The branch, v4-17-test has been updated via 50fd29d8b88 nsswitch: Fix uninitialized memory when allocating pwdlastset_prelim via d7e34c8b157 nsswitch: Fix pam_set_data()/pam_get_data() to use pointers to a time_t, not try and embedd it directly. via 9dbbce3f4e7 vfs_glusterfs: Add path based fallback mechanism for SMB_VFS_FNTIMES via 4a3dcb32578 vfs_glusterfs: Simplify SMB_VFS_FDOPENDIR implementation via 9f307955d8a vfs_glusterfs: Add path based fallback mechanism for SMB_VFS_FGETXATTR via d904e80ef35 vfs_glusterfs: Do not use glfs_fgetxattr() for SMB_VFS_GET_REAL_FILENAME_AT via 2ce1a1eca56 vfs_glusterfs: Simplify SMB_VFS_GET_REAL_FILENAME_AT implementation via 2c1b957433b s3:rpc_server: Fix include directive substitution when enumerating shares via 969df454453 s3:tests: Add substitution test for listing shares via 560805be834 s3:tests: Add substitution test for include directive via e3207e6c250 lib/replace: fix memory leak in snprintf replacements from 3e1f07b1027 VERSION: Bump version up to Samba 4.17.4...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-17-test - Log ----------------------------------------------------------------- commit 50fd29d8b88226819208a8215867d81c1edc78a9 Author: Noel Power <noel.po...@suse.com> Date: Wed Nov 16 15:37:52 2022 +0000 nsswitch: Fix uninitialized memory when allocating pwdlastset_prelim BUG: https://bugzilla.samba.org/show_bug.cgi?id=15224 Signed-off-by: Noel Power <noel.po...@suse.com> Reviewed-by: Jeremy Allison <j...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Wed Nov 16 19:29:21 UTC 2022 on sn-devel-184 (cherry picked from commit f6284877ce07fc5ddf4f4e2d824013b645d6e12c) Autobuild-User(v4-17-test): Jule Anger <jan...@samba.org> Autobuild-Date(v4-17-test): Wed Nov 23 13:56:47 UTC 2022 on sn-devel-184 commit d7e34c8b1578e4cc2c30a5a035c5eddfd0e1e1f1 Author: Jeremy Allison <j...@samba.org> Date: Tue Nov 8 16:16:07 2022 -0800 nsswitch: Fix pam_set_data()/pam_get_data() to use pointers to a time_t, not try and embedd it directly. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15224 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Noel Power <npo...@samba.org> Autobuild-User(master): Noel Power <npo...@samba.org> Autobuild-Date(master): Wed Nov 16 15:09:45 UTC 2022 on sn-devel-184 (cherry picked from commit 7cb50405515298b75dcc512633fb3877045aabc6) commit 9dbbce3f4e72eae302bd9e18013d80f544220ee2 Author: Anoop C S <anoo...@samba.org> Date: Thu Oct 13 15:54:10 2022 +0530 vfs_glusterfs: Add path based fallback mechanism for SMB_VFS_FNTIMES Fallback mechanism was missing in vfs_gluster_fntimes() for path based call. Therefore adding a similar mechanism as seen with other calls like vfs_gluster_fsetxattr, vfs_gluster_fgetxattr etc. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15198 Signed-off-by: Anoop C S <anoo...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> (cherry picked from commit 5d91ecf01dce95400da5d6ac181144df1e32ca35) commit 4a3dcb3257834285a198c5ff3c18a2eaac3d38ab Author: Anoop C S <anoo...@samba.org> Date: Tue Oct 11 23:02:48 2022 +0530 vfs_glusterfs: Simplify SMB_VFS_FDOPENDIR implementation It was unnecessary to construct full directory path as "dir/." which is same as "dir". We could just directly use fsp->fsp_name->base_name and return directory stream obtained from glfs_opendir(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=15198 Signed-off-by: Anoop C S <anoo...