The branch, v4-17-test has been updated
via 50fd29d8b88 nsswitch: Fix uninitialized memory when allocating
pwdlastset_prelim
via d7e34c8b157 nsswitch: Fix pam_set_data()/pam_get_data() to use
pointers to a time_t, not try and embedd it directly.
via 9dbbce3f4e7 vfs_glusterfs: Add path based fallback mechanism for
SMB_VFS_FNTIMES
via 4a3dcb32578 vfs_glusterfs: Simplify SMB_VFS_FDOPENDIR implementation
via 9f307955d8a vfs_glusterfs: Add path based fallback mechanism for
SMB_VFS_FGETXATTR
via d904e80ef35 vfs_glusterfs: Do not use glfs_fgetxattr() for
SMB_VFS_GET_REAL_FILENAME_AT
via 2ce1a1eca56 vfs_glusterfs: Simplify SMB_VFS_GET_REAL_FILENAME_AT
implementation
via 2c1b957433b s3:rpc_server: Fix include directive substitution when
enumerating shares
via 969df454453 s3:tests: Add substitution test for listing shares
via 560805be834 s3:tests: Add substitution test for include directive
via e3207e6c250 lib/replace: fix memory leak in snprintf replacements
from 3e1f07b1027 VERSION: Bump version up to Samba 4.17.4...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-17-test
- Log -----------------------------------------------------------------
commit 50fd29d8b88226819208a8215867d81c1edc78a9
Author: Noel Power <noel.po...@suse.com>
Date: Wed Nov 16 15:37:52 2022 +0000
nsswitch: Fix uninitialized memory when allocating pwdlastset_prelim
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15224
Signed-off-by: Noel Power <noel.po...@suse.com>
Reviewed-by: Jeremy Allison <j...@samba.org>
Autobuild-User(master): Jeremy Allison <j...@samba.org>
Autobuild-Date(master): Wed Nov 16 19:29:21 UTC 2022 on sn-devel-184
(cherry picked from commit f6284877ce07fc5ddf4f4e2d824013b645d6e12c)
Autobuild-User(v4-17-test): Jule Anger <jan...@samba.org>
Autobuild-Date(v4-17-test): Wed Nov 23 13:56:47 UTC 2022 on sn-devel-184
commit d7e34c8b1578e4cc2c30a5a035c5eddfd0e1e1f1
Author: Jeremy Allison <j...@samba.org>
Date: Tue Nov 8 16:16:07 2022 -0800
nsswitch: Fix pam_set_data()/pam_get_data() to use pointers to a time_t,
not try and embedd it directly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15224
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Noel Power <npo...@samba.org>
Autobuild-User(master): Noel Power <npo...@samba.org>
Autobuild-Date(master): Wed Nov 16 15:09:45 UTC 2022 on sn-devel-184
(cherry picked from commit 7cb50405515298b75dcc512633fb3877045aabc6)
commit 9dbbce3f4e72eae302bd9e18013d80f544220ee2
Author: Anoop C S <anoo...@samba.org>
Date: Thu Oct 13 15:54:10 2022 +0530
vfs_glusterfs: Add path based fallback mechanism for SMB_VFS_FNTIMES
Fallback mechanism was missing in vfs_gluster_fntimes() for path based
call. Therefore adding a similar mechanism as seen with other calls like
vfs_gluster_fsetxattr, vfs_gluster_fgetxattr etc.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15198
Signed-off-by: Anoop C S <anoo...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit 5d91ecf01dce95400da5d6ac181144df1e32ca35)
commit 4a3dcb3257834285a198c5ff3c18a2eaac3d38ab
Author: Anoop C S <anoo...@samba.org>
Date: Tue Oct 11 23:02:48 2022 +0530
vfs_glusterfs: Simplify SMB_VFS_FDOPENDIR implementation
It was unnecessary to construct full directory path as "dir/." which is
same as "dir". We could just directly use fsp->fsp_name->base_name and
return directory stream obtained from glfs_opendir().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15198
Signed-off-by: Anoop C S <anoo...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
Autobuild-User(master): Ralph Böhme <s...@samba.org>
