[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 80159018e41 s3:utils: Fix Inherit-Only flag being automatically propagated to children via eba2bfde347 python/samba/tests/blackbox: Add tests for Inherit-only flag propagation from 96b5cfe4e6c s3:libsmb: Pass a memory context to get_ipc_connect() https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 80159018e411c643fbfe7ef82bd33e30b6147901 Author: Anna Popova Date: Fri Apr 12 17:32:37 2024 +0300 s3:utils: Fix Inherit-Only flag being automatically propagated to children Inherit-only flag applies only to the container it was set to and it shouldn't be automatically propagated to children. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15636 Signed-off-by: Anna Popova Reviewed-by: Noel Power Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Mon Apr 29 10:56:48 UTC 2024 on atb-devel-224 commit eba2bfde347041a395f0fbd3c57235be63b1890d Author: yuzu367 Date: Thu Apr 11 11:31:07 2024 +0300 python/samba/tests/blackbox: Add tests for Inherit-only flag propagation BUG: https://bugzilla.samba.org/show_bug.cgi?id=15636 Signed-off-by: Anna Popova Reviewed-by: Noel Power Reviewed-by: Ralph Boehme --- Summary of changes: .../blackbox/smbcacls_propagate_inhertance.py | 108 + source3/utils/smbcacls.c | 4 + 2 files changed, 112 insertions(+) Changeset truncated at 500 lines: diff --git a/python/samba/tests/blackbox/smbcacls_propagate_inhertance.py b/python/samba/tests/blackbox/smbcacls_propagate_inhertance.py index cc13727b8fb..5b3a27111d5 100644 --- a/python/samba/tests/blackbox/smbcacls_propagate_inhertance.py +++ b/python/samba/tests/blackbox/smbcacls_propagate_inhertance.py @@ -1288,3 +1288,111 @@ class InheritanceSmbCaclsTests(SmbCaclsBlockboxTestBase): except BlackboxProcessError as e: self.fail(str(e)) + +def test_simple_iocioi_add(self): +"""test smbcacls '--propagate-inheritance --add' which attempts to add the ACL +for the file and additionally use inheritance rules to propagate appropriate +changes to children + +This test adds an ACL with (IO)(CI)(OI)(READ) + +before: + ++-tar_test_dir/(OI)(CI)(I)(F) + +-oi_dir/(OI)(CI)(I)(F) + | +-file.1(I)(F) + | +-nested/ (OI)(CI)(I)(F) + | +-file.2 (I)(F) + | +-nested_again/ (OI)(CI)(I)(F) + | +-file.3 (I)(F) + +after/expected: + ++-tar_test_dir/(OI)(CI)(I)(F) + +-oi_dir/(OI)(CI)(I)(F), (IO)(CI)(OI)(READ) + | +-file.1(I)(F), (I)(READ) + | +-nested/ (OI)(CI)(I)(F), (I)(CI)(OI)(READ) + | +-file.2 (I)(F), (I)(READ) + | +-nested_again/ (OI)(CI)(I)(F), (I)(CI)(OI)(READ) + | +-file.3 (I)(F), (I)(READ)""" + +dir_add_acl_str = "ACL:%s:ALLOWED/OI|CI|IO/READ" % self.user +obj_inherited_ace_str = "ACL:%s:ALLOWED/I/READ" % self.user +dir_inherited_ace_str = "ACL:%s:ALLOWED/OI|CI|I/READ" % self.user + +try: + +self.smb_cacls(["--propagate-inheritance", "--add", +dir_add_acl_str, self.oi_dir]) + +# check top level container 'oi_dir' has IO|CI|OI/READ +dir_ace = self.ace_parse_str(dir_add_acl_str) +self.assertTrue(self.file_ace_check(self.oi_dir, dir_ace)) + +# file 'oi_dir/file-1' should have inherited I/READ +child_file_ace = self.ace_parse_str(obj_inherited_ace_str) +self.assertTrue(self.file_ace_check(self.f1, child_file_ace)) + +# nested dir 'oi_dir/nested/' should have I|CI|OI/READ +child_dir_ace = self.ace_parse_str(dir_inherited_ace_str) +self.assertTrue(self.file_ace_check(self.nested_dir, child_dir_ace)) + +# nested file 'oi_dir/nested/file-2' should have inherited I/READ +self.assertTrue(self.file_ace_check(self.f2, child_file_ace)) + +# nested_again dir 'oi_dir/nested/nested_again' should have I|CI|OI/READ +child_dir_ace = self.ace_parse_str(dir_inherited_ace_str) +self.assertTrue(self.file_ace_check(self.nested_again_dir, child_dir_ace)) +# nested_again file 'oi_dir/nested/nested_again/file-3' should have inherited I/READ +self.assertTrue(self.file_ace_check(self.f3, child_file_ace)) +except BlackboxProcessError as e: +self.fail(str(e)) + +def test_simple_ioci_add(self): +
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0dec2ef188a Revert "token_util.c: prefer capabilities over become_root" via 32aa11e9b57 Revert "dosmode.c: prefer use of capabilities at two places over become_root" via 33e88911ee7 Revert "nfs4_acls.c: prefer capabilities over become_root" via af7b930e2bf Revert "vfs_acl_common.c: prefer capabilities over become_root" via 52ad635b270 Revert "vfs_default.c: prefer capabilities over become_root" via 10c7a3e47c6 Revert "vfs_posix_eadb.c: prefer capabilities over become_root" via 7f19afbd40d Revert "vfs_recycle.c: prefer capabilities over become_root" via 88eb58af678 Revert "open.c: prefer capabilities over become_root" via 87479544381 Revert "posix_acls.c: prefer capabilities over become_root" via 58ea952fd0c Revert "dosmode: prefer capabilities over become_root" from 9550d37f2f9 winbind: Log NOT_IMPLEMENTED as debug https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0dec2ef188a93504da873d927ca2b26f8c491fb8 Author: Björn Jacke Date: Thu Jan 25 00:46:38 2024 +0100 Revert "token_util.c: prefer capabilities over become_root" This reverts commit 944cb51506a94084d7ab52ee044fe6f66e1aaeb9. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Mar 27 10:47:23 UTC 2024 on atb-devel-224 commit 32aa11e9b570ce1c0bec889b699bc4897c9d9843 Author: Björn Jacke Date: Mon Mar 25 17:04:45 2024 +0100 Revert "dosmode.c: prefer use of capabilities at two places over become_root" This reverts commit c1e2fbb1b9a7551becf5caa0f08d434edf9ad862. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme commit 33e88911ee7a8974d52021632ca25c1ddfcb6f45 Author: Björn Jacke Date: Mon Mar 25 17:04:23 2024 +0100 Revert "nfs4_acls.c: prefer capabilities over become_root" This reverts commit 06e5c1e32ea7907523cc19f021225e7541e2075f. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme commit af7b930e2bfe2275cee14dc2154f2aea8875fa63 Author: Björn Jacke Date: Mon Mar 25 17:04:17 2024 +0100 Revert "vfs_acl_common.c: prefer capabilities over become_root" This reverts commit 12734848dc9901b932644139aaa7e3f78e55c8dc. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme commit 52ad635b2705bcfc8166bd90b1ad35ebb9cbc986 Author: Björn Jacke Date: Mon Mar 25 17:03:57 2024 +0100 Revert "vfs_default.c: prefer capabilities over become_root" This reverts commit 62464bd2db2a95b1253364f4493bbb6770b73193. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme commit 10c7a3e47c62dcb1dfe7e384960d60cafcb9e44e Author: Björn Jacke Date: Mon Mar 25 17:03:50 2024 +0100 Revert "vfs_posix_eadb.c: prefer capabilities over become_root" This reverts commit 92278418dc885ed411f545e73c800ce93f858090. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme commit 7f19afbd40d3ad3c8d186d0a2a64d07a2a8bd00a Author: Björn Jacke Date: Mon Mar 25 17:03:44 2024 +0100 Revert "vfs_recycle.c: prefer capabilities over become_root" This reverts commit 4227b011f6ada97a4cd72a440ed887ffdb3f219e. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme commit 88eb58af6783ad23d2e2b602ee9fdbbdf556b354 Author: Björn Jacke Date: Mon Mar 25 17:03:35 2024 +0100 Revert "open.c: prefer capabilities over become_root" This reverts commit b250f25fe407f9a6269b804382de4854501f2d86. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme commit 87479544381e103ee2b1def574a5865a3f6a93d9 Author: Björn Jacke Date: Mon Mar 25 17:03:28 2024 +0100 Revert "posix_acls.c: prefer capabilities over become_root" This reverts commit 1edf9ecaf56f3312e199e633bff0804243042e33. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme commit 58ea952fd0c716f94b1b79b8ed1829bb72732ccc Author: Björn Jacke Date: Mon Mar 25 17:03:14 2024 +0100 Revert "dosmode: prefer capabilities over become_root&qu
