[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0bf8d136769 docs-xml: some fixes to acl parameter documentation via a7fba3ff599 vfs_fruit: add missing calls to tevent_req_received() via 35c637f2e6c s3: VFS: fruit. Implement fsync_send()/fsync_recv(). via 1b8a8732848 s4: smbtorture: Add fsync_resource_fork test to fruit tests. from 688be0177b0 ctdb: Fix a use-after-free in run_proc https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0bf8d136769fd00f0de003c71e3551f936c5198e Author: Björn Jacke Date: Sun Sep 25 15:56:56 2022 +0200 docs-xml: some fixes to acl parameter documentation Signed-off-by: Bjoern Jacke Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Thu Oct 6 23:04:51 UTC 2022 on sn-devel-184 commit a7fba3ff5996330158d3cc6bc24746a59492b690 Author: Ralph Boehme Date: Thu Oct 6 14:31:08 2022 +0200 vfs_fruit: add missing calls to tevent_req_received() BUG: https://bugzilla.samba.org/show_bug.cgi?id=15182 Signed-off-by: Ralph Boehme Reviewed-by: Ralph Böhme commit 35c637f2e6c671acf8fb9c2a67774bd5e74dd7d0 Author: Jeremy Allison Date: Tue Sep 20 13:25:22 2022 -0700 s3: VFS: fruit. Implement fsync_send()/fsync_recv(). For type == ADOUBLE_META, fio->fake_fd is true so writes are already synchronous, just call tevent_req_post(). For type == ADOUBLE_RSRC we know we are configured with FRUIT_RSRC_ADFILE (because fruit_must_handle_aio_stream() returned true), so we can just call SMB_VFS_NEXT_FSYNC_SEND() after replacing fsp with fio->ad_fsp. Remove knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15182 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Böhme commit 1b8a8732848169c632af12b7c2b4cd3ee73be244 Author: Jeremy Allison Date: Tue Sep 20 12:08:29 2022 -0700 s4: smbtorture: Add fsync_resource_fork test to fruit tests. This shows we currently hang when sending an SMB2_OP_FLUSH on an AFP_Resource fork. Adds knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15182 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Böhme --- Summary of changes: docs-xml/manpages/vfs_acl_xattr.8.xml | 27 -- docs-xml/smbdotconf/filename/mapreadonly.xml | 2 +- docs-xml/smbdotconf/protocol/ntaclsupport.xml | 2 +- source3/modules/vfs_fruit.c | 114 +- source4/torture/vfs/fruit.c | 80 ++ 5 files changed, 215 insertions(+), 10 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/vfs_acl_xattr.8.xml b/docs-xml/manpages/vfs_acl_xattr.8.xml index 5a26359fa26..bb72f3facc6 100644 --- a/docs-xml/manpages/vfs_acl_xattr.8.xml +++ b/docs-xml/manpages/vfs_acl_xattr.8.xml @@ -29,16 +29,31 @@ samba 7 suite. + This module is made for systems which do not support + standardized NFS4 ACLs but only a deprecated POSIX ACL + draft implementation. This is usually the case on Linux systems. + Systems that do support just use NFSv4 ACLs directly instead + of this module. Such support is usually provided by the filesystem + VFS module specific to the underlying filesystem that supports + NFS4 ACLs + + The vfs_acl_xattr VFS module stores NTFS Access Control Lists (ACLs) in Extended Attributes (EAs). This enables the full mapping of Windows ACLs on Samba - servers. + servers even if the ACL implementation is not capable of + doing so. - The ACLs are stored in the Extended Attribute - security.NTACL of a file or directory. - This Attribute is not listed by - getfattr -d filename. + The NT ACLs are stored in the + security.NTACL extended attribute of files and + directories in a form containing the Windows SID representing the users + and groups