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> Autobuild-User(master): Ralph Böhme <s...@samba.org> Autobuild-Date(master): Wed Oct 12 12:48:50 UTC 2022 on sn-devel-184 (cherry picked from commit cc397175cb9a1b06f268ecf6b3d62f621947cbba) commit 9f307955d8a7546171333ef0c0aa85f04c32d578 Author: Anoop C S <anoo...@samba.org> Date: Mon Oct 10 20:29:13 2022 +0530 vfs_glusterfs: Add path based fallback mechanism for SMB_VFS_FGETXATTR Fallback mechanism was missing in vfs_gluster_fgetxattr() for path based call. Therefore adding a similar mechanism as seen with other calls like vfs_gluster_fsetxattr, vfs_gluster_flistxattr etc. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15198 Signed-off-by: Anoop C S <anoo...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> (cherry picked from commit 7af4bfe8285714c137b6347b17305c9cd0702bdd) commit d904e80ef35f702690a843bf6cffbba297c6ddda Author: Anoop C S <anoo...@samba.org> Date: Tue Oct 11 23:27:37 2022 +0530 vfs_glusterfs: Do not use glfs_fgetxattr() for SMB_VFS_GET_REAL_FILENAME_AT glfs_fgetxattr() or generally fgetxattr() will return EBADF as dirfsp here is a pathref fsp. GlusterFS client log had following entries indicating the error: W [MSGID: 114031] [client-rpc-fops_v2.c:993:client4_0_fgetxattr_cbk] \ 0-vol-client-0: remote operation failed. [{errno=9}, {error=Bad file descriptor}] Therefore use glfs_getxattr() only for implementing get_real_filename_at logic. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15198 Signed-off-by: Anoop C S <anoo...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> (cherry picked from commit 6a6bd1a0530424def64d2d462b54e4c1f4f9bebb) commit 2ce1a1eca5677268f3b0be18f02d74fa07e575a0 Author: Anoop C S <anoo...@samba.org> Date: Tue Oct 11 23:25:46 2022 +0530 vfs_glusterfs: Simplify SMB_VFS_GET_REAL_FILENAME_AT implementation It was unnecessary to construct full directory path as "dir/." which is same as "dir". We could just directly use dirfsp->fsp_name->base_name for glfs_getxattr() and return the result. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15198 Signed-off-by: Anoop C S <anoo...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> (cherry picked from commit 8cbd9e63724d80c06565d0c90bd107166dfd9bbe) commit 2c1b957433b8df8dae5a7d85dfa540fbe008c28d Author: Andreas Schneider <a...@samba.org> Date: Wed Nov 16 11:24:12 2022 +0100 s3:rpc_server: Fix include directive substitution when enumerating shares BUG: https://bugzilla.samba.org/show_bug.cgi?id=15243 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> (cherry picked from commit f03665bb7e8ea97699062630f2aa1bac4c5dfc7f) commit 969df4544534e43875d7421028223cf9b754c9c4 Author: Andreas Schneider <a...@samba.org> Date: Wed Nov 16 11:23:44 2022 +0100 s3:tests: Add substitution test for listing shares BUG: https://bugzilla.samba.org/show_bug.cgi?id=15243 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> (cherry picked from commit c213ead8c4c1b5287294a67e65f271fbb0b922b2) commit 560805be8349bdaa8c7babec2042c4db80834246 Author: Andreas Schneider <a...