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d63e972aa09 WHATSNEW: Add entry for new save/restore options for smbcacls via a9028f25e6a WHATSNEW: Add entry for wspsearch client utility via 49b6137f7c2 s3: Make build of wspsearch client enabled by default via 697d41420b4 Revert "vfs_acl_xattr.c: prefer capabilities over become_root" from 39e3300b8d8 smbd: Some README.Coding in smbd_do_qfilepathinfo() https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d63e972aa098a2bd0f76f03734c8d0790857b605 Author: Noel Power Date: Tue Jan 9 11:02:28 2024 + WHATSNEW: Add entry for new save/restore options for smbcacls Signed-off-by: Noel Power Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Jan 26 11:30:07 UTC 2024 on atb-devel-224 commit a9028f25e6a7251b104d11aab3c4d0494c086c7b Author: Noel Power Date: Mon Jan 8 17:01:26 2024 + WHATSNEW: Add entry for wspsearch client utility Signed-off-by: Noel Power Reviewed-by: Ralph Boehme commit 49b6137f7c2244aeb3cf9b65fc9d46fcf0b8dc55 Author: Noel Power Date: Mon Jan 8 16:45:16 2024 + s3: Make build of wspsearch client enabled by default Although wspsearch client is experimental it is probably better to enable its building by default so it gets has some opportunity to be used/tested by users. Signed-off-by: Noel Power commit 697d41420b4f4830396acfbc96bd1f1c1f0531f4 Author: Anoop C S Date: Wed Jan 24 15:06:53 2024 +0530 Revert "vfs_acl_xattr.c: prefer capabilities over become_root" This reverts commit 0e3836e3961f2b7c39173ce1023d3c92addef630. With capabilities preferred over become_root() we failed to achieve the basic goal of storing NT ACLs in xattrs using vfs_acl_xattr. This is due to the fact that apart from CAP_DAC_OVERRIDE it is manadatory to have CAP_SYS_ADMIN for write access to xattrs from security namespace[1]. Despite the option to configure the xattr name within the module we should not anticipate and miss to consider xattrs from security namespace which is far more protected even with our default name "security.NTACL". Theorotically we could make it work by adding another capability on top of existing ones. But given the functions designed around this area we may not be able to come up with a cleaner change which can handle the fallback mechanism to become_root(). Any failure to set the very first capability would put us in become_root() path where further capabilities are mostly not required. Thus reverting to old behaviour to always become_root() until we have a cleaner approach to handle the fallback while modifying multiple capabilities at once. [1] https://www.man7.org/linux/man-pages/man7/xattr.7.html Signed-off-by: Anoop C S Reviewed-by: Ralph Boehme --- Summary of changes: WHATSNEW.txt| 27 +++ source3/modules/vfs_acl_xattr.c | 12 ++-- source3/wscript | 2 +- 3 files changed, 34 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index aba6726840c..e2bd54a1d01 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -81,6 +81,33 @@ Supported operations include: credentials cache with a new command "samba-tool user get-kerberos-ticket" +New Windows Search Protocol Client +-- + +Samba now by default builds new experimental Windows Search Protocol (WSP) +command line client "wspsearch" + +The "wspsearch" cmd-line utility allows a WSP search request to be sent +to a server (such as a windows server) that has the (WSP) +Windows Search Protocol service configured and enabled. + +For more details see the wspsearch man page. + +Allow 'smbcacls' to save/restore DACLs to file + + +'smbcacls' has been extended to allow DACLs to be saved and restored +to/from a file. This feature mimics the functionality that windows cmd +line tool 'icacls.exe' provides. Additionally files created either +by 'smbcalcs' or 'icacls.exe' are interchangeable and can be used by +either tool as the same file format is used. + +New options added are: + - '--save savefile'Saves DACLs in sddl format to file + - '--recurse' Performs the '--save' operation above on directory +and all files/directories below. + - '--restore savefile' Restores the stored DACLS to files in directory + REMOVED FEATURES diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index ee247a312f7..1a3ab34d659 100644 --- a/source3/m
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f14a7065690 smbd: move access override for previous versions to the SMB layer via fd4e41144a8 smbd: check for previous versions in check_any_access_fsp() via 02ed99343d1 smbd: use check_any_access_fsp() for all access checks via 995a31c8d4c smbd: replace CHECK_WRITE() macro with calls to check_any_access_fsp() via ee3035218df smbd: set fsp->fsp_flags.can_write to false for access to previous-versions via a0ae45be770 smbd: return correct error when trying to create a hardlink to a VSS file via bf497819e61 smbd: fix check_any_access_fsp() for non-fsa fsps via 96b577c380f smbd: rename check_access_fsp() to check_any_access_fsp() via 76c8fe16bff smbd: set fsp_flags.is_fsa to true on printer file handles via 276c5bd851a smbd: return the correct error in can_rename() via 537eedfe2a7 smbtorture: expand smb2.twrp.write test via c62484bc2c6 s4/libcli/raw: implemement RAW_SFILEINFO_LINK_INFORMATION via 78119edba01 selftest: remove error_inject from shadow_write share from 1047abf3aa3 selftest: let list_servers.NT1 really use NT1 protocol https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f14a7065690b00e3c6af2c1f0b0aec51c1e0b372 Author: Ralph Boehme Date: Fri Dec 15 11:59:36 2023 +0100 smbd: move access override for previous versions to the SMB layer Doing the previous version access checks and semantics at the SMB layer means we can simplify the shadow_copy2 and remove the kludge. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Mon Jan 8 16:58:26 UTC 2024 on atb-devel-224 commit fd4e41144a819b4403340e4a28664ac586722b41 Author: Ralph Boehme Date: Wed Dec 20 15:09:59 2023 +0100 smbd: check for previous versions in check_any_access_fsp() Now that check_any_access_fsp() is broadly used consistently to restrict access for all modifying operations, we can add a check for previous versions to check_any_access_fsp() and it gets enforced consistently. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit 02ed99343d19fd0845531ad99a46b1dd5b8a7a4f Author: Ralph Boehme Date: Wed Dec 20 18:01:57 2023 +0100 smbd: use check_any_access_fsp() for all access checks Replaces the direct access to fsp->access_mask with a call to check_any_access_fsp() which allows doing additional checks if needed. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit 995a31c8d4c1789c16bae6b8196f2565d4b1dfdb Author: Ralph Boehme Date: Wed Dec 20 18:32:25 2023 +0100 smbd: replace CHECK_WRITE() macro with calls to check_any_access_fsp() The additional check if fd underlying fd is valid and not -1 should not be done at this place. I actually would prefer an write to fail with EBADF if this happens, as it's likely easier to debug why this happened. These days we should always have a valid fd. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit ee3035218df4cfd68b6aab6825c78f2b85234c6c Author: Ralph Boehme Date: Wed Dec 20 18:03:22 2023 +0100 smbd: set fsp->fsp_flags.can_write to false for access to previous-versions BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit a0ae45be770a13373c148a689b9761f14c4f942c Author: Ralph Boehme Date: Fri Dec 22 11:19:38 2023 +0100 smbd: return correct error when trying to create a hardlink to a VSS file BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit bf497819e61131cfa6469971596af3aa9bd4bb49 Author: Ralph Boehme Date: Thu Dec 21 10:58:09 2023 +0100 smbd: fix check_any_access_fsp() for non-fsa fsps smbd_check_access_rights_fsp() requires *all* rights in access_mask to be granted by the underlying ACL, but the semantics of this function is supposed to grant access if any one of the rights in access_requested is allowed. Fix this by looping over the requested access mask. If smbd_check_access_rights_fsp() returns sucess, mask will be non-null and when assigned to access_granted, the subsequent check will pass, fail otherwise. I'm not doing an early exit on purpose because a subsequent commit adds additional security checks that are done in the subsequent code path common for fs
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 963fc353e70 vfs_gpfs: Implement CAP_DAC_OVERRIDE for fstatat
via cbdc16a7cfa vfs_gpfs: Implement CAP_DAC_OVERRIDE for fstat
via 95319351e37 vfs_gpfs: Move fstatat with DAC_CAP_OVERRIDE to helper
function
via b317622a8fe vfs_gpfs: Use O_PATH for opening dirfd for stat with
CAP_DAC_OVERRIDE
from 091af82f759 s4:kdc: Don’t convey PAC buffers from an RODC‐issued PAC
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 963fc353e70b940f4009ca2764e966682400e2dc
Author: Christof Schmitt
Date: Thu Oct 26 15:51:02 2023 -0700
vfs_gpfs: Implement CAP_DAC_OVERRIDE for fstatat
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Wed Nov 8 18:42:13 UTC 2023 on atb-devel-224
commit cbdc16a7cfa225d1cf9109fafe85e9d14729700e
Author: Christof Schmitt
Date: Thu Oct 26 14:45:34 2023 -0700
vfs_gpfs: Implement CAP_DAC_OVERRIDE for fstat
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt
Reviewed-by: Ralph Boehme
commit 95319351e37b8b968b798eee66c93852d9ad2d81
Author: Christof Schmitt
Date: Thu Oct 26 14:39:46 2023 -0700
vfs_gpfs: Move fstatat with DAC_CAP_OVERRIDE to helper function
Allow reuse of this code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt
Reviewed-by: Ralph Boehme
commit b317622a8fed0ee195ffe40129eb5bcad28dd985
Author: Christof Schmitt
Date: Thu Oct 26 14:37:15 2023 -0700
vfs_gpfs: Use O_PATH for opening dirfd for stat with CAP_DAC_OVERRIDE
Use O_PATH when available; this avoids the need for READ/LIST access on
that directory. Keep using O_RDONLY if the system does not have O_PATH.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt
Reviewed-by: Ralph Boehme
---
Summary of changes:
source3/modules/vfs_gpfs.c | 89 +-
1 file changed, 80 insertions(+), 9 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c
index 1c11809fb1b..2f505a103b0 100644
--- a/source3/modules/vfs_gpfs.c
+++ b/source3/modules/vfs_gpfs.c
@@ -1588,6 +1588,25 @@ static NTSTATUS vfs_gpfs_fset_dos_attributes(struct
vfs_handle_struct *handle,
return NT_STATUS_OK;
}
+static int fstatat_with_cap_dac_override(int fd,
+const char *pathname,
+SMB_STRUCT_STAT *sbuf,
+int flags,
+bool fake_dir_create_times)
+{
+ int ret;
+
+ set_effective_capability(DAC_OVERRIDE_CAPABILITY);
+ ret = sys_fstatat(fd,
+ pathname,
+ sbuf,
+ flags,
+ fake_dir_create_times);
+ drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
+
+ return ret;
+}
+
static int stat_with_capability(struct vfs_handle_struct *handle,
struct smb_filename *smb_fname, int flag)
{
@@ -1597,6 +1616,11 @@ static int stat_with_capability(struct vfs_handle_struct
*handle,
struct smb_filename *dir_name = NULL;
struct smb_filename *rel_name = NULL;
int ret = -1;
+#ifdef O_PATH
+ int open_flags = O_PATH;
+#else
+ int open_flags = O_RDONLY;
+#endif
status = SMB_VFS_PARENT_PATHNAME(handle->conn,
talloc_tos(),
@@ -1608,20 +1632,17 @@ static int stat_with_capability(struct
vfs_handle_struct *handle,
return -1;
}
- fd = open(dir_name->base_name, O_RDONLY, 0);
+ fd = open(dir_name->base_name, open_flags, 0);
if (fd == -1) {
TALLOC_FREE(dir_name);
return -1;
}
- set_effective_capability(DAC_OVERRIDE_CAPABILITY);
- ret = sys_fstatat(fd,
- rel_name->base_name,
- _fname->st,
- flag,
- fake_dctime);
-
- drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
+ ret = fstatat_with_cap_dac_override(fd,
+ rel_name->base_name,
+ _fname->st,
+ flag,
+ fake_dctime);
TALLOC_FREE(dir_name);
close(fd);
@@ -1643,6 +1664,29 @@ static int vfs_gpfs_stat(struct vfs_h
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 7a5228ffce0 CI: smb3unix.py: check basic CreateContexts response
via b6301fd0d75 libsmb: add all fields from SMB2_FIND_POSIX_INFORMATION
in list_posix_helper()
via d6c8b709edb libsmb: remove mode from struct file_info
via 3dc1911f7c4 libsmb: use K format for parsing unsigned long long
via f52a025ac48 libsmb: info-level SMB2_FIND_POSIX_INFORMATION doesn't
return short name
via ea89dd0069e libsmb: infer posix context from info_level
via 6944aa7cafd CI: smb3unix.py: use libsmb.SMB2_FIND_POSIX_INFORMATION
via 4ff144c247a pylibsmb: add IO_REPARSE_TAG_RESERVED_ZERO
via 8a8f1f3c6c4 libcli/smb: add IO_REPARSE_TAG_RESERVED_ZERO
from 9313731e96c ctdb-scripts: Update detect_init_style to use
/etc/os-release
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 7a5228ffce0fd6700df03812aeb5712e4eb88928
Author: Ralph Boehme
Date: Fri Oct 27 18:50:48 2023 +0200
CI: smb3unix.py: check basic CreateContexts response
Signed-off-by: Ralph Boehme
Reviewed-by: David Mulder
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Tue Oct 31 05:41:17 UTC 2023 on atb-devel-224
commit b6301fd0d75575fd8c19a24c37b2f353dc871fd5
Author: Ralph Boehme
Date: Sun Oct 29 15:31:33 2023 +0100
libsmb: add all fields from SMB2_FIND_POSIX_INFORMATION in
list_posix_helper()
Signed-off-by: Ralph Boehme
Reviewed-by: David Mulder
commit d6c8b709edb9c648934587b7d0f6ef4f06c78c38
Author: Ralph Boehme
Date: Sun Oct 29 15:27:08 2023 +0100
libsmb: remove mode from struct file_info
There's already the "attr" member and this is even used in
list_posix_helper()
in pylibsmb.c. While at it, remove the cast in list_posix_helper() by using
"I"
instead of "i" format.
