[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 0150086 smbd: Simplify dropbox special case in unix_convert via b55072c smbd: Fix a profile problem from 87adc21 s3-winbindd: fix fallback to ncacn_np in cm_connect_lsat(). http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 0150086d44e90351634a68aced1e44ad076a693c Author: Volker Lendecke volker.lende...@sernet.de Date: Wed Aug 28 15:42:22 2013 -0700 smbd: Simplify dropbox special case in unix_convert EACCESS needs special treatment: If we want to create a fresh file, return OBJECT_PATH_NOT_FOUND, so that the client will continue creating the file. If the client wants us to open a potentially existing file, we need to correctly return ACCESS_DENIED. This patch makes this behaviour hopefully a bit clearer than the code before did. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org The last 2 patches address bug #10114 - Dropbox (write-only-directory) case isn't handled correctly in pathname lookup. commit b55072ccf8d801726aec49a925f5a69277a10494 Author: Volker Lendecke volker.lende...@sernet.de Date: Wed Aug 28 15:39:41 2013 -0700 smbd: Fix a profile problem When trying to read a profile, under certain circumstances Windows tries to read with its machine account first. The profile previously written was stored with an ACL that only allows access for the user and not the machine. Windows should get an NT_STATUS_ACCESS_DENIED when using the machine account, making it retry with the user account (which would then succeed). Samba under these circumstances erroneously gives NT_STATUS_OBJECT_PATH_NOT_FOUND, which makes Windows give up and not retry. The reasons is the dropbox patch in unix_convert, turning EACCESS on the last path component to OBJECT_PATH_NOT_FOUND. This patch makes the dropbox behaviour only kick in when we are creating a file. I think this is an abstraction violation. unix_convert() should not have to know about the create_disposition, but given that we have pathname resolution separated from the core open code right now this is the best we can do. Signed-off-by: Volker Lendecke volker.lende...@sernet.de Reviewed-by: Jeremy Allison j...@samba.org --- Summary of changes: source3/include/smb.h |1 + source3/smbd/filename.c| 27 source3/smbd/nttrans.c |6 +++- source3/smbd/reply.c | 48 ++- source3/smbd/smb2_create.c |3 +- 5 files changed, 54 insertions(+), 31 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/smb.h b/source3/include/smb.h index 873657a..2d04373 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -1716,6 +1716,7 @@ struct smb_file_time { #define UCF_COND_ALLOW_WCARD_LCOMP 0x0004 #define UCF_POSIX_PATHNAMES0x0008 #define UCF_UNIX_NAME_LOOKUP 0x0010 +#define UCF_CREATING_FILE 0x0020 /* * smb_filename diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c index 207b56c..8ef0c0a 100644 --- a/source3/smbd/filename.c +++ b/source3/smbd/filename.c @@ -713,12 +713,29 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx, /* * ENOENT/EACCESS are the only valid errors -* here. EACCESS needs handling here for -* dropboxes, i.e. directories where users -* can only put stuff with permission -wx. +* here. */ - if ((errno != 0) (errno != ENOENT) -(errno != EACCES)) { + if (errno == EACCES) { + if (ucf_flags UCF_CREATING_FILE) { + /* +* This is the dropbox +* behaviour. A dropbox is a +* directory with only -wx +* permissions, so +* get_real_filename fails +* with EACCESS, it needs to +* list the directory. We +* nevertheless want to allow +* users creating a file. +*/ +
