[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3c0f934 tests: Add regression test for s3-passdb: Respect LOOKUP_NAME_GROUP flag in sid lookup. from 8c41cbb s3:smb2_server: defer channel/session validation to the session setup code. https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3c0f9340e6c691e25ee2d188ac2a9c85feb797fe Author: Jeremy Allison Date: Tue Jul 28 11:28:20 2015 -0700 tests: Add regression test for s3-passdb: Respect LOOKUP_NAME_GROUP flag in sid lookup. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11320 Signed-off-by: Jeremy Allison Reviewed-by: Andreas Schneider Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Thu Jul 30 00:36:14 CEST 2015 on sn-devel-104 --- Summary of changes: selftest/target/Samba3.pm| 30 -- source3/script/tests/test_valid_users.sh | 70 source3/selftest/tests.py| 1 + 3 files changed, 97 insertions(+), 4 deletions(-) create mode 100755 source3/script/tests/test_valid_users.sh Changeset truncated at 500 lines: diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index 9af8faa..7ceb4fa 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -583,6 +583,9 @@ sub setup_fileserver($$) my $dfree_share_dir="$share_dir/dfree"; push(@dirs, $dfree_share_dir); + my $valid_users_sharedir="$share_dir/valid_users"; + push(@dirs,$valid_users_sharedir); + my $fileserver_options = " [lowercase] path = $lower_case_share_dir @@ -602,11 +605,14 @@ sub setup_fileserver($$) path = $dfree_share_dir comment = smb username is [%U] dfree command = $srcdir_abs/testprogs/blackbox/dfree.sh +[valid-users-access] + path = $valid_users_sharedir + valid users = +SAMBA-TEST/userdup "; my $vars = $self->provision($path, "FILESERVER", - "fileserver_secret", + "fileserver", $fileserver_options, undef, undef, @@ -656,6 +662,17 @@ sub setup_fileserver($$) close $fh; } + ## + ## create a listable file in valid_users_share + ## +my $valid_users_target = "$valid_users_sharedir/foo"; +unless (open(VALID_USERS_TARGET, ">$valid_users_target")) { +warn("Unable to open $valid_users_target"); +return undef; +} +close(VALID_USERS_TARGET); +chmod 0644, $valid_users_target; + return $vars; } @@ -1193,10 +1210,11 @@ sub provision() ## my ($max_uid, $max_gid); - my ($uid_nobody, $uid_root, $uid_pdbtest, $uid_pdbtest2); + my ($uid_nobody, $uid_root, $uid_pdbtest, $uid_pdbtest2, $uid_userdup); my ($gid_nobody, $gid_nogroup, $gid_root, $gid_domusers, $gid_domadmins); + my ($gid_userdup); - if ($unix_uid < 0x - 4) { + if ($unix_uid < 0x - 5) { $max_uid = 0x; } else { $max_uid = $unix_uid; @@ -1206,8 +1224,9 @@ sub provision() $uid_nobody = $max_uid - 2; $uid_pdbtest = $max_uid - 3; $uid_pdbtest2 = $max_uid - 4; + $uid_userdup = $max_uid - 5; - if ($unix_gids[0] < 0x - 5) { + if ($unix_gids[0] < 0x - 6) { $max_gid = 0x; } else { $max_gid = $unix_gids[0]; @@ -1218,6 +1237,7 @@ sub provision() $gid_root = $max_gid - 3; $gid_domusers = $max_gid - 4; $gid_domadmins = $max_gid - 5; + $gid_userdup = $max_gid - 6; ## ## create conffile @@ -1488,6 +1508,7 @@ sub provision() $unix_name:x:$unix_uid:$unix_gids[0]:$unix_name gecos:$prefix_abs:/bin/false pdbtest:x:$uid_pdbtest:$gid_nogroup:pdbtest gecos:$prefix_abs:/bin/false pdbtest2:x:$uid_pdbtest2:$gid_nogroup:pdbtest gecos:$prefix_abs:/bin/false +userdup:x:$uid_userdup:$gid_userdup:userdup gecos:$prefix_abs:/bin/false "; if ($unix_uid != 0) { print PASSWD "root:x:$uid_root:$gid_root:root gecos:$prefix_abs:/bin/false @@ -1504,6 +1525,7 @@ nogroup:x:$gid_nogroup:nobody $unix_name-group:x:$unix_gids[0]: domusers:X:$gid_domusers: domadmins:X:$gid_domadmins: +userdup:x:$gid_userdup:$unix_name "; if ($unix_gids[0] != 0) { print GROUP "root:x:$gid_root: diff --git a/source3/script/tests/test_valid_users.sh b/source3/script/tests/test_valid_users.sh new file mode 100755 index 000..a7f9333 --- /dev/null +++ b/source3/script/tests/test_valid_users.sh @@ -0,0 +1,70 @@ +#!/bin/sh +# +#