Signed-off-by: Ralph Boehme
Reviewed-by: David Mulder
commit 3dc1911f7c434de9631ddd28beeac04aa7af9f87
Author: Ralph Boehme
Date: Sun Oct 29 14:59:22 2023 +0100
libsmb: use K format for parsing unsigned long long
Signed-off-by: Ralph Boehme
Reviewed-by: David Mulder
commit f52a025ac485694441096edff910da58761df94a
Author: Ralph Boehme
Date: Sun Oct 29 14:49:20 2023 +0100
libsmb: info-level SMB2_FIND_POSIX_INFORMATION doesn't return short name
Signed-off-by: Ralph Boehme
Reviewed-by: David Mulder
commit ea89dd0069e7df323208ddea91ea79cdad64700c
Author: Ralph Boehme
Date: Sun Oct 29 11:21:47 2023 +0100
libsmb: infer posix context from info_level
No need for an explcit additional argument, we can just infer this from the
info_level.
Signed-off-by: Ralph Boehme
Reviewed-by: David Mulder
commit 6944aa7cafd536598053812ce6b66b4d8e284859
Author: Ralph Boehme
Date: Sun Oct 29 11:09:04 2023 +0100
CI: smb3unix.py: use libsmb.SMB2_FIND_POSIX_INFORMATION
Signed-off-by: Ralph Boehme
Reviewed-by: David Mulder
commit 4ff144c247a8548a47743e197406e844038df1fc
Author: Ralph Boehme
Date: Fri Oct 27 18:50:30 2023 +0200
pylibsmb: add IO_REPARSE_TAG_RESERVED_ZERO
Signed-off-by: Ralph Boehme
Reviewed-by: David Mulder
commit 8a8f1f3c6c46d4fa2fe473c93b1c14fae806274e
Author: Ralph Boehme
Date: Fri Oct 27 18:50:06 2023 +0200
libcli/smb: add IO_REPARSE_TAG_RESERVED_ZERO
Signed-off-by: Ralph Boehme
Reviewed-by: David Mulder
---
Summary of changes:
libcli/smb/smb_constants.h | 1 +
python/samba/tests/smb3unix.py | 66 +++---
source3/include/client.h | 1 -
source3/libsmb/cli_smb2_fnum.c | 9 +++---
source3/libsmb/cli_smb2_fnum.h | 3 +-
source3/libsmb/clilist.c | 7 ++---
source3/libsmb/proto.h | 3 +-
source3/libsmb/pylibsmb.c | 45
8 files changed, 100 insertions(+), 35 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/smb/smb_constants.h b/libcli/smb/smb_constants.h
index 8d3dc998a10..ead047d924f 100644
--- a/libcli/smb/smb_constants.h
+++ b/libcli/smb/smb_constants.h
@@ -607,6 +607,7 @@ enum csc_policy {
* A few values from [MS-FSCC] 2.1.2.1 Reparse Tags
*/
+#define IO_REPARSE_TAG_RESERVED_ZERO 0x
#define IO_REPARSE_TAG_SYMLINK 0xA00C
#define IO_REPARSE_TAG_MOUNT_POINT 0xA003
#define IO_REPARSE_TAG_HSM 0xC004
diff --git a/python/samba/tests/smb3unix.py b/python/samba/tests/smb3unix.py
index 7b25c4bcd68..a98109d096b 100644
--- a/python/samba/tests/smb3unix.py
+++ b/python/samba/tests/smb3unix.py
@@ -20,12 +20,21 @@ from samba import NTSTATUSError,ntstatus
import samba.tests.libsmb
from samba.dcerpc import security
from samba.common import get_string
+from samba.dcerpc import smb3posix
+from sam
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f83d6c53cce clang-format: sort alphabetically via 071b1024960 clang-format: tweak config to bring us closer to README.Coding. from 6830b796ac8 s3:/winbindd: remove parse_domain_user_fstr https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f83d6c53cce2805f47ead0f2944fce294481e0d6 Author: Ralph Boehme Date: Fri Jun 30 17:05:46 2023 +0200 clang-format: sort alphabetically Signed-off-by: Ralph Boehme Reviewed-by: Andreas Schneider Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Tue Oct 24 14:47:57 UTC 2023 on atb-devel-224 commit 071b102496078d64d6c31fa3da37edc722ef7407 Author: Ralph Boehme Date: Fri Jun 30 13:00:23 2023 +0200 clang-format: tweak config to bring us closer to README.Coding. I'm enabling "AllowAllArgumentsOnNextLine" because that's longstanding practice with many many function calls like tevent_req_callback_data() and tevent_req_data() and imho results in the most readable code at the place where this is often seen (variable declartions with tevent_req_* stuff). Signed-off-by: Ralph Boehme Reviewed-by: Andreas Schneider --- Summary of changes: .clang-format | 33 - 1 file changed, 20 insertions(+), 13 deletions(-) Changeset truncated at 500 lines: diff --git a/.clang-format b/.clang-format index 5385807bc1c..c4c12b9955b 100644 --- a/.clang-format +++ b/.clang-format @@ -1,9 +1,14 @@ # https://clang.llvm.org/docs/ClangFormatStyleOptions.html +AlignAfterOpenBracket: Align +AlignEscapedNewlines: Left +AllowAllArgumentsOnNextLine: true +AllowAllParametersOfDeclarationOnNextLine: false +AllowShortFunctionsOnASingleLine: Empty +AllowShortIfStatementsOnASingleLine: false +AlwaysBreakAfterReturnType: None BasedOnStyle: LLVM -IndentWidth: 8 -ContinuationIndentWidth: 8 -UseTab: true -BreakBeforeBraces: Custom +BinPackArguments: false +BinPackParameters: false BraceWrapping: AfterEnum: false AfterFunction: true @@ -12,15 +17,17 @@ BraceWrapping: AfterExternBlock: true BeforeElse: false BeforeWhile: false -AllowShortIfStatementsOnASingleLine: false +AfterControlStatement: MultiLine +BreakBeforeBinaryOperators: None +BreakBeforeBraces: Custom ColumnLimit: 80 +ContinuationIndentWidth: 8 IndentCaseLabels: false -AlignAfterOpenBracket: Align -BinPackParameters: false -BinPackArguments: false -AllowAllParametersOfDeclarationOnNextLine: false -AllowAllArgumentsOnNextLine: false -AllowShortFunctionsOnASingleLine: Empty -AlwaysBreakAfterReturnType: None -AlignEscapedNewlines: Left +IndentGotoLabels: false +IndentWidth: 8 +PenaltyBreakAssignment: 200 +PenaltyBreakBeforeFirstCallParameter: 100 +PenaltyReturnTypeOnItsOwnLine: 1000 SortIncludes: false +UseTab: true +WhitespaceSensitiveMacros: ['DEBUG'] -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 3f4f80edba2 smb2_server: monitor connections with TEVENT_FD_ERROR
via c5201cd0b59 s3:rpc_server: make use of
tstream_bsd_fail_readv_first_error(true)
via 7e6f830d9d3 s4:rpc_server: make use of
tstream_bsd_fail_readv_first_error(true)
via 27b2ca7d8d7 s4:service_named_pipe: make use of
tstream_bsd_fail_readv_first_error(true)
via 8e8f2fa9c7f libcli/named_pipe_auth: let tstream_npa_existing_socket
use tstream_bsd_fail_readv_first_error(true)
via 82b2a379e8f s4:wrepl_server: make use of
tstream_bsd_fail_readv_first_error(true)