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 25ded36 Fix the UNIX extensions CHOWN calls to use FCHOWN if available, else LCHOWN. via ac3c32d Allow UNIX extensions client to act on open fsp instead of pathname if available. via 335e417 Fix the erroneous masking of chmod requests via the UNIX extensions. via 9891d98 Fix bug #9166 - Starting smbd or nmbd with stdin from /dev/null results in EOF on stdin via d63a5e5 s3: Fix some blank line endings via c65a4e8 smbd: Simplify dropbox special case in unix_convert via c72c00c smbd: Fix a profile problem from 1787174 Fix bug #10063 - source3/lib/util.c:1493 leaking memory w/ pam_winbind.so / winbind http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 25ded368585b8d439023503dc11e6502e5bd Author: Jeremy Allison j...@samba.org Date: Wed Aug 21 12:20:48 2013 -0700 Fix the UNIX extensions CHOWN calls to use FCHOWN if available, else LCHOWN. UNIX extensions calls must never deref links. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Simo Sorce i...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Mon Aug 26 20:19:46 CEST 2013 on sn-devel-104 (cherry picked from commit d1593a20f3a5ebf287477dfa8f5ab31dca3dd0c3) The last 3 patches address bug #10121 - masks incorrectly applied to UNIX extension permission changes. Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Fri Aug 30 12:34:12 CEST 2013 on sn-devel-104 commit ac3c32d0d51f626d6198c6994daff4fc48f6b5ae Author: Jeremy Allison j...@samba.org Date: Wed Aug 21 12:10:05 2013 -0700 Allow UNIX extensions client to act on open fsp instead of pathname if available. Eliminates possible race condition on pathname op. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Simo Sorce i...@samba.org (cherry picked from commit f1ff97fc022adaacaa23b7da250be6f7d51c6ac7) commit 335e4178220b848cd822428359b589bc599e81eb Author: Jeremy Allison j...@samba.org Date: Wed Aug 21 12:03:25 2013 -0700 Fix the erroneous masking of chmod requests via the UNIX extensions. Changed from switch statement to if, as create mask, force create mode are only applied to new files, not existing ones. directory mask, force directory mode are only applied to new directories, not existing ones. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Simo Sorce i...@samba.org (cherry picked from commit bd0156988b34feaf91c3046f7ec78f0833222395) commit 9891d9870060e61f33a835363dea8f5267d6e8ca Author: Jeremy Allison j...@samba.org Date: Mon Jun 10 13:33:40 2013 -0700 Fix bug #9166 - Starting smbd or nmbd with stdin from /dev/null results in EOF on stdin Only install the stdin handler if it's a pipe or fifo. Signed-off-by: Jeremy Allison j...@samba.org commit d63a5e5c7b38b6eb906e1bbe497fc9c07d5961ce Author: Volker Lendecke v...@samba.org Date: Wed Sep 26 16:53:48 2012 -0700 s3: Fix some blank line endings Autobuild-User(master): Volker Lendecke v...@samba.org Autobuild-Date(master): Thu Sep 27 07:57:03 CEST 2012 on sn-devel-104 (cherry picked from commit aad669b53eca99f86c2e630bf3f2e9f594fed9c1) commit c65a4e82886487a389ab2c1d21487e0d16f6fb16 Author: Volker Lendecke v...@samba.org Date: Mon Aug 19 10:26:00 2013 + smbd: Simplify dropbox special case in unix_convert EACCESS needs special treatment: If we want to create a fresh file, return OBJECT_PATH_NOT_FOUND, so that the client will continue creating the file. If the client wants us to open a potentially existing file, we need to correctly return ACCESS_DENIED. This patch makes this behaviour hopefully a bit clearer than the code before did. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Volker Lendecke v...@samba.org Autobuild-Date(master): Mon Aug 26 12:14:26 CEST 2013 on sn-devel-104 The last 2 patches address bug #10114 - Dropbox (write-only-directory) case isn't handled correctly in pathname lookup. commit c72c00cd126194aaa51d74585b0ca32cf224663b Author: Volker Lendecke volker.lende...@sernet.de Date: Tue Jul 9 11:02:39 2013 -0700 smbd: Fix a profile problem When trying to read a profile, under certain circumstances Windows tries to read with its machine account first. The profile previously written was stored with an ACL that only allows access for the user and not the machine. Windows should get an NT_STATUS_ACCESS_DENIED when using the machine account, making it retry with the user account (which would then succeed). Samba under these circumstances erroneously
