The branch, v4-12-stable has been updated
via 34813fdbf9a VERSION: Disable GIT_SNAPSHOT for the 4.12.11 release.
via c146eae3b4f WHATSNEW: Add release notes for Samba 4.11.11.
via 121fbf80523 vfs_fruit: fix close for fake_fd
via 8a77dcd6935 vfs_fruit: check fake_fd in fruit_pread_meta_stream()
via 00b37ef3cdf vfs_fruit: use "fake_fd" instead of "created"
via 1bd5ffc109b vfs_streams_xattr: make use of vfs_fake_fd_close()
via cbdd15c13aa vfs_fruit: make use of vfs_fake_fd_close()
via 83bd07f3806 s3:smbd: add vfs_fake_fd_close() helper
via 6da2e77cf81 s3:lib: Create the cache path of user gencache
recursively
via 83e0a8cdd13 lib:util: Add directory_create_or_exists_recursive()
via 6adf3619069 vfs_virusfilter: Allocate separate memory for config
char*
via 578c5805ac7 Do not create an empty DB when accessing a sam.ldb
via 9b5dd480590 bootstrap: Cope with case changes in CentOS 8 repo names
via d24a1173c9a lib: Avoid declaring zero-length VLAs in various
messaging functions
via 86d4448396b vfs_zfsacl: add missing inherited flag on hidden
"magic" everyone@ ACE
via eaa736faf67 vfs_zfsacl: reformatting
via 20480f70ce0 s4/samba: call force_check_log_size() in
standard_new_task()
via 91f2f2dedb7 s4/samba: call force_check_log_size() in
standard_accept_connection()
via 4e6fdf5d8d9 s4/samba: call force_check_log_size() in
prefork_reload_after_fork()
via b50ef6fa897 s4: call reopen_logs_internal() in the SIGHUP handler
of the prefork process model
via 1a6f2871036 s4: replace low-level SIGUP handler with a tevent
handler
via 7299ebb1215 s4: install tevent tracing hooks to trigger logfile
rotation
via 5b838f5075c s4: add samba server tevent trace helper stuff
via 6c881025bfa debug: detect logrotation by checking inode number
via 5cd1e3c5a4a debug: pass struct debug_class *config to
do_one_check_log_size()
via f6bd782cb3b debug: pass struct debug_class *config to
reopen_one_log()
via ccf971eef5c loadparm: setup debug subsystem setting max_log_size
from config
via a30aaa499db s3: smbd: Quiet log messages from usershares for an
unknown share.
via ecdddde3c53 vfs_glusterfs: print exact cmdline for disabling
write-behind translator
via 9bcd19c42ae manpages/vfs_glusterfs: Mention silent skipping of
write-behind translator
via b3665f70109 vfs_shadow_copy2: Preserve all open flags assuming ROFS
via 58eaf85bd92 s3: spoolss: Make parameters in call to user_ok_token()
match all other uses.
via dcce5e5bf67 s3: smbd: Don't overwrite contents of
fsp->aio_requests[0] with NULL via TALLOC_FREE().
via 4873f377e75 interface: fix if_index is not parsed correctly
via a6782e76046 s3: modules: gluster. Fix the error I made in
preventing talloc leaks from a function.
via 8136ade13f8 libcli: smb2: Never print length if
smb2_signing_key_valid() fails for crypto blob.
via 9215dc9dc69 s3-vfs_glusterfs: always disable write-behind translator
via 15c35524a27 VERSION: Bump version up to 4.12.11...
