok = set_delete_on_close( + fsp, + true, + handle->conn->session_info->security_token, + handle->conn->session_info->unix_token); + if (!ok) { + DBG_ERR("set_delete_on_close on [%s] failed\n", + fsp_str_dbg(fsp)); + return -1; + } + return n; } -- Samba Shared Repository