via 0e83b564039 s4:libcli/wrepl: make use of
tstream_bsd_fail_readv_first_error(false)
via 391ef8ae7b2 s4:ntp_signd: make use of
tstream_bsd_fail_readv_first_error(true)
via d9c416baa99 s3:libsmb: the unexpected handler use
tstream_bsd_fail_readv_first_error(true)
via 341e800dfe8 s4:dns_server: make use of
tstream_bsd_fail_readv_first_error(true)
via e897ccd9c8a s4:ldap_server: make use of
tstream_bsd_fail_readv_first_error(true)
via 3a47a276fde s4:kdc: make use of
tstream_bsd_fail_readv_first_error(true)
via 71e8727bdc0 lib/tsocket: add tstream_bsd_fail_readv_first_error()
via 5bedf1675e7 lib/tsocket: make use of TEVENT_FD_ERROR in
tstream_bsd_fde_handler()
via 22e3a542f39 lib/tsocket: let tstream_bsd_connect_send() use
TEVENT_FD_ERROR instead of TEVENT_FD_READ
via 82aafa4ac8b lib/async_req: let writev_send/recv use TEVENT_FD_ERROR
via 21a18a5b52a lib/async_req: let async_connect_send use
TEVENT_FD_ERROR instead of TEVENT_FD_READ
via 66b25637220 lib/tsocket: make use of samba_socket_sock_error()
via cd964e521ba lib/tsocket: make use of
samba_socket_poll_or_sock_error()
via f8213ec8710 lib/util: add
samba_socket_{poll,sock,poll_or_sock}_error()
from 63aeb64504c s4:kdc: Add device to Authenticated Users for
authentication policy evaluation
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 3f4f80edba2156492645900527d628b1fab5ca4a
Author: Stefan Metzmacher
Date: Thu Jan 12 11:35:30 2023 +0100
smb2_server: monitor connections with TEVENT_FD_ERROR
By asking for TEVENT_FD_ERROR we're able to fail early
when a connection to a client is broken.
In that case it does not make any sense to process
pending requests in the recv queue as it's not
possible to deliver the response to the client anyway.
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Tue Oct 24 10:32:56 UTC 2023 on atb-devel-224
commit c5201cd0b59647c41ac46ed1f4efb1a72bc37bf9
Author: Stefan Metzmacher
Date: Thu Jan 12 10:49:13 2023 +0100
s3:rpc_server: make use of tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
Reviewed-by: Andrew Bartlett
commit 7e6f830d9d3aac14336a886c1c5d9ff623218085
Author: Stefan Metzmacher
Date: Thu Jan 12 10:48:22 2023 +0100
s4:rpc_server: make use of tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
Reviewed-by: Andrew Bartlett
commit 27b2ca7d8d725b374aef97c11e0650686cfadbd3
Author: Stefan Metzmacher
Date: Thu Jan 12 10:46:56 2023 +0100
s4:service_named_pipe: make use of tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
Reviewed-by: Andrew Bartlett
commit 8e8f2fa9c7f1e2cb8a296755a8c0aba6a2d22b54
Author: Stefan Metzmacher
Date: Thu Jan 12 10:44:25 2023 +0100
libcli/named_pipe_auth: let tstream_npa_existing_socket use
tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
Reviewed-by: Andrew Bartlett
commit 82b2a379e8fac89d94a1321f4df7d732f4fbfc5d
Author: Stefan Metzmacher
Date: Thu Jan 12 10:46:20 2023 +0100
s4:wrepl_server: make use of tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
Reviewed-by: Andrew Bartlett
commit 0e83b5640398a92fb0bf063f902c53801eaec92f
Author: Stefan Metzmacher
Date: Thu Jan 12 10:43:21 2023 +0100
s4:libcli/wrepl: make use of tstream_bsd_fail_readv_first_error
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via acd9248b13c tevent: version 0.16.0 via 407cda2f3b7 tevent: add support for TEVENT_FD_ERROR via 55f25eb34bb tevent: add test_event_fd3 via a76056fafb4 tevent: add test_fd_speed3 via 28bf51fc657 tevent: let tevent_epoll.c use new generic mpx infrastructure via b328e990651 tevent: add tevent_common_fd_mpx infrastructure via 95d6600a066 tevent: split out a tevent_common_fd_disarm() helper via 7672a29febe ldb: sync DLIST_DEMOTE_SHORT() changes to include/dlinklist.h via 4fe39d9e7c9 lib/util: sync DLIST_DEMOTE_SHORT() changes to dlinklist.h via 30d22631a6b tevent: introduce DLIST_DEMOTE_SHORT() from d895c98c507 wintest: Fix invalid escape sequences https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit acd9248b13cba06d5b748f17aa9bc5d62079d9cc Author: Stefan Metzmacher Date: Wed Jul 19 23:04:01 2023 +0200 tevent: version 0.16.0 - the epoll backend is no longer limited to 2 event handlers per low level fd. - finally add support for TEVENT_FD_ERROR Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Oct 13 10:45:51 UTC 2023 on atb-devel-224 commit 407cda2f3b7738d3690daeb8d679898f78ef3b74 Author: Stefan Metzmacher Date: Wed Jul 13 09:46:26 2011 +0200 tevent: add support for TEVENT_FD_ERROR After 12 years we finally got TEVENT_FD_ERROR support :-) TEVENT_FD_WRITE event handlers never get errors reported instead the event handler is silently disabled. There are likely callers relying on that behavior, so we are not able to chance it. Now TEVENT_FD_WRITE can be used together with TEVENT_FD_ERROR in order to get errors reported without waiting for TEVENT_FD_READ. TEVENT_FD_ERROR can also be used alone in order to detect errors on sockets in order to cleanup resources. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit 55f25eb34bb7994e4410899b86cd6df44b2d1fb7 Author: Stefan Metzmacher Date: Wed Dec 28 16:54:24 2022 +0100 tevent: add test_event_fd3 The tests the interaction of multiple event handlers on the same low level fd. It shows that poll and epoll backends behave in the same fair way. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit a76056fafb489624eb3bb451f373b256b8895ec5 Author: Stefan Metzmacher Date: Mon Apr 24 14:37:38 2023 + tevent: add test_fd_speed3 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit 28bf51fc657179de020716a486aa1651143529a8 Author: Stefan Metzmacher Date: Fri Nov 11 22:30:35 2022 +0100 tevent: let tevent_epoll.c use new generic mpx infrastructure This allows any number of event handlers per low level fd. It means the epoll backend behaves like the poll backend now. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit b328e990651a3182bba3e4e8d8b91eed457bd8a1 Author: Stefan Metzmacher Date: Wed Nov 9 22:48:10 2022 +0100 tevent: add tevent_common_fd_mpx infrastructure Backends may require to map individual tevent_fd instances to a single low level kernel state (e.g. for epoll). This generic infrastructure adds helper functions using a generic (sub)part of struct tevent_fd. The new code will allow us to support more than 2 tevent_fd instances per fd, which makes sure all backends can provide a similar behavior. This will be important when we add TEVENT_FD_ERROR as a 3rd kind of fd event. The aim is to use this in order to replace the limited implementation we already have in tevent_epoll.c. As these helpers are typically called from within 'void tevent_fd_set_flags(struct tevent_fd *fde, uint16_t flags)' there's no way to report errors. So in order avoid additional error handling complexity the helpers try to avoid any allocations which may fail. It also means the logic in tevent_epoll.c doesn't have to change much. These are implemented as static line functions in order to avoid the function call overhead, which showed up in profiles of the early implementation. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit 95d6600a0668b8abac53cbe2085236b31d652b66 Author: Stefan Metzmacher Date: Thu Aug 31 18:09:28 2023 +0200 tevent: split out a tevent_common_fd_disarm() helper It means tevent_trace_fd_callback(TEVENT_EVENT_TRACE_DETACH) is always called and similar future changes are only needed in one place. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit 7672a29febe9151b4435fae9d6b21a82205d911f Author: Stefan
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d1846452e96 vfs: Add VFS_OPEN_HOW_WITH_BACKUP_INTENT via f701faf6677 smbd: Remove "flags2" from open_file_ntcreate() via 02d9321ce0c smbd: Pass struct vfs_open_how to open_file() via 7c356769870 smbd: Remove "local_flags" from open_file() via 6ec031b2d14 smbd: Make open_file() a bit safer via 884b9926b9c smbd: Simplify open_file() via 814b37bdcf7 smbd: Simplify open_file() via f8645c7a101 smbd: Simplify open_file() via df78af98936 smbd: Simplify an if-condition in open_file() via 45005d4b71c smbd: Simplify open_file() via ad7b119b8be smbd: Don't change incoming flags in open_file() via 3f4c937dcf9 smbd: Remove variable "accmode" from open_file() via 236df26a1f4 smbd: Slightly simplify open_file() via 2a53fdeb449 smbd: Pass "struct vfs_open_how" to reopen_from_fsp() via 7996c07bd8e smbd: Pass "struct vfs_open_how" to fd_open_atomic() via 4b376fff032 smbd: Pass "struct vfs_open_how" to reopen_from_procfd() from cb89ea70b1f libsmb: Use pidl generated parsing for posix file info https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d1846452e96217695c8cb2537f071f287ab210d4 Author: Volker Lendecke Date: Fri Sep 1 14:51:47 2023 +0200 vfs: Add VFS_OPEN_HOW_WITH_BACKUP_INTENT Indicate BACKUP_INTENT to vfs_openat(). Why? I have a customer request who wants to add O_NOATIME in this case to avoid metadata updates when a backup or virus-checking application comes along. This does not fully handle BACKUP_INTENT correctly, this would require become_root() appropriately. We might want to do that later after a lot of careful security audit, but this patch independently might already provide some infrastructure for it. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Thu Oct 5 14:00:33 UTC 2023 on atb-devel-224 commit f701faf6677100bef6cbcf7f3d5c973f76a6bb49 Author: Volker Lendecke Date: Tue Sep 5 15:55:26 2023 +0200 smbd: Remove "flags2" from open_file_ntcreate() "flags" carried just the O_ACCMODE bits, "flags2" everything else. Unify them. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 02d9321ce0c9fd5b5968ca950cfa3b2eb2a768fc Author: Volker Lendecke Date: Tue Sep 5 15:36:01 2023 +0200 smbd: Pass struct vfs_open_how to open_file() We want to pass BACKUP_INTENT down into reopen_from_fsp, and the elegant way is to do this via vfs_open_how.resolve. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 7c35676987053fa4e51c1fc2ee2cfb1951aad708 Author: Volker Lendecke Date: Tue Sep 5 15:27:46 2023 +0200 smbd: Remove "local_flags" from open_file() This needs close review. I could not see where we were actually referencing the original flags in a way that would not be available in local_flags. The reason for this patch is that I want to pass in vfs_open_how into open_file(), and the distinction between flags and local_flags made this significantly harder to understand for me. The only place where we really used both versions is the DBG_NOTICE in the last hunk, and this will come back in the next patch. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 6ec031b2d146962a414da69694d298c00df0c517 Author: Volker Lendecke Date: Tue Sep 5 15:25:07 2023 +0200 smbd: Make open_file() a bit safer Move adding O_RDWR before the check for read only shares. I haven't been able to pass this condition through SMB, but in any case we should not accidentially open with O_RDWR in the !CAN_WRITE(conn) case. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 884b9926b9ce5176e861bffd3ab62dec642ee786 Author: Volker Lendecke Date: Tue Sep 5 14:59:29 2023 +0200 smbd: Simplify open_file() Simplify an if-condition: We have to return NT_STATUS_OBJECT_NAME_INVALID even if we're not creating. In fact, we probably should not end up in open_file() if we're open a Windows file with a wildcard. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 814b37bdcf7eec3c68f1574028dc9c417029e80f Author: Volker Lendecke Date: Fri Sep 1 16:33:04 2023 +0200 smbd: Simplify open_file() We have extracted FSP_POSIX_FLAGS_PATHNAMES above. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit f8645c7a1014a2d3f655c453ae833de3c83776b9 Author: Volker Lendecke Date: Tue Sep 5 14:53:18 2023 +0200 smbd: Simplify open_file() We handle O_TRUNC
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via ad76bb2e0c6 streams_depot: Goto done if FSETXATTR