Autobuild-Date(master): Wed Oct 12 12:48:50 UTC 2022 on sn-devel-184
(cherry picked from commit cc397175cb9a1b06f268ecf6b3d62f621947cbba)
commit 9f307955d8a7546171333ef0c0aa85f04c32d578
Author: Anoop C S <anoo...@samba.org>
Date: Mon Oct 10 20:29:13 2022 +0530
vfs_glusterfs: Add path based fallback mechanism for SMB_VFS_FGETXATTR
Fallback mechanism was missing in vfs_gluster_fgetxattr() for path based
call. Therefore adding a similar mechanism as seen with other calls like
vfs_gluster_fsetxattr, vfs_gluster_flistxattr etc.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15198
Signed-off-by: Anoop C S <anoo...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit 7af4bfe8285714c137b6347b17305c9cd0702bdd)
commit d904e80ef35f702690a843bf6cffbba297c6ddda
Author: Anoop C S <anoo...@samba.org>
Date: Tue Oct 11 23:27:37 2022 +0530
vfs_glusterfs: Do not use glfs_fgetxattr() for SMB_VFS_GET_REAL_FILENAME_AT
glfs_fgetxattr() or generally fgetxattr() will return EBADF as dirfsp
here is a pathref fsp. GlusterFS client log had following entries
indicating the error:
W [MSGID: 114031] [client-rpc-fops_v2.c:993:client4_0_fgetxattr_cbk] \
0-vol-client-0: remote operation failed. [{errno=9}, {error=Bad file
descriptor}]
Therefore use glfs_getxattr() only for implementing get_real_filename_at
logic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15198
Signed-off-by: Anoop C S <anoo...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit 6a6bd1a0530424def64d2d462b54e4c1f4f9bebb)
commit 2ce1a1eca5677268f3b0be18f02d74fa07e575a0
Author: Anoop C S <anoo...@samba.org>
Date: Tue Oct 11 23:25:46 2022 +0530
vfs_glusterfs: Simplify SMB_VFS_GET_REAL_FILENAME_AT implementation
It was unnecessary to construct full directory path as "dir/." which is
same as "dir". We could just directly use dirfsp->fsp_name->base_name
for glfs_getxattr() and return the result.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15198
Signed-off-by: Anoop C S <anoo...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit 8cbd9e63724d80c06565d0c90bd107166dfd9bbe)
commit 2c1b957433b8df8dae5a7d85dfa540fbe008c28d
Author: Andreas Schneider <a...@samba.org>
Date: Wed Nov 16 11:24:12 2022 +0100
s3:rpc_server: Fix include directive substitution when enumerating shares
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15243
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Volker Lendecke <v...@samba.org>
(cherry picked from commit f03665bb7e8ea97699062630f2aa1bac4c5dfc7f)
commit 969df4544534e43875d7421028223cf9b754c9c4
Author: Andreas Schneider <a...@samba.org>
Date: Wed Nov 16 11:23:44 2022 +0100
s3:tests: Add substitution test for listing shares
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15243
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Volker Lendecke <v...@samba.org>
(cherry picked from commit c213ead8c4c1b5287294a67e65f271fbb0b922b2)
commit 560805be8349bdaa8c7babec2042c4db80834246
Author: Andreas Schneider <a...@samba.org>
Date: Tue Nov 15 16:35:15 2022 +0100
s3:tests: Add substitution test for include directive
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15243
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Volker Lendecke <v...@samba.org>
(backported from commit ce3d27a9f5a98b4680af5fb5a595b0e7e94f8c30)
commit e3207e6c25021bce272645e1b387d4c9da18cc8a
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Oct 31 13:16:25 2022 +0100
lib/replace: fix memory leak in snprintf replacements
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15230
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Volker Lendecke <v...@samba.org>