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3430448 python/provision: remove unused linklocal=False argument from interface_ips_v6() via 9edc027 s4:samba_upgradedns: don't pass linklocal=False to interface_ips_v6() via 0e6aca4 python/pyglue: filter out loopback and linklocal addresses unless all_interfaces is given from ba04400 vfs_glusterfs: Fix excessive debug output from vfs_gluster_open(). http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3430448fc01ce3fbe0606a2c239d3c98a5b78361 Author: Stefan Metzmacher me...@samba.org Date: Fri Aug 30 15:18:44 2013 +0200 python/provision: remove unused linklocal=False argument from interface_ips_v6() Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Bjoern Jacke b...@sernet.de Autobuild-User(master): Björn Jacke b...@sernet.de Autobuild-Date(master): Fri Aug 30 17:33:58 CEST 2013 on sn-devel-104 commit 9edc0276c742194ec381c266acedf3216ccf1c69 Author: Stefan Metzmacher me...@samba.org Date: Fri Aug 30 15:17:59 2013 +0200 s4:samba_upgradedns: don't pass linklocal=False to interface_ips_v6() This is the default... Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Bjoern Jacke b...@sernet.de commit 0e6aca40413fb3cfd4300f282204a69743be4a65 Author: Stefan Metzmacher me...@samba.org Date: Fri Aug 30 14:59:01 2013 +0200 python/pyglue: filter out loopback and linklocal addresses unless all_interfaces is given Bug: https://bugzilla.samba.org/show_bug.cgi?id=10030 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Bjoern Jacke b...@sernet.de --- Summary of changes: python/pyglue.c| 45 ++- python/samba/provision/__init__.py |6 ++-- source4/scripting/bin/samba_upgradedns |2 +- 3 files changed, 47 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/python/pyglue.c b/python/pyglue.c index 735f03a..02fb005 100644 --- a/python/pyglue.c +++ b/python/pyglue.c @@ -164,18 +164,59 @@ static PyObject *py_interface_ips(PyObject *self, PyObject *args) /* first count how many are not loopback addresses */ for (ifcount = i = 0; icount; i++) { const char *ip = iface_list_n_ip(ifaces, i); - if (!(!all_interfaces iface_list_same_net(ip, 127.0.0.1, 255.0.0.0))) { + + if (all_interfaces) { ifcount++; + continue; + } + + if (iface_list_same_net(ip, 127.0.0.1, 255.0.0.0)) { + continue; + } + + if (iface_list_same_net(ip, 169.254.0.0, 255.255.0.0)) { + continue; } + + if (iface_list_same_net(ip, ::1, :::::::)) { + continue; + } + + if (iface_list_same_net(ip, fe80::, :::::)) { + continue; + } + + ifcount++; } pylist = PyList_New(ifcount); for (ifcount = i = 0; icount; i++) { const char *ip = iface_list_n_ip(ifaces, i); - if (!(!all_interfaces iface_list_same_net(ip, 127.0.0.1, 255.0.0.0))) { + + if (all_interfaces) { PyList_SetItem(pylist, ifcount, PyString_FromString(ip)); ifcount++; + continue; + } + + if (iface_list_same_net(ip, 127.0.0.1, 255.0.0.0)) { + continue; + } + + if (iface_list_same_net(ip, 169.254.0.0, 255.255.0.0)) { + continue; } + + if (iface_list_same_net(ip, ::1, :::::::)) { + continue; + } + + if (iface_list_same_net(ip, fe80::, :::::)) { + continue; + } + + PyList_SetItem(pylist, ifcount, PyString_FromString(ip)); + ifcount++; } talloc_free(tmp_ctx); return pylist; diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py index a84b92f..89f029a 100644 --- a/python/samba/provision/__init__.py +++ b/python/samba/provision/__init__.py @@ -1705,12 +1705,12 @@ def interface_ips_v4(lp): return ret -def interface_ips_v6(lp, linklocal=False): +def interface_ips_v6(lp): return only IPv6 IPs ips = samba.interface_ips(lp, False) ret = [] for i in ips: -if i.find(':') != -1 and (linklocal or i.find('%') == -1): +if i.find(':') != -1: ret.append(i) return ret