from e608cffa870 VERSION: Disable GIT_SNAPSHOT for the 4.12.10 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-12-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
.gitlab-ci.yml | 2 +-
VERSION | 2 +-
WHATSNEW.txt | 93 +++++++++++++++-
bootstrap/config.py | 3 +-
bootstrap/generated-dists/centos8/bootstrap.sh | 3 +-
bootstrap/sha1sum.txt | 2 +-
docs-xml/manpages/vfs_glusterfs.8.xml | 9 ++
lib/param/loadparm.c | 1 +
lib/util/debug.c | 63 +++++++----
lib/util/samba_util.h | 14 +++
lib/util/tests/test_util.c | 118 +++++++++++++++++++--
lib/util/util.c | 40 +++++++
libcli/smb/smb2_signing.c | 9 +-
source3/lib/gencache.c | 2 +-
source3/lib/interface.c | 2 +-
source3/lib/messages.c | 6 +-
source3/modules/vfs_fruit.c | 34 +++---
source3/modules/vfs_glusterfs.c | 47 +++++---
source3/modules/vfs_shadow_copy2.c | 4 +-
source3/modules/vfs_streams_xattr.c | 4 +-
source3/modules/vfs_virusfilter.c | 66 ++++++++++--
source3/modules/vfs_zfsacl.c | 6 +-
source3/param/loadparm.c | 10 ++
source3/rpc_server/spoolss/srv_spoolss_nt.c | 3 +-
source3/smbd/close.c | 14 ++-
source3/smbd/proto.h | 2 +
source3/smbd/vfs.c | 9 ++
source3/wscript | 3 +
source4/dsdb/samdb/samdb.c | 3 +
source4/smbd/process_prefork.c | 16 ++-
source4/smbd/process_standard.c | 4 +
source4/smbd/server.c | 46 ++++++++
source4/smbd/server_util.c | 94 ++++++++++++++++
.../winbindd_ads.h => source4/smbd/server_util.h | 18 ++--
source4/smbd/wscript_build | 9 +-
35 files changed, 657 insertions(+), 104 deletions(-)
create mode 100644 source4/smbd/server_util.c
copy source3/winbindd/winbindd_ads.h => source4/smbd/server_util.h (67%)
Changeset truncated at 500 lines:
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 56adf10c7be..c706dac66bd 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -22,7 +22,7 @@ variables:
# Set this to the contents of bootstrap/sha1sum.txt
# which is generated by bootstrap/template.py --render
#
- SAMBA_CI_CONTAINER_TAG: 41319f2580c026f66b2750604a0eb15d6b6f7b50
+ SAMBA_CI_CONTAINER_TAG: 8bec130a6b741608616302662edee02fd39f3baf
#
# We use the ubuntu1804 image as default as
# it matches what we have on sn-devel-184.
diff --git a/VERSION b/VERSION
index f1cc579dbc0..2cbc8277d97 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=12
-SAMBA_VERSION_RELEASE=10
+SAMBA_VERSION_RELEASE=11
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 69007c592f5..a5de41e2c75 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,90 @@
+ ===============================
+ Release Notes for Samba 4.12.11
+ January 14, 2021
+ ===============================
+
+
+This is the latest stable release of the Samba 4.12 release series.
+
+
+Changes since 4.12.10
+---------------------
+
+o Jeremy Allison <[email protected]>
+ * BUG 14210: libcli: smb2: Never print length if smb2_signing_key_valid()
+ fails for crypto blob.
+ * BUG 14486: s3: modules: gluster. Fix the error I made in preventing talloc
+ leaks from a function.
+ * BUG 14515: s3: smbd: Don't overwrite contents of fsp->aio_requests[0] with
+ NULL via TALLOC_FREE().
+ * BUG 14568: s3: spoolss: Make parameters in call to user_ok_token() match
+ all other uses.
+ * BUG 14590: s3: smbd: Quiet log messages from usershares for an unknown
+ share.
+
+o Dimitry Andric <[email protected]>
+ * BUG 14605: lib: Avoid declaring zero-length VLAs in various messaging
+ functions.
+
+o Andrew Bartlett <[email protected]>
+ * BUG 14579: Do not create an empty DB when accessing a sam.ldb.
+
+o Ralph Boehme <[email protected]>
+ * BUG 14248: samba process does not honor "max log size".
+ * BUG 14587: vfs_zfsacl: add missing inherited flag on hidden "magic"
+ everyone@ ACE.
+ * BUG 14596: vfs_fruit may close wrong backend fd.
+ * BUG 14596: TODO
+
+o Günther Deschner <[email protected]>
+ * BUG 14486: s3-vfs_glusterfs: always disable write-behind translator.
+
+o Arne Kreddig <[email protected]>
+ * BUG 14606: vfs_virusfilter: Allocate separate memory for config char*.
+
+o Stefan Metzmacher <[email protected]>
+ * BUG 14596: vfs_fruit may close wrong backend fd.