Autobuild-User(master): Volker Lendecke <v...@samba.org>
Autobuild-Date(master): Wed Nov 9 11:18:02 UTC 2022 on sn-devel-184
(cherry picked from commit 76adda9d2fea9f93f4cf97536db5c0be6deeb98c)
-----------------------------------------------------------------------
Summary of changes:
lib/replace/snprintf.c | 2 +
nsswitch/pam_winbind.c | 24 +++++---
selftest/target/Samba3.pm | 17 ++++++
source3/modules/vfs_glusterfs.c | 97 +++++++++---------------------
source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 8 +++
source3/script/tests/test_substitutions.sh | 27 +++++++++
6 files changed, 99 insertions(+), 76 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/replace/snprintf.c b/lib/replace/snprintf.c
index 6e4424b0b31..de814af4164 100644
--- a/lib/replace/snprintf.c
+++ b/lib/replace/snprintf.c
@@ -751,6 +751,8 @@ done:
while (chunks) {
cnk = chunks->next;
+ if (chunks->min_star) free(chunks->min_star);
+ if (chunks->max_star) free(chunks->max_star);
free(chunks);
chunks = cnk;
}
diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
index e7ae605b341..06a8db21b69 100644
--- a/nsswitch/pam_winbind.c
+++ b/nsswitch/pam_winbind.c
@@ -3226,7 +3226,15 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
*/
if (flags & PAM_PRELIM_CHECK) {
- time_t pwdlastset_prelim = 0;
+ time_t *pwdlastset_prelim = NULL;
+
+ pwdlastset_prelim = talloc_zero(NULL, time_t);
+ if (pwdlastset_prelim == NULL) {
+ _pam_log(ctx, LOG_CRIT,
+ "password - out of memory");
+ ret = PAM_BUF_ERR;
+ goto out;
+ }
/* instruct user what is happening */
@@ -3258,7 +3266,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
ret = winbind_auth_request(ctx, user, pass_old,
NULL, NULL, 0,
&error, NULL,
- &pwdlastset_prelim, NULL);
+ pwdlastset_prelim, NULL);
if (ret != PAM_ACCT_EXPIRED &&
ret != PAM_AUTHTOK_EXPIRED &&
@@ -3269,7 +3277,8 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
}
pam_set_data(pamh, PAM_WINBIND_PWD_LAST_SET,
- (void *)pwdlastset_prelim, NULL);
+ pwdlastset_prelim,
+ _pam_winbind_cleanup_func);
ret = pam_set_item(pamh, PAM_OLDAUTHTOK,
(const void *) pass_old);
@@ -3280,7 +3289,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
}
} else if (flags & PAM_UPDATE_AUTHTOK) {
- time_t pwdlastset_update = 0;
+ time_t *pwdlastset_update = NULL;
/*
* obtain the proposed password
@@ -3343,8 +3352,9 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
* By reaching here we have approved the passwords and must now
* rebuild the password database file.
*/
- pam_get_data(pamh, PAM_WINBIND_PWD_LAST_SET,
- (const void **) &pwdlastset_update);
+ pam_get_data(pamh,
+ PAM_WINBIND_PWD_LAST_SET,
+ (const void **)&pwdlastset_update);
/*
* if cached creds were enabled, make sure to set the
@@ -3356,7 +3366,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
}
ret = winbind_chauthtok_request(ctx, user, pass_old,
- pass_new, pwdlastset_update);
+ pass_new, *pwdlastset_update);
if (ret != PAM_SUCCESS) {
pass_old = pass_new = NULL;
goto out;
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index d413f14bacd..64374ab9bcd 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -2674,6 +2674,8 @@ sub provision($$)
my $errorinjectconf="$libdir/error_inject.conf";
my $delayinjectconf="$libdir/delay_inject.conf";
my $globalinjectconf="$libdir/global_inject.conf";
+ my $aliceconfdir="$libdir";
+ my $aliceconffile="$libdir/alice.conf";
my $nss_wrapper_pl = "$ENV{PERL}
$self->{srcdir}/third_party/nss_wrapper/nss_wrapper.pl";
my $nss_wrapper_passwd = "$privatedir/passwd";
