[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0bf8d136769 docs-xml: some fixes to acl parameter documentation via a7fba3ff599 vfs_fruit: add missing calls to tevent_req_received() via 35c637f2e6c s3: VFS: fruit. Implement fsync_send()/fsync_recv(). via 1b8a8732848 s4: smbtorture: Add fsync_resource_fork test to fruit tests. from 688be0177b0 ctdb: Fix a use-after-free in run_proc https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0bf8d136769fd00f0de003c71e3551f936c5198e Author: Björn Jacke Date: Sun Sep 25 15:56:56 2022 +0200 docs-xml: some fixes to acl parameter documentation Signed-off-by: Bjoern Jacke Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Thu Oct 6 23:04:51 UTC 2022 on sn-devel-184 commit a7fba3ff5996330158d3cc6bc24746a59492b690 Author: Ralph Boehme Date: Thu Oct 6 14:31:08 2022 +0200 vfs_fruit: add missing calls to tevent_req_received() BUG: https://bugzilla.samba.org/show_bug.cgi?id=15182 Signed-off-by: Ralph Boehme Reviewed-by: Ralph Böhme commit 35c637f2e6c671acf8fb9c2a67774bd5e74dd7d0 Author: Jeremy Allison Date: Tue Sep 20 13:25:22 2022 -0700 s3: VFS: fruit. Implement fsync_send()/fsync_recv(). For type == ADOUBLE_META, fio->fake_fd is true so writes are already synchronous, just call tevent_req_post(). For type == ADOUBLE_RSRC we know we are configured with FRUIT_RSRC_ADFILE (because fruit_must_handle_aio_stream() returned true), so we can just call SMB_VFS_NEXT_FSYNC_SEND() after replacing fsp with fio->ad_fsp. Remove knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15182 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Böhme commit 1b8a8732848169c632af12b7c2b4cd3ee73be244 Author: Jeremy Allison Date: Tue Sep 20 12:08:29 2022 -0700 s4: smbtorture: Add fsync_resource_fork test to fruit tests. This shows we currently hang when sending an SMB2_OP_FLUSH on an AFP_Resource fork. Adds knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15182 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Böhme --- Summary of changes: docs-xml/manpages/vfs_acl_xattr.8.xml | 27 -- docs-xml/smbdotconf/filename/mapreadonly.xml | 2 +- docs-xml/smbdotconf/protocol/ntaclsupport.xml | 2 +- source3/modules/vfs_fruit.c | 114 +- source4/torture/vfs/fruit.c | 80 ++ 5 files changed, 215 insertions(+), 10 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/vfs_acl_xattr.8.xml b/docs-xml/manpages/vfs_acl_xattr.8.xml index 5a26359fa26..bb72f3facc6 100644 --- a/docs-xml/manpages/vfs_acl_xattr.8.xml +++ b/docs-xml/manpages/vfs_acl_xattr.8.xml @@ -29,16 +29,31 @@ samba 7 suite. + This module is made for systems which do not support + standardized NFS4 ACLs but only a deprecated POSIX ACL + draft implementation. This is usually the case on Linux systems. + Systems that do support just use NFSv4 ACLs directly instead + of this module. Such support is usually provided by the filesystem + VFS module specific to the underlying filesystem that supports + NFS4 ACLs + + The vfs_acl_xattr VFS module stores NTFS Access Control Lists (ACLs) in Extended Attributes (EAs). This enables the full mapping of Windows ACLs on Samba - servers. + servers even if the ACL implementation is not capable of + doing so. - The ACLs are stored in the Extended Attribute - security.NTACL of a file or directory. - This Attribute is not listed by - getfattr -d filename. + The NT ACLs are stored in the + security.NTACL extended attribute of files and + directories in a form containing the Windows SID representing the users + and groups in the ACL. + This is different from the uid and gids stored in local filesystem ACLs + and the mapping from users and groups to Windows SIDs must be + consistent in order to maintain the meaning of the stored NT ACL + That extended attribute is not listed by the Linux + command getfattr -d filename. To show the current value, the name of the EA must be specified (e.g. getfattr -n security.NTACL filename ). @@ -85,7 +100,7 @@ When set to yes, a best effort mapping - from/to the POSIX ACL layer will not be + from/to the POSIX draft ACL layer will not be done by this module. The default is no, which means that Samba keeps setting