+
+o Anoop C S <[email protected]>
+ * BUG 14486: manpages/vfs_glusterfs: Mention silent skipping of write-behind
+ translator.
+ * BUG 14573: vfs_shadow_copy2: Preserve all open flags assuming ROFS.
+
+o Andreas Schneider <[email protected]>
+ * BUG 14601: s3:lib: Create the cache path of user gencache recursively.
+
+o Martin Schwenke <[email protected]>
+ * BUG 14594: Be more flexible with repository names in CentOS 8 test
+ environments.
+
+o Jones Syue <[email protected]>
+ * BUG 14514: interface: Fix if_index is not parsed correctly.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+
===============================
Release Notes for Samba 4.12.10
November 05, 2020
@@ -90,8 +177,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
==============================
Release Notes for Samba 4.12.9
@@ -547,7 +634,7 @@ o Andrew Bartlett <[email protected]>
o Gary Lockyer <[email protected]>
* BUG 14364: CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ
and VLV combined, ldb: Bump version to 2.1.4.
-
+
#######################################
Reporting bugs & Development Discussion
diff --git a/bootstrap/config.py b/bootstrap/config.py
index bcada1dc628..5ead9f74501 100644
--- a/bootstrap/config.py
+++ b/bootstrap/config.py
@@ -226,7 +226,8 @@ set -xueo pipefail
yum update -y
yum install -y dnf-plugins-core
yum install -y epel-release
-yum config-manager --set-enabled PowerTools -y
+yum config-manager --set-enabled PowerTools -y || \
+ yum config-manager --set-enabled powertools -y
yum update -y
yum install -y \
diff --git a/bootstrap/generated-dists/centos8/bootstrap.sh
b/bootstrap/generated-dists/centos8/bootstrap.sh
index 22484b3f6ad..e6fab86e446 100755
--- a/bootstrap/generated-dists/centos8/bootstrap.sh
+++ b/bootstrap/generated-dists/centos8/bootstrap.sh
@@ -10,7 +10,8 @@ set -xueo pipefail
yum update -y
yum install -y dnf-plugins-core
yum install -y epel-release
-yum config-manager --set-enabled PowerTools -y
+yum config-manager --set-enabled PowerTools -y || \
+ yum config-manager --set-enabled powertools -y
yum update -y
yum install -y \
diff --git a/bootstrap/sha1sum.txt b/bootstrap/sha1sum.txt
index 62c2245564e..5328cff1cd3 100644
--- a/bootstrap/sha1sum.txt
+++ b/bootstrap/sha1sum.txt
@@ -1 +1 @@
-41319f2580c026f66b2750604a0eb15d6b6f7b50
+8bec130a6b741608616302662edee02fd39f3baf
diff --git a/docs-xml/manpages/vfs_glusterfs.8.xml
b/docs-xml/manpages/vfs_glusterfs.8.xml
index 7a4da1af919..d25135e14ac 100644
--- a/docs-xml/manpages/vfs_glusterfs.8.xml
+++ b/docs-xml/manpages/vfs_glusterfs.8.xml
@@ -179,7 +179,16 @@
translator and refuse to connect if detected.
Please disable the write-behind translator for the GlusterFS
volume to allow the plugin to connect to the volume.
+ The write-behind translator can easily be disabled via calling
+ <programlisting>
+ gluster volume set <volumename>
performance.write-behind off
+ </programlisting> on the commandline.
</para>
+ <para>
+ With GlusterFS versions >= 9, we silently bypass write-behind
+ translator during initial connect and failure is avoided.
+ </para>
+
</refsect1>
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 63291283905..8bca0ee632a 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -3159,6 +3159,7 @@ static bool lpcfg_update(struct loadparm_context *lp_ctx)
settings.debug_pid = lp_ctx->globals->debug_pid;
settings.debug_uid = lp_ctx->globals->debug_uid;
settings.debug_class = lp_ctx->globals->debug_class;
+ settings.max_log_size = lp_ctx->globals->max_log_size;
debug_set_settings(&settings, lp_ctx->globals->logging,
lp_ctx->globals->syslog,
lp_ctx->globals->syslog_only);
diff --git a/lib/util/debug.c b/lib/util/debug.c
index 1650551a766..692e97e3390 100644
--- a/lib/util/debug.c
+++ b/lib/util/debug.c
@@ -113,6 +113,8 @@ struct debug_class {
*/
char *logfile;
int fd;
+ /* inode number of the logfile to detect logfile rotation */
+ ino_t ino;
};
static const char *default_classname_table[] = {
@@ -1082,14 +1084,17 @@ static void debug_callback_log(const char *msg, int
msg_level)
Fix from [email protected].