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 8c41cbb s3:smb2_server: defer channel/session validation to the session setup code. via 8ab4b05 s3:smb2_sesssetup: check that the connection belongs to the session in sess.setup via 19ec5f3 smbXsrv: use smb2srv_session_lookup_client in smbXsrv_session_close_loop via f6816ae smbXsrv: add smb2srv_session_lookup_client(). via d6acf95 smbXsrv: rename smb2srv_session_lookup -> smb2srv_session_lookup_conn via c765d11 smbXsrv: add a smbXsrv_connection argument to smb2srv_session_lookup_raw via 66bf0e5 smbXsrv: add a smbXsrv_connection argument to smbXsrv_session_local_lookup() from d57e4ac build: fix build with gpfs support - add missing dependency to samba-debug https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8c41cbbf9ea9527b7482ec3ec44ef195dc0917c2 Author: Michael Adam Date: Mon Jul 27 09:01:55 2015 +0200 s3:smb2_server: defer channel/session validation to the session setup code. For session bind, and the channel is only to be bound to the given session just now, so it is not valid. The early request validation code can hence not check it, and hence validation is defered to the actual session setup code, which can look at the session binding flags. Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Michael Adam Signed-off-by: Stefan Metzmacher Autobuild-User(master): Michael Adam Autobuild-Date(master): Wed Jul 29 21:31:09 CEST 2015 on sn-devel-104 commit 8ab4b05d3302d543037973e26609e2d27bb6bc15 Author: Michael Adam Date: Wed Jul 29 11:19:55 2015 +0200 s3:smb2_sesssetup: check that the connection belongs to the session in sess.setup Signed-off-by: Michael Adam Reviewed-by: Michael Adam commit 19ec5f3474efa5ce62f78ae723f1e41b87a7c51a Author: Michael Adam Date: Wed Jul 29 10:35:08 2015 +0200 smbXsrv: use smb2srv_session_lookup_client in smbXsrv_session_close_loop Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Michael Adam Signed-off-by: Stefan Metzmacher commit f6816ae5bdaa0aceca154c16ad845afe781beb30 Author: Michael Adam Date: Mon Jul 27 08:59:57 2015 +0200 smbXsrv: add smb2srv_session_lookup_client(). This is a variant of smb2srv_session_lookup_conn() that does not verify the session on the channel. Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Michael Adam Signed-off-by: Stefan Metzmacher commit d6acf950e4bbff294fe8d6cabadee39717910d1e Author: Michael Adam Date: Wed Jul 29 10:23:14 2015 +0200 smbXsrv: rename smb2srv_session_lookup -> smb2srv_session_lookup_conn This is in preparation of adding a variant that operates on the client and does in particular not verify that the connection belongs to a session as a channel. Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Michael Adam Signed-off-by: Stefan Metzmacher commit c765d11347048c46dc0e1cb5cc1e0da747b73524 Author: Michael Adam Date: Fri May 8 23:15:51 2015 +0200 smbXsrv: add a smbXsrv_connection argument to smb2srv_session_lookup_raw This way, we can verify that the session is valid on a channel. Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Michael Adam Signed-off-by: Stefan Metzmacher commit 66bf0e51bc864d87ef1db5b52dd54da28b75af52 Author: Stefan Metzmacher Date: Fri May 8 23:12:19 2015 +0200 smbXsrv: add a smbXsrv_connection argument to smbXsrv_session_local_lookup() This way, we can verify that a session is valid on the channel. Pair-Programmed-With: Michael Adam Signed-off-by: Stefan Metzmacher Signed-off-by: Michael Adam --- Summary of changes: source3/smbd/globals.h | 9 +--- source3/smbd/smb2_break.c | 8 +++ source3/smbd/smb2_server.c | 27 ++- source3/smbd/smb2_sesssetup.c | 8 +++ source3/smbd/smbXsrv_session.c | 49 ++ 5 files changed, 80 insertions(+), 21 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index 35a3ee9..1885629 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -553,9 +553,12 @@ NTSTATUS smb1srv_session_lookup(struct smbXsrv_connection *conn, uint16_t vuid, NTTIME now, struct smbXsrv_session **session); NTSTATUS smb2srv_session_table_init(struct smbXsrv_connection *conn); -NTSTATUS smb2srv_session_lookup(struct smbXsrv_connection *conn, - uint64_t session_id, NTTIME now, - struct smbXsrv_session **session); +NTSTATUS smb2srv_session_lookup_conn(struct smbXsrv_con
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d57e4ac build: fix build with gpfs support - add missing dependency to samba-debug via b9bef36 configure: add --with-gpfs option for selecting directory with gpfs headers via cef8897 s3:wscript: fix indentation via 952a504 ctdb-daemon: Check if updates are in flight when releasing all IPs via 8eb04d0 ctdb-banning: If node is already banned, do not run ctdb_local_node_got_banned() via 1286b02 ctdb-client: Return the correct status sent from the daemon from f07b746 lib: replace: Add strsep function (missing on Solaris). https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d57e4ac3de5f53346a8d7c3f96825c1345b58f6a Author: Björn Baumbach Date: Mon Jul 27 15:15:07 2015 +0200 build: fix build with gpfs support - add missing dependency to samba-debug Pair-programmed-with: Stefan Metzmacher Signed-off-by: Björn Baumbach Reviewed-by: Alexander Bokovoy Reviewed-by: Martin Schwenke Autobuild-User(master): Martin Schwenke Autobuild-Date(master): Wed Jul 29 13:38:59 CEST 2015 on sn-devel-104 commit b9bef361d95daf0f38363acbdec9c23f094ffaca Author: Björn Baumbach Date: Mon Jul 27 12:14:37 2015 +0200 configure: add --with-gpfs option for selecting directory with gpfs headers Signed-off-by: Björn Baumbach Reviewed-by: Alexander Bokovoy Reviewed-by: Martin Schwenke commit cef8897f45f1b231d26342688542560bbe695276 Author: Björn Baumbach Date: Mon Jul 27 13:20:43 2015 +0200 s3:wscript: fix indentation Signed-off-by: Björn Baumbach Reviewed-by: Alexander Bokovoy Reviewed-by: Martin Schwenke commit 952a50485f68b3cffdf57da84aa9bb9fde630b7e Author: Martin Schwenke Date: Fri Jul 24 15:32:42 2015 +1000 ctdb-daemon: Check if updates are in flight when releasing all IPs Some code involved in releasing IPs is not re-entrant. Memory corruption can occur if, for example, overlapping attempts are made to ban a node. We haven't been able to recreate the corruption but this should protect against it. Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs commit 8eb04d09b119e234c88150e1dc35fc5057f9c926 Author: Amitay Isaacs Date: Mon Jul 27 16:51:08 2015 +1000 ctdb-banning: If node is already banned, do not run ctdb_local_node_got_banned() This calls release_all_ips() only once on the first ban. If the node gets banned again due to event script timeout while running release_all_ips(), then avoid calling release_all_ips() in re-entrant fashion. Signed-off-by: Amitay Isaacs Reviewed-by: Martin Schwenke commit 1286b02e24a521dafa7061d09fb5c21d1ebb3011 Author: Amitay Isaacs Date: Fri Jul 24 07:39:26 2015 +1000 ctdb-client: Return the correct status sent from the daemon If a control fails and error message is set, the returned status of the control is always set to -1 ignoring the status passed by the daemon. Signed-off-by: Amitay Isaacs Reviewed-by: Martin Schwenke --- Summary of changes: ctdb/client/ctdb_client.c | 2 +- ctdb/server/ctdb_banning.c | 7 ++- ctdb/server/ctdb_takeover.c | 18 +++--- lib/util/wscript| 4 lib/util/wscript_build | 3 +++ lib/util/wscript_configure | 2 +- source3/wscript | 2 +- 7 files changed, 31 