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 688be0177b0 ctdb: Fix a use-after-free in run_proc from 9a8bc67f4a5 vfs_glusterfs: Remove special handling of O_CREAT flag https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 688be0177b04d04709813a02ae6da1e983ac25dd Author: Volker Lendecke Date: Fri Sep 30 17:02:41 2022 +0200 ctdb: Fix a use-after-free in run_proc If you happen to talloc_free(run_ctx) before all the tevent_req's hanging off it, you run into the following: ==495196== Invalid read of size 8 ==495196==at 0x10D757: run_proc_state_destructor (run_proc.c:413) ==495196==by 0x488F736: _tc_free_internal (talloc.c:1158) ==495196==by 0x488FBDD: _talloc_free_internal (talloc.c:1248) ==495196==by 0x4890F41: _talloc_free (talloc.c:1792) ==495196==by 0x48538B1: tevent_req_received (tevent_req.c:293) ==495196==by 0x4853429: tevent_req_destructor (tevent_req.c:129) ==495196==by 0x488F736: _tc_free_internal (talloc.c:1158) ==495196==by 0x4890AF6: _tc_free_children_internal (talloc.c:1669) ==495196==by 0x488F967: _tc_free_internal (talloc.c:1184) ==495196==by 0x488FBDD: _talloc_free_internal (talloc.c:1248) ==495196==by 0x4890F41: _talloc_free (talloc.c:1792) ==495196==by 0x10DE62: main (run_proc_test.c:86) ==495196== Address 0x55b77f8 is 152 bytes inside a block of size 160 free'd ==495196==at 0x48399AB: free (vg_replace_malloc.c:538) ==495196==by 0x488FB25: _tc_free_internal (talloc.c:1222) ==495196==by 0x488FBDD: _talloc_free_internal (talloc.c:1248) ==495196==by 0x4890F41: _talloc_free (talloc.c:1792) ==495196==by 0x10D315: run_proc_context_destructor (run_proc.c:329) ==495196==by 0x488F736: _tc_free_internal (talloc.c:1158) ==495196==by 0x488FBDD: _talloc_free_internal (talloc.c:1248) ==495196==by 0x4890F41: _talloc_free (talloc.c:1792) ==495196==by 0x10DE62: main (run_proc_test.c:86) ==495196== Block was alloc'd at ==495196==at 0x483877F: malloc (vg_replace_malloc.c:307) ==495196==by 0x488EAD9: __talloc_with_prefix (talloc.c:783) ==495196==by 0x488EC73: __talloc (talloc.c:825) ==495196==by 0x488F0FC: _talloc_named_const (talloc.c:982) ==495196==by 0x48925B1: _talloc_zero (talloc.c:2421) ==495196==by 0x10C8F2: proc_new (run_proc.c:61) ==495196==by 0x10D4C9: run_proc_send (run_proc.c:381) ==495196==by 0x10DDF6: main (run_proc_test.c:79) This happens because run_proc_context_destructor() directly does a talloc_free() on the struct proc_context's and not the enclosing tevent_req's. run_proc_kill() makes sure that we don't follow proc->req, but it forgets the "state->proc", which is free()'ed, but later dereferenced in run_proc_state_destructor(). This is an attempt at a quick fix, I believe we should convert run_proc_context->plist into an array of tevent_req's, so that we can properly TALLOC_FREE() according to the "natural" hierarchy and not just pull an arbitrary thread out of that heap. Signed-off-by: Volker Lendecke Reviewed-by: Martin Schwenke Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Thu Oct 6 15:10:20 UTC 2022 on sn-devel-184 --- Summary of changes: ctdb/common/run_proc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/ctdb/common/run_proc.c b/ctdb/common/run_proc.c index d55af6c3a1e..84bc343ba1f 100644 --- a/ctdb/common/run_proc.c +++ b/ctdb/common/run_proc.c @@ -408,10 +408,10 @@ struct tevent_req *run_proc_send(TALLOC_CTX *mem_ctx, static int