**************************************************************************/
-static bool reopen_one_log(int *fd, const char *logfile)
+static bool reopen_one_log(struct debug_class *config)
{
- int old_fd = *fd;
+ int old_fd = config->fd;
+ const char *logfile = config->logfile;
+ struct stat st;
int new_fd;
+ int ret;
if (logfile == NULL) {
debug_close_fd(old_fd);
- *fd = -1;
+ config->fd = -1;
return true;
}
@@ -1104,8 +1109,18 @@ static bool reopen_one_log(int *fd, const char *logfile)
debug_close_fd(old_fd);
smb_set_close_on_exec(new_fd);
- *fd = new_fd;
+ config->fd = new_fd;
+ ret = fstat(new_fd, &st);
+ if (ret != 0) {
+ log_overflow = true;
+ DBG_ERR("Unable to fstat() new log file '%s': %s\n",
+ logfile, strerror(errno));
+ log_overflow = false;
+ return false;
+ }
+
+ config->ino = st.st_ino;
return true;
}
@@ -1164,8 +1179,7 @@ bool reopen_logs_internal(void)
state.reopening_logs = true;
for (i = DBGC_ALL; i < debug_num_classes; i++) {
- ok = reopen_one_log(&dbgc_config[i].fd,
- dbgc_config[i].logfile);
+ ok = reopen_one_log(&dbgc_config[i]);
if (!ok) {
break;
}
@@ -1249,51 +1263,62 @@ bool need_to_check_log_size(void)
Check to see if the log has grown to be too big.
**************************************************************************/
-static void do_one_check_log_size(off_t maxlog, int *_fd, const char *logfile)
+static void do_one_check_log_size(off_t maxlog, struct debug_class *config)
{
- char name[strlen(logfile) + 5];
+ char name[strlen(config->logfile) + 5];
struct stat st;
- int fd = *_fd;
int ret;
+ bool reopen = false;
bool ok;
if (maxlog == 0) {
return;
}
- ret = fstat(fd, &st);
+ ret = stat(config->logfile, &st);
if (ret != 0) {
return;
}
- if (st.st_size < maxlog ) {
+ if (st.st_size >= maxlog ) {
+ reopen = true;
+ }
+
+ if (st.st_ino != config->ino) {
+ reopen = true;
+ }
+
+ if (!reopen) {
return;
}
/* reopen_logs_internal() modifies *_fd */
(void)reopen_logs_internal();
- fd = *_fd;
- if (fd <= 2) {
+ if (config->fd <= 2) {
return;
}
- ret = fstat(fd, &st);
+ ret = fstat(config->fd, &st);
if (ret != 0) {
+ config->ino = (ino_t)0;
return;
}
+
+ config->ino = st.st_ino;
+
if (st.st_size < maxlog) {
return;
}
- snprintf(name, sizeof(name), "%s.old", logfile);
+ snprintf(name, sizeof(name), "%s.old", config->logfile);
- (void)rename(logfile, name);
+ (void)rename(config->logfile, name);
ok = reopen_logs_internal();
if (ok) {
return;
}
/* We failed to reopen a log - continue using the old name. */
- (void)rename(name, logfile);
+ (void)rename(name, config->logfile);
}
static void do_check_log_size(off_t maxlog)
@@ -1307,9 +1332,7 @@ static void do_check_log_size(off_t maxlog)
if (dbgc_config[i].logfile == NULL) {
continue;
}
- do_one_check_log_size(maxlog,
- &dbgc_config[i].fd,
- dbgc_config[i].logfile);
+ do_one_check_log_size(maxlog, &dbgc_config[i]);
}
}
diff --git a/lib/util/samba_util.h b/lib/util/samba_util.h
index f0aa42e7271..d32765bf6d1 100644
--- a/lib/util/samba_util.h
+++ b/lib/util/samba_util.h
@@ -451,6 +451,20 @@ _PUBLIC_ bool file_check_permissions(const char *fname,
*/
_PUBLIC_ bool directory_create_or_exist(const char *dname, mode_t dir_perms);
+/**
+ * @brief Try to create a specified directory and the parent directory if they
+ * don't exist.