@samba.org> Date: Tue Nov 15 16:35:15 2022 +0100 s3:tests: Add substitution test for include directive BUG: https://bugzilla.samba.org/show_bug.cgi?id=15243 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> (backported from commit ce3d27a9f5a98b4680af5fb5a595b0e7e94f8c30) commit e3207e6c25021bce272645e1b387d4c9da18cc8a Author: Stefan Metzmacher <me...@samba.org> Date: Mon Oct 31 13:16:25 2022 +0100 lib/replace: fix memory leak in snprintf replacements BUG: https://bugzilla.samba.org/show_bug.cgi?id=15230 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> Autobuild-User(master): Volker Lendecke <v...@samba.org> Autobuild-Date(master): Wed Nov 9 11:18:02 UTC 2022 on sn-devel-184 (cherry picked from commit 76adda9d2fea9f93f4cf97536db5c0be6deeb98c) ----------------------------------------------------------------------- Summary of changes: lib/replace/snprintf.c | 2 + nsswitch/pam_winbind.c | 24 +++++--- selftest/target/Samba3.pm | 17 ++++++ source3/modules/vfs_glusterfs.c | 97 +++++++++--------------------- source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 8 +++ source3/script/tests/test_substitutions.sh | 27 +++++++++ 6 files changed, 99 insertions(+), 76 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/replace/snprintf.c b/lib/replace/snprintf.c index 6e4424b0b31..de814af4164 100644 --- a/lib/replace/snprintf.c +++ b/lib/replace/snprintf.c @@ -751,6 +751,8 @@ done: while (chunks) { cnk = chunks->next; + if (chunks->min_star) free(chunks->min_star); + if (chunks->max_star) free(chunks->max_star); free(chunks); chunks = cnk; } diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c index e7ae605b341..06a8db21b69 100644 --- a/nsswitch/pam_winbind.c +++ b/nsswitch/pam_winbind.c @@ -3226,7 +3226,15 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags, */ if (flags & PAM_PRELIM_CHECK) { - time_t pwdlastset_prelim = 0; + time_t *pwdlastset_prelim = NULL; + + pwdlastset_prelim = talloc_zero(NULL, time_t); + if (pwdlastset_prelim == NULL) { + _pam_log(ctx, LOG_CRIT, + "password - out of memory"); + ret = PAM_BUF_ERR; + goto out; + } /* instruct user what is happening */ @@ -3258,7 +3266,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags, ret = winbind_auth_request(ctx, user, pass_old, NULL, NULL, 0, &error, NULL, - &pwdlastset_prelim, NULL); + pwdlastset_prelim, NULL); if (ret != PAM_ACCT_EXPIRED && ret != PAM_AUTHTOK_EXPIRED && @@ -3269,7 +3277,8 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags, } pam_set_data(pamh, PAM_WINBIND_PWD_LAST_SET, - (void *)pwdlastset_prelim, NULL); + pwdlastset_prelim, + _pam_winbind_cleanup_func); ret = pam_set_item(pamh, PAM_OLDAUTHTOK, (const void *) pass_old); @@ -3280,7 +3289,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags, } } else if (flags & PAM_UPDATE_AUTHTOK) { - time_t pwdlastset_update = 0; + time_t *pwdlastset_update = NULL; /* * obtain the proposed password @@ -3343,8 +3352,9 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags, * By reaching here we have approved the passwords and must now * rebuild the password database file. */ - pam_get_data(pamh, PAM_WINBIND_PWD_LAST_SET, - (const void **) &pwdlastset_update); + pam_get_data(pamh, + PAM_WINBIND_PWD_LAST_SET, + (const void **)&pwdlastset_update); /* * if cached creds were enabled, make sure to set the @@ -3356,7 +3366,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags, } ret = winbind_chauthtok_request(ctx, user, pass_old, - pass_new, pwdlastset_update); + pass_new, *pwdlastset_update); if (ret != PAM_SUCCESS) { pass_old = pass_new = NULL; goto out; diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index d413f14bacd..64374ab9bcd 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -2674,6 +2674,8 @@ sub provision($$) my $errorinjectconf="$libdir/error_inject.conf"; my $delayinjectconf="$libdir/delay_inject.conf"; my $globalinjectconf="$libdir/global_inject.conf"; + my $aliceconfdir="$libdir"; + my $aliceconffile="$libdir/alice.conf"; my $nss_wrapper_pl = "$ENV{PERL} $self->{srcdir}/third_party/nss_wrapper/nss_wrapper.pl"; my $nss_wrapper_passwd = "$privatedir/passwd"; @@ -3443,6 +3445,8 @@ sub provision($$) [full_audit_fail_bad_name] copy = tmp full_audit:failure = badname + +include = $aliceconfdir/%U.conf "; close(CONF); @@ -3483,6 +3487,19 @@ sub provision($$) } close(DELAYCONF); + unless (open(ALICECONF, ">$aliceconffile")) { + warn("Unable to open $aliceconffile"); + return undef; + } + + print ALICECONF " +[alice_share] + path = $shrdir + comment = smb username is [%U] + "; + + close(ALICECONF); + ## ## create a test account ## diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c index 8fef8c8bf9c..18bd79ff41b 100644 --- a/source3/modules/vfs_glusterfs.c +++ b/source3/modules/vfs_glusterfs.c @@ -626,38 +626,12 @@ static DIR *vfs_gluster_fdopendir(struct vfs_handle_struct *handle, uint32_t attributes) { glfs_fd_t *glfd = NULL; - struct smb_filename *full_fname = NULL; - struct smb_filename *smb_fname_dot = NULL; - - smb_fname_dot = synthetic_smb_fname(fsp->fsp_name, - ".", - NULL, - NULL, - 0, - 0); - if (smb_fname_dot == NULL) { - return NULL; - } - - full_fname = full_path_from_dirfsp_atname(talloc_tos(), - fsp, - smb_fname_dot); - if (full_fname == NULL) { - TALLOC_FREE(smb_fname_dot); - return NULL; - } - - glfd = glfs_opendir(handle->data, full_fname->base_name); + glfd = glfs_opendir(handle->data, fsp->fsp_name->base_name); if (glfd == NULL) { - TALLOC_FREE(full_fname); - TALLOC_FREE(smb_fname_dot); return NULL; } - TALLOC_FREE(full_fname); - TALLOC_FREE(smb_fname_dot); - return (DIR *)glfd; } @@ -1797,7 +1771,13 @@ static int vfs_gluster_fntimes(struct vfs_handle_struct *handle, return -1; } - ret = glfs_futimens(glfd, times); + if (!fsp->fsp_flags.is_pathref) { + ret = glfs_futimens(glfd, times); + } else { + ret = glfs_utimens(handle->data, + fsp->fsp_name->base_name, + times); + } END_PROFILE(syscall_fntimes); return ret; @@ -2266,12 +2246,6 @@ static NTSTATUS vfs_gluster_get_real_filename_at( int ret; char key_buf[GLUSTER_NAME_MAX + 64]; char val_buf[GLUSTER_NAME_MAX + 1]; -#ifdef HAVE_GFAPI_VER_7_11 - glfs_fd_t *pglfd = NULL; -#else - struct smb_filename *smb_fname_dot = NULL; - struct smb_filename *full_fname = NULL; -#endif if (strlen(name) >= GLUSTER_NAME_MAX) { return NT_STATUS_OBJECT_NAME_INVALID; @@ -2280,40 +2254,11 @@ static NTSTATUS vfs_gluster_get_real_filename_at( snprintf(key_buf, GLUSTER_NAME_MAX + 64, "glusterfs.get_real_filename:%s", name); -#ifdef HAVE_GFAPI_VER_7_11 - pglfd = vfs_gluster_fetch_glfd(handle, dirfsp); - if (pglfd == NULL) { - DBG_ERR("Failed to fetch gluster fd\n"); - return NT_STATUS_OBJECT_NAME_NOT_FOUND; - } - - ret = glfs_fgetxattr(pglfd, key_buf, val_buf, GLUSTER_NAME_MAX + 1); -#else - smb_fname_dot = synthetic_smb_fname(mem_ctx, - ".", - NULL, - NULL, - 0, - 0); - if (smb_fname_dot == NULL) { - return