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/ctdb/client/ctdb_client.c b/ctdb/client/ctdb_client.c index 7bffefe..3383c57 100644 --- a/ctdb/client/ctdb_client.c +++ b/ctdb/client/ctdb_client.c @@ -1138,7 +1138,7 @@ int ctdb_control_recv(struct ctdb_context *ctdb, state->async.fn(state); } talloc_free(tmp_ctx); - return -1; + return (status == 0 ? -1 : state->status); } if (outdata) { diff --git a/ctdb/server/ctdb_banning.c b/ctdb/server/ctdb_banning.c index a9d1891..d8f7ab1 100644 --- a/ctdb/server/ctdb_banning.c +++ b/ctdb/server/ctdb_banning.c @@ -80,6 +80,7 @@ void ctdb_local_node_got_banned(struct ctdb_context *ctdb) int32_t ctdb_control_set_ban_state(struct ctdb_context *ctdb, TDB_DATA indata) { struct ctdb_ban_time *bantime = (struct ctdb_ban_time *)indata.dptr; + bool already_banned; DEBUG(DEBUG_INFO,("SET BAN STATE\n")); @@ -107,9 +108,11 @@ int32_t ctdb_control_set_ban_state(struct ctdb_context *ctdb, TDB_DATA indata) return 0; } + already_banned = false; if (ctdb->banning_ctx != NULL) { talloc_free(ctdb->banning_ctx); ctdb->banning_ctx = NULL; + already_banned = true; } if (bantime->time == 0) { @@ -136,7 +139,9
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f07b746 lib: replace: Add strsep function (missing on Solaris). from dc99d45 s3-passdb: Respect LOOKUP_NAME_GROUP flag in sid lookup. https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f07b746ad3f3ee2fcbb65a0d452ed80f07c9e8f9 Author: Jeremy Allison Date: Wed Jul 15 10:43:56 2015 -0700 lib: replace: Add strsep function (missing on Solaris). BUG: https://bugzilla.samba.org/show_bug.cgi?id=11359 Signed-off-by: Jeremy Allison Reviewed-by: Ira Cooper Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Wed Jul 29 02:24:55 CEST 2015 on sn-devel-104 --- Summary of changes: lib/replace/replace.c | 20 lib/replace/replace.h | 5 + lib/replace/wscript | 4 ++-- 3 files changed, 27 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/replace/replace.c b/lib/replace/replace.c index dccf514..0806ce3 100644 --- a/lib/replace/replace.c +++ b/lib/replace/replace.c @@ -475,6 +475,26 @@ char *rep_strcasestr(const char *haystack, const char *needle) } #endif +#ifndef HAVE_STRSEP +char *rep_strsep(char **pps, const char *delim) +{ + char *ret = *pps; + char *p = *pps; + + if (p == NULL) { + return NULL; + } + p += strcspn(p, delim); + if (*p == '\0') { + *pps = NULL; + } else { + *p = '\0'; + *pps = p + 1; + } + return ret; +} +#endif + #ifndef HAVE_STRTOK_R /* based on GLIBC version, copyright Free Software Foundation */ char *rep_strtok_r(char *s, const char *delim, char **save_ptr) diff --git a/lib/replace/replace.h b/lib/replace/replace.h index 3ff4e36..c764d06 100644 --- a/lib/replace/replace.h +++ b/lib/replace/replace.h @@ -349,6 +349,11 @@ void rep_setlinebuf(FILE *); char *rep_strcasestr(const char *haystack, const char *needle); #endif +#ifndef HAVE_STRSEP +#define strsep rep_strsep +char *rep_strsep(char **pps, const char *delim); +#endif + #ifndef HAVE_STRTOK_R #define strtok_r rep_strtok_r char *rep_strtok_r(char *s, const char *delim, char **save_ptr); diff --git a/lib/replace/wscript b/lib/replace/wscript index 516db2f..30eede2 100644 --- a/lib/replace/wscript +++ b/lib/replace/wscript @@ -240,7 +240,7 @@ def configure(conf): conf.CHECK_FUNCS('lstat getpgrp utime utimes setuid seteuid setreuid setresuid setgid setegid') conf.CHECK_FUNCS('setregid setresgid chroot strerror vsyslog setlinebuf mktime') conf.CHECK_FUNCS('ftruncate chsize rename waitpid wait4') -conf.CHECK_FUNCS('initgroups pread pwrite strndup strcasestr') +conf.CHECK_FUNCS('initgroups pread pwrite strndup strcasestr strsep') conf.CHECK_FUNCS('strtok_r mkdtemp dup2 dprintf vdprintf isatty chown lchown') conf.CHECK_FUNCS('link readlink symlink realpath snprintf