in the ACL. + This is different from the uid and gids stored in local filesystem ACLs + and the mapping from users and groups to Windows SIDs must be + consistent in order to maintain the meaning of the stored NT ACL + That extended attribute is not listed by the Linux + command getfattr -d filename. To show the current value, the name of the EA must be specified (e.g. getfattr -n security.NTACL filename ). @@ -85,7 +100,7 @@ When set to yes, a best effort mapping - from/to the POSIX ACL layer will not be + from/to the POSIX draft ACL layer will not be done by this module. The default is no, which means that Samba keeps setting
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 688be0177b0 ctdb: Fix a use-after-free in run_proc
from 9a8bc67f4a5 vfs_glusterfs: Remove special handling of O_CREAT flag
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 688be0177b04d04709813a02ae6da1e983ac25dd
Author: Volker Lendecke
Date: Fri Sep 30 17:02:41 2022 +0200
ctdb: Fix a use-after-free in run_proc
If you happen to talloc_free(run_ctx) before all the tevent_req's
hanging off it, you run into the following:
==495196== Invalid read of size 8
==495196==at 0x10D757: run_proc_state_destructor (run_proc.c:413)
==495196==by 0x488F736: _tc_free_internal (talloc.c:1158)
==495196==by 0x488FBDD: _talloc_free_internal (talloc.c:1248)
==495196==by 0x4890F41: _talloc_free (talloc.c:1792)
==495196==by 0x48538B1: tevent_req_received (tevent_req.c:293)
==495196==by 0x4853429: tevent_req_destructor (tevent_req.c:129)
==495196==by 0x488F736: _tc_free_internal (talloc.c:1158)
==495196==by 0x4890AF6: _tc_free_children_internal (talloc.c:1669)
==495196==by 0x488F967: _tc_free_internal (talloc.c:1184)
==495196==by 0x488FBDD: _talloc_free_internal (talloc.c:1248)
==495196==by 0x4890F41: _talloc_free (talloc.c:1792)
==495196==by 0x10DE62: main (run_proc_test.c:86)
==495196== Address 0x55b77f8 is 152 bytes inside a block of size 160 free'd
==495196==at 0x48399AB: free (vg_replace_malloc.c:538)
==495196==by 0x488FB25: _tc_free_internal (talloc.c:1222)
==495196==by 0x488FBDD: _talloc_free_internal (talloc.c:1248)
==495196==by 0x4890F41: _talloc_free (talloc.c:1792)
==495196==by 0x10D315: run_proc_context_destructor (run_proc.c:329)
==495196==by 0x488F736: _tc_free_internal (talloc.c:1158)
==495196==by 0x488FBDD: _talloc_free_internal (talloc.c:1248)
==495196==by 0x4890F41: _talloc_free (talloc.c:1792)
==495196==by 0x10DE62: main (run_proc_test.c:86)
==495196== Block was alloc'd at
==495196==at 0x483877F: malloc (vg_replace_malloc.c:307)
==495196==by 0x488EAD9: __talloc_with_prefix (talloc.c:783)
==495196==by 0x488EC73: __talloc (talloc.c:825)
==495196==by 0x488F0FC: _talloc_named_const (talloc.c:982)
==495196==by 0x48925B1: _talloc_zero (talloc.c:2421)
==495196==by 0x10C8F2: proc_new (run_proc.c:61)
==495196==by 0x10D4C9: run_proc_send (run_proc.c:381)
==495196==by 0x10DDF6: main (run_proc_test.c:79)
This happens because run_proc_context_destructor() directly does a
talloc_free() on the struct proc_context's and not the enclosing
tevent_req's. run_proc_kill() makes sure that we don't follow
proc->req, but it forgets the "state->proc", which is free()'ed, but
later dereferenced in run_proc_state_destructor().
This is an attempt at a quick fix, I believe we should convert
run_proc_context->plist into an array of tevent_req's, so that we can
properly TALLOC_FREE() according to the "natural" hierarchy and not
just pull an arbitrary thread out of that heap.