NT_STATUS_NO_MEMORY; - } - - full_fname = full_path_from_dirfsp_atname(talloc_tos(), - dirfsp, - smb_fname_dot); - if (full_fname == NULL) { - TALLOC_FREE(smb_fname_dot); - return NT_STATUS_NO_MEMORY; - } - - ret = glfs_getxattr(handle->data, full_fname->base_name, - key_buf, val_buf, GLUSTER_NAME_MAX + 1); - - TALLOC_FREE(smb_fname_dot); - TALLOC_FREE(full_fname); -#endif - + ret = glfs_getxattr(handle->data, + dirfsp->fsp_name->base_name, + key_buf, + val_buf, + GLUSTER_NAME_MAX + 1); if (ret == -1) { if (errno == ENOATTR) { errno = ENOENT; @@ -2347,7 +2292,21 @@ static ssize_t vfs_gluster_fgetxattr(struct vfs_handle_struct *handle, return -1; } - return glfs_fgetxattr(glfd, name, value, size); + if (!fsp->fsp_flags.is_pathref) { + /* + * We can use an io_fd to retrieve xattr value. + */ + return glfs_fgetxattr(glfd, name, value, size); + } + + /* + * This is no longer a handle based call. + */ + return glfs_getxattr(handle->data, + fsp->fsp_name->base_name, + name, + value, + size); } static ssize_t vfs_gluster_flistxattr(struct vfs_handle_struct *handle, diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c index 07bfb759147..233718ff310 100644 --- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c +++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c @@ -645,6 +645,14 @@ static WERROR init_srv_share_info_ctr(struct pipes_struct *p, added_home = register_homes_share(unix_name); } + /* + * We need to make sure to reload the services for the connecting user. + * It is possible that the we have includes with substitutions. + * + * include = /etc/samba/%U.conf + */ + reload_services(NULL, NULL, false); + num_services = lp_numservices(); allowed = talloc_zero_array(ctx, bool, num_services); diff --git a/source3/script/tests/test_substitutions.sh b/source3/script/tests/test_substitutions.sh index 157381e6cb2..aa0b38d1b64 100755 --- a/source3/script/tests/test_substitutions.sh +++ b/source3/script/tests/test_substitutions.sh @@ -20,6 +20,7 @@ failed=0 samba_bindir="$BINDIR" samba_srcdir="$SRCDIR" smbclient="$samba_bindir/smbclient" +rpcclient="$samba_bindir/rpcclient" . $samba_srcdir/testprogs/blackbox/subunit.sh . $samba_srcdir/testprogs/blackbox/common_test_fns.inc @@ -49,4 +50,30 @@ SMB_UNC="//$SERVER/sub_valid_users_group" test_smbclient "Test login to share with substitution for valid user's UNIX group" \ "ls" "$SMB_UNC" "-U$USERNAME%$PASSWORD" || failed=$(expr $failed + 1) +test_smbclient \ + "Test for login to share with include substitution [${USERNAME}]" \ + "ls" "//${SERVER}/${USERNAME}_share" "-U$USERNAME%$PASSWORD" || + failed=$((failed + 1)) + +test_smbclient_expect_failure \ + "Netative test for login to share with include substitution [${DC_USERNAME}]" \ + "ls" "//${SERVER}/${USERNAME}_share" "-U$DC_USERNAME%$DC_PASSWORD" || + failed=$((failed + 1)) + +testit_grep_count \ + "Test for share enum with include substitution" \ + "netname: ${USERNAME}_share" \ + 1 \ + ${rpcclient} "ncacn_np:${SERVER}" "-U$USERNAME%$PASSWORD" \ + -c netshareenum || + failed=$((failed + 1)) + +testit_grep_count \ + "Negative test for share enum with include substitution" \ + "netname: ${USERNAME}_share" \ + 0 \ + ${rpcclient} "ncacn_np:${SERVER}" "-U$DC_USERNAME%$DC_PASSWORD" \ + -c netshareenum || + failed=$((failed + 1)) + exit $failed -- Samba Shared Repository