SAMBA_XATTR_MARKER failed
from c8b90d8d200 librpc: Fix typos in error messages
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit ad76bb2e0c65c3f9c9f898b891872f33a3682f14
Author: MikeLiu
Date: Wed Sep 27 13:46:36 2023 +0800
streams_depot: Goto done if FSETXATTR SAMBA_XATTR_MARKER failed
Goto done if FSETXATTR SAMBA_XATTR_MARKER failed
Signed-off-by: MikeLiu
Reviewed-by: Volker Lendecke
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Wed Sep 27 08:42:25 UTC 2023 on atb-devel-224
---
Summary of changes:
source3/modules/vfs_streams_depot.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Changeset truncated at 500 lines:
diff --git a/source3/modules/vfs_streams_depot.c
b/source3/modules/vfs_streams_depot.c
index 38d8994bb94..2a46d5b12b2 100644
--- a/source3/modules/vfs_streams_depot.c
+++ b/source3/modules/vfs_streams_depot.c
@@ -725,7 +725,7 @@ static int streams_depot_openat(struct vfs_handle_struct
*handle,
if (ret == -1) {
DBG_DEBUG("FSETXATTR failed: %s\n",
strerror(errno));
- return -1;
+ goto done;
}
}
}
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 05291d2bd40 s3: smbd: Now we have proved hardlink_internals() doesn't use src_dirfsp and dst_dirfsp, remove the parameters. via 3fba7872b2b s3: smbd: hardlink_internals() never looks at src_dirfsp or dst_dirfsp. via e94796e7c49 s3: smbd: Now we have shown dst_dirfsp is always NULL, remove the parameter from rename_internals(). via c38815b4fce s3: smbd: As rename_internals() calls rename_internals_fsp(), show we can pass dst_dirfsp as NULL here too. via 33845e09b61 s3: smbd: Now we've proved dst_dirfsp parameter is always NULL, remove the parameter from rename_internals_fsp(). via e61a956b934 s3: smbd: rename_internals_fsp() has to reopen the parent directory of the target as a pathref to check permissions. from 5b7f9840f76 selftest: add some basic testing for the io_uring vfs module https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 05291d2bd40a50a026df2caf8bf9f4c762238362 Author: Jeremy Allison Date: Tue Sep 19 10:32:59 2023 -0700 s3: smbd: Now we have proved hardlink_internals() doesn't use src_dirfsp and dst_dirfsp, remove the parameters. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Tue Sep 19 19:51:47 UTC 2023 on atb-devel-224 commit 3fba7872b2bc04b9c5b284bef0f44ec286925730 Author: Jeremy Allison Date: Tue Sep 19 10:30:01 2023 -0700 s3: smbd: hardlink_internals() never looks at src_dirfsp or dst_dirfsp. Show this by sending NULL in all cases. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit e94796e7c49b5396a42ceca9c76eb3453975ade6 Author: Jeremy Allison Date: Tue Sep 19 10:03:05 2023 -0700 s3: smbd: Now we have shown dst_dirfsp is always NULL, remove the parameter from rename_internals(). Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit c38815b4fcebc14bd7211f89323407e15a489fb1 Author: Jeremy Allison Date: Tue Sep 19 09:55:12 2023 -0700 s3: smbd: As rename_internals() calls rename_internals_fsp(), show we can pass dst_dirfsp as NULL here too. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit 33845e09b618e2064e89d5a956fc1266d82631f7 Author: Jeremy Allison Date: Tue Sep 19 09:52:16 2023 -0700 s3: smbd: Now we've proved dst_dirfsp parameter is always NULL, remove the parameter from rename_internals_fsp(). Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit e61a956b9346833e863d35d29e36a702ca1e92f2 Author: Jeremy Allison Date: Tue Sep 19 09:49:25 2023 -0700 s3: smbd: rename_internals_fsp() has to reopen the parent directory of the target as a pathref to check permissions. So it never looks at any passed in dst_dirfsp. Prove this by passing NULL. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme --- Summary of changes: source3/smbd/proto.h| 4 source3/smbd/smb1_nttrans.c | 3 --- source3/smbd/smb1_reply.c | 1 - source3/smbd/smb1_trans2.c | 2 -- source3/smbd/smb2_reply.c | 3 --- source3/smbd/smb2_trans2.c | 9 - 6 files changed, 22 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h index 78e1b48be09..04b1b053ae6 100644 --- a/source3/smbd/proto.h +++ b/source3/smbd/proto.h @@ -973,7 +973,6 @@ ssize_t sendfile_short_send(struct smbXsrv_connection *xconn, size_t smb_maxcnt); NTSTATUS rename_internals_fsp(connection_struct *conn, files_struct *fsp, - struct files_struct *dst_dirfsp, struct smb_filename *smb_fname_dst_in, const char *dst_original_lcomp, uint32_t attrs, @@ -983,7 +982,6 @@ NTSTATUS rename_internals(TALLOC_CTX *ctx, struct smb_request *req, struct files_struct *src_dirfsp, struct smb_filename *smb_fname_src, - struct files_struct *dst_dirfsp, struct smb_filename *smb_fname_dst, const char *dst_original_lcomp, uint32_t attrs, @@ -1127,9 +1125,7 @@ NTSTATUS hardlink_internals(TALLOC_CTX *ctx, connection_struct *conn, struct smb_request *req, bool overwrite_if_exists, - struct files_struct *old_dirfsp, const struct smb_filename *smb_fname_old, - struct files_struct *new_dirfsp, struct smb_filename *smb_fname_new); NTSTATUS smb_set_file_time(connection_struct *conn, files_struct *fsp, diff --git a/source3/smbd
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 3afa27a01ca mdssvc: better support for search with mdfind from Macs
from 70dea37d063 wscript: Refer to correct ConfigSet variable
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 3afa27a01ca0b81b0044d5d543a36582e67a
Author: Ralph Boehme
Date: Tue Aug 29 16:14:38 2023 +0200
mdssvc: better support for search with mdfind from Macs
When searching Samba via Spotlight from a Mac with mdfind, only 50 results
are
returned.
It seems the changes for bug #15342 where one step in the right
direction. There, a status indicator meaning "search is still being
processed"
was implemented, returning a special status indicator (0x23) in a response,
when
the query was still running in the backend, eg Elasticsearch, and we
haven't got
any result when when the Mac already comes along asking for results of a
query.