vsnprintf') conf.CHECK_FUNCS('asprintf vasprintf setenv unsetenv strnlen strtoull __strtoull') @@ -630,7 +630,7 @@ REPLACEMENT_FUNCTIONS = { 'memmove', 'strdup', 'setlinebuf', 'vsyslog', 'strnlen', 'strndup', 'waitpid', 'seteuid', 'setegid', 'chroot', 'mkstemp', 'mkdtemp', 'pread', 'pwrite', 'strcasestr', - 'strtok_r', 'strtoll', 'strtoull', 'setenv', 'unsetenv', + 'strsep', 'strtok_r', 'strtoll', 'strtoull', 'setenv', 'unsetenv', 'utime', 'utimes', 'dup2', 'chown', 'link', 'readlink', 'symlink', 'lchown', 'realpath', 'memmem', 'vdprintf', 'dprintf', 'get_current_dir_name', -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via dc99d45 s3-passdb: Respect LOOKUP_NAME_GROUP flag in sid lookup. from adbd6d3 pidl: merge multiple 'genpad' implementations into one. https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit dc99d451bf23668d73878847219682fced547622 Author: Justin Maggard Date: Tue Jul 21 15:17:30 2015 -0700 s3-passdb: Respect LOOKUP_NAME_GROUP flag in sid lookup. Somewhere along the line, a config line like "valid users = @foo" broke when "foo" also exists as a user. user_ok_token() already does the right thing by adding the LOOKUP_NAME_GROUP flag; but lookup_name() was not respecting that flag, and went ahead and looked for users anyway. Regression test to follow. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11320 Signed-off-by: Justin Maggard Reviewed-by: Jeremy Allison Reviewed-by: Marc Muehlfeld Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Tue Jul 28 21:35:58 CEST 2015 on sn-devel-104 --- Summary of changes: source3/passdb/lookup_sid.c | 4 ++-- source3/passdb/lookup_sid.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index 3cc64de..3f99ee1 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -120,7 +120,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx, goto ok; } - if (((flags & LOOKUP_NAME_NO_NSS) == 0) + if (((flags & (LOOKUP_NAME_NO_NSS|LOOKUP_NAME_GROUP)) == 0) && strequal(domain, unix_users_domain_name())) { if (lookup_unix_user_name(name, &sid)) { type = SID_NAME_USER; @@ -293,7 +293,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx, /* 11. Ok, windows would end here. Samba has two more options: Unmapped users and unmapped groups */ - if (((flags & LOOKUP_NAME_NO_NSS) == 0) + if (((flags & (LOOKUP_NAME_NO_NSS|LOOKUP_NAME_GROUP)) == 0) && lookup_unix_user_name(name, &sid)) { domain = talloc_strdup(tmp_ctx, unix_users_domain_name()); type = SID_NAME_USER; diff --git a/source3/passdb/lookup_sid.h b/source3/passdb/lookup_sid.h index 872f4ef..8b5edf6 100644 --- a/source3/passdb/lookup_sid.h +++ b/source3/passdb/lookup_sid.h @@ -31,7 +31,7 @@ struct unixid; #define LOOKUP_NAME_NONE 0x #define LOOKUP_NAME_ISOLATED 0x0001 /* Look up unqualified names */ #define LOOKUP_NAME_REMOTE 0x0002 /* Ask others */ -#define LOOKUP_NAME_GROUP0x0004 /* (unused) This is a NASTY hack for +#define LOOKUP_NAME_GROUP0x0004 /* This is a NASTY hack for valid users = @foo where foo also exists in as user. */ #define LOOKUP_NAME_NO_NSS 0x0008 /* no NSS calls to avoid -- Samba Shared Repository
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2015-07-29-0904/flakey.log The samba build logs are available here: http://git.samba.org/autobuild.flakey/2015-07-29-0904/samba.stderr http://git.samba.org/autobuild.flakey/2015-07-29-0904/samba.stdout The top commit at the time of the failure was: commit f07b746ad3f3ee2fcbb65a0d452ed80f07c9e8f9 Author: Jeremy Allison Date: Wed Jul 15 10:43:56 2015 -0700 lib: replace: Add strsep function (missing on Solaris). BUG: https://bugzilla.samba.org/show_bug.cgi?id=11359 Signed-off-by: Jeremy Allison Reviewed-by: Ira Cooper Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Wed Jul 29 02:24:55 CEST 2015 on sn-devel-104