@@ -3443,6 +3445,8 @@ sub provision($$)
[full_audit_fail_bad_name]
copy = tmp
full_audit:failure = badname
+
+include = $aliceconfdir/%U.conf
";
close(CONF);
@@ -3483,6 +3487,19 @@ sub provision($$)
}
close(DELAYCONF);
+ unless (open(ALICECONF, ">$aliceconffile")) {
+ warn("Unable to open $aliceconffile");
+ return undef;
+ }
+
+ print ALICECONF "
+[alice_share]
+ path = $shrdir
+ comment = smb username is [%U]
+ ";
+
+ close(ALICECONF);
+
##
## create a test account
##
diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c
index 8fef8c8bf9c..18bd79ff41b 100644
--- a/source3/modules/vfs_glusterfs.c
+++ b/source3/modules/vfs_glusterfs.c
@@ -626,38 +626,12 @@ static DIR *vfs_gluster_fdopendir(struct
vfs_handle_struct *handle,
uint32_t attributes)
{
glfs_fd_t *glfd = NULL;
- struct smb_filename *full_fname = NULL;
- struct smb_filename *smb_fname_dot = NULL;
-
- smb_fname_dot = synthetic_smb_fname(fsp->fsp_name,
- ".",
- NULL,
- NULL,
- 0,
- 0);
- if (smb_fname_dot == NULL) {
- return NULL;
- }
-
- full_fname = full_path_from_dirfsp_atname(talloc_tos(),
- fsp,
- smb_fname_dot);
- if (full_fname == NULL) {
- TALLOC_FREE(smb_fname_dot);
- return NULL;
- }
-
- glfd = glfs_opendir(handle->data, full_fname->base_name);
+ glfd = glfs_opendir(handle->data, fsp->fsp_name->base_name);
if (glfd == NULL) {
- TALLOC_FREE(full_fname);
- TALLOC_FREE(smb_fname_dot);
return NULL;
}
- TALLOC_FREE(full_fname);
- TALLOC_FREE(smb_fname_dot);
-
return (DIR *)glfd;
}
@@ -1797,7 +1771,13 @@ static int vfs_gluster_fntimes(struct vfs_handle_struct
*handle,
return -1;
}
- ret = glfs_futimens(glfd, times);
+ if (!fsp->fsp_flags.is_pathref) {
+ ret = glfs_futimens(glfd, times);
+ } else {
+ ret = glfs_utimens(handle->data,
+ fsp->fsp_name->base_name,
+ times);
+ }
END_PROFILE(syscall_fntimes);
return ret;
@@ -2266,12 +2246,6 @@ static NTSTATUS vfs_gluster_get_real_filename_at(
int ret;
char key_buf[GLUSTER_NAME_MAX + 64];
char val_buf[GLUSTER_NAME_MAX + 1];
-#ifdef HAVE_GFAPI_VER_7_11
- glfs_fd_t *pglfd = NULL;
-#else
- struct smb_filename *smb_fname_dot = NULL;
- struct smb_filename *full_fname = NULL;
-#endif
if (strlen(name) >= GLUSTER_NAME_MAX) {
return NT_STATUS_OBJECT_NAME_INVALID;
@@ -2280,40 +2254,11 @@ static NTSTATUS vfs_gluster_get_real_filename_at(
snprintf(key_buf, GLUSTER_NAME_MAX + 64,
"glusterfs.get_real_filename:%s", name);
-#ifdef HAVE_GFAPI_VER_7_11
- pglfd = vfs_gluster_fetch_glfd(handle, dirfsp);
- if (pglfd == NULL) {
- DBG_ERR("Failed to fetch gluster fd\n");
- return NT_STATUS_OBJECT_NAME_NOT_FOUND;
- }
-
- ret = glfs_fgetxattr(pglfd, key_buf, val_buf, GLUSTER_NAME_MAX + 1);
-#else
- smb_fname_dot = synthetic_smb_fname(mem_ctx,
- ".",
- NULL,
- NULL,
- 0,
- 0);
- if (smb_fname_dot == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- full_fname = full_path_from_dirfsp_atname(talloc_tos(),
- dirfsp,
- smb_fname_dot);
- if (full_fname == NULL) {
- TALLOC_FREE(smb_fname_dot);
- return NT_STATUS_NO_MEMORY;
- }
-
- ret = glfs_getxattr(handle->data, full_fname->base_name,
- key_buf, val_buf, GLUSTER_NAME_MAX + 1);
-
- TALLOC_FREE(smb_fname_dot);
- TALLOC_FREE(full_fname);
-#endif
-
+ ret = glfs_getxattr(handle->data,
+ dirfsp->fsp_name->base_name,
+ key_buf,
+ val_buf,
+ GLUSTER_NAME_MAX + 1);
if (ret == -1) {
if (errno == ENOATTR) {
errno = ENOENT;
@@ -2347,7 +2292,21 @@ static ssize_t vfs_gluster_fgetxattr(struct
vfs_handle_struct *handle,
return -1;
}
- return glfs_fgetxattr(glfd, name, value, size);
+ if (!fsp->fsp_flags.is_pathref) {
+ /*
+ * We can use an io_fd to retrieve xattr value.
