[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via b919798f575 smbd: early out in is_visible_fsp() via 3cb9f8f5ff2 vfs_fruit: remove a fsp check from ad_fset() from bbdcd66c048 s3: smbd: dirfsp is being used uninitialized inside rmdir_internals(). https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b919798f5758e3284ff7f6f7402312c0a4b24d03 Author: Ralph Boehme Date: Wed Nov 3 14:40:01 2021 +0100 smbd: early out in is_visible_fsp() This is used in a hot codepath (directory enumeration) so we should avoiding the string comparisions by adding an early exit. Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Wed Nov 3 17:33:00 UTC 2021 on sn-devel-184 commit 3cb9f8f5ff29c14e117b57896c4540cc66510a1a Author: Ralph Boehme Date: Tue Nov 2 05:34:59 2021 +0100 vfs_fruit: remove a fsp check from ad_fset() This comes from times before we had pathref fsps. Back then if you wanted to check if fsp->fh->fd contained a valid value != -1, you'd also first check that the passed in fsp and fsp->fh are non NULL. With pathref fsps we don't need this anymore. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14890 RN: Crash in vfs_fruit asking for fsp_get_io_fd() for an XATTR call Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison --- Summary of changes: source3/lib/adouble.c | 7 --- source3/smbd/dir.c| 8 2 files changed, 8 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/adouble.c b/source3/lib/adouble.c index fd435b6592d..f809a445081 100644 --- a/source3/lib/adouble.c +++ b/source3/lib/adouble.c @@ -2591,13 +2591,6 @@ int ad_fset(struct vfs_handle_struct *handle, DBG_DEBUG("Path [%s]\n", fsp_str_dbg(fsp)); - if ((fsp == NULL) - || (fsp->fh == NULL) - || (fsp_get_io_fd(fsp) == -1)) - { - smb_panic("bad fsp"); - } - ok = ad_pack(handle, ad, fsp); if (!ok) { return -1; diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c index 4d61bb0d56d..856a3625a75 100644 --- a/source3/smbd/dir.c +++ b/source3/smbd/dir.c @@ -1356,6 +1356,14 @@ bool is_visible_fsp(struct files_struct *fsp) hide_special = lp_hide_special_files(SNUM(fsp->conn)); hide_new_files_timeout = lp_hide_new_files_timeout(SNUM(fsp->conn)); + if (!hide_unreadable && + !hide_unwriteable && + !hide_special && + (hide_new_files_timeout == 0)) + { + return true; + } + if (fsp->base_fsp != NULL) { /* Only operate on non-stream files. */ fsp = fsp->base_fsp; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via bbdcd66c048 s3: smbd: dirfsp is being used uninitialized inside rmdir_internals(). from a8a0667263d s3:librpc: Improve calling of krb5_kt_end_seq_get() https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit bbdcd66c048fee39629aeff450b50d049806e2f7 Author: Jeremy Allison Date: Tue Nov 2 10:44:44 2021 -0700 s3: smbd: dirfsp is being used uninitialized inside rmdir_internals(). Not caught be the tests in bugs 14878, 14879 as can_delete_directory_fsp() doesn't have the same bug. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14892 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Nov 3 14:33:49 UTC 2021 on sn-devel-184 --- Summary of changes: source3/smbd/close.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/close.c b/source3/smbd/close.c index eae276b2e9c..ad10215a4fa 100644 --- a/source3/smbd/close.c +++ b/source3/smbd/close.c @@ -1052,6 +1052,8 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct files_struct *fsp) goto err; } + dirfsp = dir_hnd_fetch_fsp(dir_hnd); + while ((dname = ReadDirName(dir_hnd, , , )) != NULL) { struct smb_filename *smb_dname_full = NULL; struct smb_filename *direntry_fname = NULL; @@ -1200,7 +1202,6 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct files_struct *fsp) /* Do a recursive delete. */ RewindDir(dir_hnd,); - dirfsp = dir_hnd_fetch_fsp(dir_hnd); while ((dname = ReadDirName(dir_hnd, , , )) != NULL) { struct smb_filename *direntry_fname = NULL; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a8a0667263d s3:librpc: Improve calling of krb5_kt_end_seq_get() from 5199eb14123 gp: Apply Firewalld Policy https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a8a0667263dc635d67da3ca3f48b46f71ca12289 Author: Pavel Filipenský Date: Thu Oct 21 15:01:48 2021 +0200 s3:librpc: Improve calling of krb5_kt_end_seq_get() Remove indentation with early return, best reviewed with git show -b Signed-off-by: Pavel Filipenský Reviewed-by: Jeremy Allison Reviewed-by: Andreas Schneider Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Wed Nov 3 08:36:00 UTC 2021 on sn-devel-184 --- Summary of changes: source3/librpc/crypto/gse_krb5.c | 110 +-- 1 file changed, 59 insertions(+), 51 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/librpc/crypto/gse_krb5.c b/source3/librpc/crypto/gse_krb5.c index 804247e784d..83741c914a3 100644 --- a/source3/librpc/crypto/gse_krb5.c +++ b/source3/librpc/crypto/gse_krb5.c @@ -37,9 +37,8 @@ static krb5_error_code flush_keytab(krb5_context krbctx, krb5_keytab keytab) ZERO_STRUCT(kt_entry); ret = krb5_kt_start_seq_get(krbctx, keytab, _cursor); - if (ret == KRB5_KT_END || ret == ENOENT ) { - /* no entries */ - return 0; + if (ret != 0) { + return ret; } ret = krb5_kt_next_entry(krbctx, keytab, _entry, _cursor); @@ -48,7 +47,7 @@ static krb5_error_code flush_keytab(krb5_context krbctx, krb5_keytab keytab) /* we need to close and reopen enumeration because we modify * the keytab */ ret = krb5_kt_end_seq_get(krbctx, keytab, _cursor); - if (ret) { + if (ret != 0) { DEBUG(1, (__location__ ": krb5_kt_end_seq_get() " "failed (%s)\n", error_message(ret))); goto out; @@ -56,7 +55,7 @@ static krb5_error_code flush_keytab(krb5_context krbctx, krb5_keytab keytab) /* remove the entry */ ret = krb5_kt_remove_entry(krbctx, keytab, _entry); - if (ret) { + if (ret != 0) { DEBUG(1, (__location__ ": krb5_kt_remove_entry() " "failed (%s)\n", error_message(ret))); goto out; @@ -66,7 +65,7 @@ static krb5_error_code flush_keytab(krb5_context krbctx, krb5_keytab keytab) /* now reopen */ ret = krb5_kt_start_seq_get(krbctx, keytab, _cursor); - if (ret) { + if (ret != 0) { DEBUG(1, (__location__ ": krb5_kt_start_seq() failed " "(%s)\n", error_message(ret))); goto out; @@ -81,6 +80,12 @@ static krb5_error_code flush_keytab(krb5_context krbctx, krb5_keytab keytab) error_message(ret))); } + ret = krb5_kt_end_seq_get(krbctx, keytab, _cursor); + if (ret != 0) { + DEBUG(1, (__location__ ": krb5_kt_end_seq_get() " + "failed (%s)\n", error_message(ret))); + goto out; + } ret = 0; out: @@ -156,7 +161,7 @@ static krb5_error_code fill_mem_keytab_from_secrets(krb5_context krbctx, krb5_keytab *keytab) { TALLOC_CTX *frame = talloc_stackframe(); - krb5_error_code ret; + krb5_error_code ret, ret2; const char *domain = lp_workgroup(); struct secrets_domain_info1 *info = NULL; const char *realm = NULL; @@ -198,55 +203,61 @@ static krb5_error_code fill_mem_keytab_from_secrets(krb5_context krbctx, /* check if the keytab already has any entry */ ret = krb5_kt_start_seq_get(krbctx, *keytab, _cursor); - if (ret != KRB5_KT_END && ret != ENOENT ) { - /* check if we have our special enctype used to hold -* the clear text password. If so, check it out so that -* we can verify if the keytab needs to be upgraded */ - while ((ret = krb5_kt_next_entry(krbctx, *keytab, - _entry, _cursor)) == 0) { - if (smb_krb5_kt_get_enctype_from_entry(_entry) == - CLEARTEXT_PRIV_ENCTYPE) { - break; - } - smb_krb5_kt_free_entry(krbctx, _entry); - ZERO_STRUCT(kt_entry); - } + if (ret != 0) { + goto out; + } - if (ret != 0 && ret != KRB5_KT_END && ret != ENOENT ) { -