+ *
+ * @param[in] dname The directory path to create.
+ *
+ * @param[in] dir_perms The permission of the directories.
+ *
+ * @return true on success, false otherwise.
+ */
+_PUBLIC_ bool directory_create_or_exists_recursive(
+ const char *dname,
+ mode_t dir_perms);
+
_PUBLIC_ bool directory_create_or_exist_strict(const char *dname,
uid_t uid,
mode_t dir_perms);
diff --git a/lib/util/tests/test_util.c b/lib/util/tests/test_util.c
index eebba39e70c..a893e6175c2 100644
--- a/lib/util/tests/test_util.c
+++ b/lib/util/tests/test_util.c
@@ -4,6 +4,7 @@
* Unit test for util.c
*
* Copyright (C) Christof Schmitt 2020
+ * Copyright (C) Andreas Schneider 2020
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -19,13 +20,22 @@
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
-#include "lib/util/util.c"
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <setjmp.h>
#include <cmocka.h>
+#include "lib/replace/replace.h"
+#include "system/dir.h"
+
+#include "lib/util/util.c"
+
struct test_paths {
char testdir[PATH_MAX];
char none[PATH_MAX];
char dir[PATH_MAX];
+ char dir_recursive[PATH_MAX];
mode_t dir_mode;
char file[PATH_MAX];
mode_t file_mode;
@@ -59,6 +69,12 @@ static int group_setup(void **state)
ret = mkdir(paths->dir, paths->dir_mode);
assert_return_code(ret, errno);
+ strlcpy(paths->dir_recursive, testdir, sizeof(paths->dir));
+ strlcat(paths->dir_recursive, "/dir_recursive", sizeof(paths->dir));
+ paths->dir_mode = 0750;
+ ret = mkdir(paths->dir_recursive, paths->dir_mode);
+ assert_return_code(ret, errno);
+
strlcpy(paths->file, testdir, sizeof(paths->file));
strlcat(paths->file, "/file", sizeof(paths->file));
paths->file_mode = 0640;
@@ -89,16 +105,79 @@ static int group_setup(void **state)
return 0;
}
+static int torture_rmdirs(const char *path)
+{
+ DIR *d;
+ struct dirent *dp;
+ struct stat sb;
+ char *fname;
+
+ if ((d = opendir(path)) != NULL) {
+ while(stat(path, &sb) == 0) {
+ /* if we can remove the directory we're done */
+ if (rmdir(path) == 0) {
+ break;
+ }
+ switch (errno) {
+ case ENOTEMPTY:
+ case EEXIST:
+ case EBADF:
+ break; /* continue */
+ default:
+ closedir(d);
+ return 0;
+ }
+
+ while ((dp = readdir(d)) != NULL) {
+ size_t len;
+ /* skip '.' and '..' */
+ if (dp->d_name[0] == '.' &&
+ (dp->d_name[1] == '\0' ||
+ (dp->d_name[1] == '.' &&
dp->d_name[2] == '\0'))) {
+ continue;
+ }
+
+ len = strlen(path) + strlen(dp->d_name) + 2;
+ fname = malloc(len);
+ if (fname == NULL) {
+ closedir(d);
+ return -1;
+ }
+ snprintf(fname, len, "%s/%s", path, dp->d_name);
+
+ /* stat the file */
+ if (lstat(fname, &sb) != -1) {
+ if (S_ISDIR(sb.st_mode) &&
!S_ISLNK(sb.st_mode)) {
+ if (rmdir(fname) < 0) { /*
can't be deleted */
+ if (errno == EACCES) {
+ closedir(d);
+
SAFE_FREE(fname);
+ return -1;
+ }
+ torture_rmdirs(fname);
+ }
+ } else {
+ unlink(fname);
+ }
+ } /* lstat */
+ SAFE_FREE(fname);
+ } /* readdir */
+
+ rewinddir(d);
+ }
+ } else {
+ return -1;
+ }
+
--
Samba Shared Repository