Signed-off-by: Volker Lendecke
Reviewed-by: Martin Schwenke
Autobuild-User(master): Volker Lendecke
Autobuild-Date(master): Thu Oct 6 15:10:20 UTC 2022 on sn-devel-184
---
Summary of changes:
ctdb/common/run_proc.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/ctdb/common/run_proc.c b/ctdb/common/run_proc.c
index d55af6c3a1e..84bc343ba1f 100644
--- a/ctdb/common/run_proc.c
+++ b/ctdb/common/run_proc.c
@@ -408,10 +408,10 @@ struct tevent_req *run_proc_send(TALLOC_CTX *mem_ctx,
static int run_proc_state_destructor(struct run_proc_state *state)
{
/* Do not get rid of the child process if timeout has occurred */
- if (state->proc->req != NULL) {
+ if ((state->proc != NULL) && (state->proc->req != NULL)) {
state->proc->req = NULL;
DLIST_REMOVE(state->run_ctx->plist, state->proc);
- talloc_free(state->proc);
+ TALLOC_FREE(state->proc);
}
return 0;
@@ -439,6 +439,7 @@ static void run_proc_kill(struct tevent_req *req)
req, struct run_proc_state);
state->proc->req = NULL;
+ state->proc = NULL;
state->result.sig = SIGKILL;
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 9a8bc67f4a5 vfs_glusterfs: Remove special handling of O_CREAT flag
from 3ad0fa69255 pyldb: Fix typos in function names
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 9a8bc67f4a5e4afecd648523f43a8e97584fcfd0
Author: Anoop C S
Date: Mon Oct 3 15:36:13 2022 +0530
vfs_glusterfs: Remove special handling of O_CREAT flag
Special handling of O_CREAT flag in SMB_VFS_OPENAT code path was the
only option to ensure correctness due to a bug in libgfapi as detailed
in issue #3838[1] from GlusterFS upstream. This has been fixed recently
so that O_CREAT is handled correctly within glfs_openat() enbaling us to
remove the corresponding special case from vfs_gluster_openat().
[1] https://github.com/gluster/glusterfs/issues/3838
Signed-off-by: Anoop C S
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Thu Oct 6 08:34:56 UTC 2022 on sn-devel-184
---
Summary of changes:
source3/modules/vfs_glusterfs.c | 78 -
1 file changed, 30 insertions(+), 48 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c
index 33f941aaca9..4284d7dea1d 100644
--- a/source3/modules/vfs_glusterfs.c
+++ b/source3/modules/vfs_glusterfs.c
@@ -825,61 +825,43 @@ static int vfs_gluster_openat(struct vfs_handle_struct
*handle,
became_root = true;
}
- /*
-* O_CREAT flag in open is handled differently in a way which is *NOT*
-* safe against symlink race situations. We use glfs_creat() instead
-* for correctness as glfs_openat() is broken with O_CREAT present
-* in open flags.
-*/
- if (flags & O_CREAT) {
- if (fsp_get_pathref_fd(dirfsp) != AT_FDCWD) {
- /*
-* Replace smb_fname with full_path constructed above.
-*/
- smb_fname = full_fname;
+ if (fsp_get_pathref_fd(dirfsp) != AT_FDCWD) {
+#ifdef HAVE_GFAPI_VER_7_11
+ /*
+* Fetch Gluster fd for parent directory using dirfsp
+* before calling glfs_openat();
+*/
+ pglfd = vfs_gluster_fetch_glfd(handle, dirfsp);
+ if (pglfd == NULL) {
+ END_PROFILE(syscall_openat);
+ DBG_ERR("Failed to fetch gluster fd\n");
+ return -1;
}
+ glfd = glfs_openat(pglfd,
+ smb_fname->base_name,
+ flags,
+ how->mode);
+#else
+ /*
+* Replace smb_fname with full_path constructed above.
+*/
+ smb_fname = full_fname;
+#endif
+ }
+
+ if (pglfd == NULL) {
/*
* smb_fname can either be a full_path or the same one
* as received from the caller. In the latter case we
* are operating at current working directory.
*/
- glfd = glfs_creat(handle->data,
- smb_fname->base_name,
- flags,
- how->mode);
- } else {
- if (fsp_get_pathref_fd(dirfsp) != AT_FDCWD) {
-#ifdef HAVE_GFAPI_VER_7_11
- /*
-* Fetch Gluster fd for parent directory using dirfsp
-* before calling glfs_openat();
-*/
- pglfd = vfs_gluster_fetch_glfd(handle, dirfsp);
- if (pglfd == NULL) {
- END_PROFILE(syscall_openat);
- DBG_ERR("Failed to fetch gluster fd\n");
- return -1;
- }
-
- glfd = glfs_openat(pglfd,
- smb_fname->base_name,
- flags,
- how->mode);
-#else
- /*
-* Replace smb_fname with full_path constructed above.
-*/
- smb_fname = full_fname;
-#endif
- }
-
- if (pglfd == NULL) {
- /*
-* smb_fname can either be a full_path or the same one
-* as received from the caller. In the latter case we
-* are operating at current working directory.
-*/
+ if (flags & O_CREAT) {
+