+ */
+ return glfs_fgetxattr(glfd, name, value, size);
+ }
+
+ /*
+ * This is no longer a handle based call.
+ */
+ return glfs_getxattr(handle->data,
+ fsp->fsp_name->base_name,
+ name,
+ value,
+ size);
}
static ssize_t vfs_gluster_flistxattr(struct vfs_handle_struct *handle,
diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
index 07bfb759147..233718ff310 100644
--- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
@@ -645,6 +645,14 @@ static WERROR init_srv_share_info_ctr(struct pipes_struct
*p,
added_home = register_homes_share(unix_name);
}
+ /*
+ * We need to make sure to reload the services for the connecting user.
+ * It is possible that the we have includes with substitutions.
+ *
+ * include = /etc/samba/%U.conf
+ */
+ reload_services(NULL, NULL, false);
+
num_services = lp_numservices();
allowed = talloc_zero_array(ctx, bool, num_services);
diff --git a/source3/script/tests/test_substitutions.sh
b/source3/script/tests/test_substitutions.sh
index 157381e6cb2..aa0b38d1b64 100755
--- a/source3/script/tests/test_substitutions.sh
+++ b/source3/script/tests/test_substitutions.sh
@@ -20,6 +20,7 @@ failed=0
samba_bindir="$BINDIR"
samba_srcdir="$SRCDIR"
smbclient="$samba_bindir/smbclient"
+rpcclient="$samba_bindir/rpcclient"
. $samba_srcdir/testprogs/blackbox/subunit.sh
. $samba_srcdir/testprogs/blackbox/common_test_fns.inc
@@ -49,4 +50,30 @@ SMB_UNC="//$SERVER/sub_valid_users_group"
test_smbclient "Test login to share with substitution for valid user's UNIX
group" \
"ls" "$SMB_UNC" "-U$USERNAME%$PASSWORD" || failed=$(expr $failed + 1)
+test_smbclient \
+ "Test for login to share with include substitution [${USERNAME}]" \
+ "ls" "//${SERVER}/${USERNAME}_share" "-U$USERNAME%$PASSWORD" ||
+ failed=$((failed + 1))
+
+test_smbclient_expect_failure \
+ "Netative test for login to share with include substitution
[${DC_USERNAME}]" \
+ "ls" "//${SERVER}/${USERNAME}_share" "-U$DC_USERNAME%$DC_PASSWORD" ||
+ failed=$((failed + 1))
+
+testit_grep_count \
+ "Test for share enum with include substitution" \
+ "netname: ${USERNAME}_share" \
+ 1 \
+ ${rpcclient} "ncacn_np:${SERVER}" "-U$USERNAME%$PASSWORD" \
+ -c netshareenum ||
+ failed=$((failed + 1))
+
+testit_grep_count \
+ "Negative test for share enum with include substitution" \
+ "netname: ${USERNAME}_share" \
+ 0 \
+ ${rpcclient} "ncacn_np:${SERVER}" "-U$DC_USERNAME%$DC_PASSWORD" \
+ -c netshareenum ||
+ failed=$((failed + 1))
+
exit $failed
--
Samba Shared Repository