run_proc_state_destructor(struct run_proc_state *state) { /* Do not get rid of the child process if timeout has occurred */ - if (state->proc->req != NULL) { + if ((state->proc != NULL) && (state->proc->req != NULL)) { state->proc->req = NULL; DLIST_REMOVE(state->run_ctx->plist, state->proc); - talloc_free(state->proc); + TALLOC_FREE(state->proc); } return 0; @@ -439,6 +439,7 @@ static void run_proc_kill(struct tevent_req *req) req, struct run_proc_state); state->proc->req = NULL; + state->proc = NULL; state->result.sig = SIGKILL; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 9a8bc67f4a5 vfs_glusterfs: Remove special handling of O_CREAT flag from 3ad0fa69255 pyldb: Fix typos in function names https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9a8bc67f4a5e4afecd648523f43a8e97584fcfd0 Author: Anoop C S Date: Mon Oct 3 15:36:13 2022 +0530 vfs_glusterfs: Remove special handling of O_CREAT flag Special handling of O_CREAT flag in SMB_VFS_OPENAT code path was the only option to ensure correctness due to a bug in libgfapi as detailed in issue #3838[1] from GlusterFS upstream. This has been fixed recently so that O_CREAT is handled correctly within glfs_openat() enbaling us to remove the corresponding special case from vfs_gluster_openat(). [1] https://github.com/gluster/glusterfs/issues/3838 Signed-off-by: Anoop C S Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Thu Oct 6 08:34:56 UTC 2022 on sn-devel-184 --- Summary of changes: source3/modules/vfs_glusterfs.c | 78 - 1 file changed, 30 insertions(+), 48 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c index 33f941aaca9..4284d7dea1d 100644 --- a/source3/modules/vfs_glusterfs.c +++ b/source3/modules/vfs_glusterfs.c @@ -825,61 +825,43 @@ static int vfs_gluster_openat(struct vfs_handle_struct *handle, became_root = true; } - /* -* O_CREAT flag in open is handled differently in a way which is *NOT* -* safe against symlink race situations. We use glfs_creat() instead -* for correctness as glfs_openat() is broken with O_CREAT present -* in open flags. -*/ - if (flags & O_CREAT) { - if (fsp_get_pathref_fd(dirfsp) != AT_FDCWD) { - /* -* Replace smb_fname with full_path constructed above. -*/ - smb_fname = full_fname; + if (fsp_get_pathref_fd(dirfsp) != AT_FDCWD) { +#ifdef HAVE_GFAPI_VER_7_11 + /* +* Fetch Gluster fd for parent directory using dirfsp +* before calling glfs_openat(); +*/ + pglfd = vfs_gluster_fetch_glfd(handle, dirfsp); + if (pglfd == NULL) { + END_PROFILE(syscall_openat); + DBG_ERR("Failed to fetch gluster fd\n"); + return -1; } + glfd = glfs_openat(pglfd, + smb_fname->base_name, + flags, + how->mode); +#else + /* +* Replace smb_fname with full_path constructed above. +*/ + smb_fname = full_fname; +#endif + } + + if (pglfd == NULL) { /* * smb_fname can either be a full_path or the same one * as received from the caller. In the latter case we * are operating at current working directory. */ - glfd = glfs_creat(handle->data, - smb_fname->base_name, - flags, - how->mode); - } else { - if (fsp_get_pathref_fd(dirfsp) != AT_FDCWD) { -#ifdef HAVE_GFAPI_VER_7_11 - /* -* Fetch Gluster fd for parent directory using dirfsp -* before calling glfs_openat(); -*/ - pglfd = vfs_gluster_fetch_glfd(handle, dirfsp); - if (pglfd == NULL) { - END_PROFILE(syscall_openat); - DBG_ERR("Failed to fetch gluster fd\n"); - return -1; - } - - glfd = glfs_openat(pglfd, - smb_fname->base_name, - flags, - how->mode); -#else - /* -* Replace smb_fname with full_path constructed above. -*/ - smb_fname = full_fname; -#endif - } - - if (pglfd == NULL) { - /* -* smb_fname can either be a full_path or the same one -* as received from the caller. In the latter case we -* are operating at current working directory. -*/ + if (flags & O_CREAT) { +