Turns out, we should also return 0x23, ie "search is still being processed"
when
we have some initial search results from the backend. Otherwise mdfind will
stop
querying for more results. It works in Finder, as the Finder by default
employs
a "live" search where it just keeps polling for more results even after the
server returned an empty result set. The Finder just keeps on querying in
some
interval, typically 4 seconds, and a Mac server Spotlight server might
return
new results if new files where created that match the query, hence "live"
search.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15463
Signed-off-by: Ralph Boehme
Reviewed-by: Noel Power
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Wed Aug 30 10:51:40 UTC 2023 on atb-devel-224
---
Summary of changes:
source3/rpc_server/mdssvc/mdssvc.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/mdssvc/mdssvc.c
b/source3/rpc_server/mdssvc/mdssvc.c
index e79be666dbe..23a30884b69 100644
--- a/source3/rpc_server/mdssvc/mdssvc.c
+++ b/source3/rpc_server/mdssvc/mdssvc.c
@@ -313,11 +313,11 @@ static bool add_results(sl_array_t *array, struct
sl_query *slq)
bool ok;
/*
-* Taken from a network trace against a macOS SMB Spotlight server. If
-* the first fetch-query-results has no results yet because the search
-* is still running, macOS returns 0x23, otherwise 0x0.
+* Taken from network traces against a macOS SMB Spotlight server: if
+* the search is not finished yet in the backend macOS returns 0x23,
+* otherwise 0x0.
*/
- if (slq->state >= SLQ_STATE_RESULTS ) {
+ if (slq->state >= SLQ_STATE_DONE) {
status = 0;
} else {
status = 0x23;
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 20df26b9081 s3: smbd: Sanitize any "server" and "share" components
of SMB1 DFS paths to remove UNIX separators.
via 2aa9ffa2f0f s3: torture: Add test to show an SMB1 DFS path of
"\x//\/" crashes smbd.
from c2e83ebe726 mdssvc: fix returning file modification date for older
Mac releases
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 20df26b908182f0455f301a51aeb54b6044af580
Author: Jeremy Allison
Date: Wed Jul 26 16:39:51 2023 -0700
s3: smbd: Sanitize any "server" and "share" components of SMB1 DFS paths to
remove UNIX separators.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15419
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Thu Jul 27 10:52:50 UTC 2023 on atb-devel-224
commit 2aa9ffa2f0fc79599efbfe0c37aac4ef5160f712
Author: Jeremy Allison
Date: Wed Jul 26 16:37:11 2023 -0700
s3: torture: Add test to show an SMB1 DFS path of "\\x//\\/" crashes smbd.
Adds knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15419
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
---
Summary of changes:
source3/selftest/tests.py | 14 +++
source3/smbd/smb2_reply.c | 31 +++
source3/torture/proto.h | 1 +
source3/torture/test_smb1_dfs.c | 56 +
source3/torture/torture.c | 4 +++
5 files changed, 106 insertions(+)
Changeset truncated at 500 lines:
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index d2b5409d0a9..a10969adbb4 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -357,6 +357,20 @@
plantestsuite("samba3.smbtorture_s3.smb1.SMB1-DFS-OPERATIONS",
'$PASSWORD',
smbtorture3,
"-mNT1"])
+#
+# SMB1-DFS-BADPATH needs to run against a special share msdfs-pathname-share
+# BUG: https://bugzilla.samba.org/show_bug.cgi?id=15419
+#
+plantestsuite("samba3.smbtorture_s3.smb1.SMB1-DFS-BADPATH",
+"fileserver_smb1",
+[os.path.join(samba3srcdir,
+ "script/tests/test_smbtorture_s3.sh"),
+'SMB1-DFS-BADPATH',
+'//$SERVER_IP/msdfs-pathname-share',
+'$USERNAME',
+'$PASSWORD',
+smbtorture3,
+"-mNT1"])
#
# SMB2-STREAM-ACL needs to run against a special share - vfs_wo_fruit
diff --git a/source3/smbd/smb2_reply.c b/source3/smbd/smb2_reply.c
index 9113878fa8c..66b735e0b75 100644
--- a/source3/smbd/smb2_reply.c
+++ b/source3/smbd/smb2_reply.c
@@ -324,6 +324,7 @@ static size_t srvstr_get_path_internal(TALLOC_CTX *ctx,
char *share = NULL;
char *remaining_path = NULL;
char path_sep = 0;
+ char *p = NULL;
if (posix_pathnames && (dst[0] == '/')) {
path_sep = dst[0];
@@ -374,6 +375,16 @@ static size_t srvstr_get_path_internal(TALLOC_CTX *ctx,
if (share == NULL) {
goto local_path;
}
+ /*
+* Ensure the server name does not contain
+* any possible path components by converting
+* them to _'s.
+*/
+ for (p = server + 1; p < share; p++) {
+ if (*p == '/' || *p == '\\') {
+ *p = '_';
+ }
+ }
/*
* It's a well formed DFS path with
* at least server and share components.
@@ -388,6 +399,16 @@ static size_t srvstr_get_path_internal(TALLOC_CTX *ctx,
*/
remaining_path = strchr(share+1, path_sep);
if (remaining_path == NULL) {
+ /*
+* Ensure the share name does not contain
+* any possible path components by converting
+* them to _'s.
+*/
+ for (p = share + 1; *p; p++) {
+ if (*p == '/' || *p == '\\') {
+ *p = '_';
+ }
+ }
/*
* If no remaining path this was
* a bare /server/share path. Just return.
@@ -395,6 +416,16 @@ static size_t srvstr_get_path_internal(TALLOC_CTX *ctx,
*err = N
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 61c951e063e mdscli: correct handling of in-progress searches via 424af98c894 mdscli: increase MAX_SLQ_COUNT via b8e0f02f081 mdscli: increase MAX_SLQ_TOCIDX via 1149d497b35 mdssvc: increase MAX_SLQ_TOC via 68bb582bc51 mdssvc: introduce MAX_MDSCMD_SIZE via c2b4fe3fb7c mdscli: add fragmentation support via 27980c87c9b mdssvc: remove duplicate define of MAX_SL_FRAGMENT_SIZE via 566427c4f0e librpc/idl: mdssvc: unkn4 field is a fragment indicator from 5442c47dad2 libsmb: increase a debug level when site-aware DC lookup failed https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 61c951e063ecf98c6b61e03885eaa6d4a48f763b Author: Ralph Boehme Date: Thu Apr 20 15:12:49 2023 +0200 mdscli: correct handling of in-progress searches If a query is still being processed on the server and there no results yet, macOS returns 0x23. For now just implements this as dumb polling once a second in mdsearch and the Python bindings. Signed-off-by: Ralph Boehme Reviewed-by: Noel Power Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Mon Jul 24 16:15:16 UTC 2023 on atb-devel-224 commit 424af98c894b20b36fb7f7081caab1b8634c7633 Author: Ralph Boehme Date: Thu Apr 20 16:54:13 2023 +0200 mdscli: increase MAX_SLQ_COUNT Now that the client supports fragementation, when procesing reassambled large result sets from macOS Spotlight server, it's possible to hit this limit in the client. Let's just increase it to some larger value. Signed-off-by: Ralph Boehme Reviewed-by: Noel Power commit b8e0f02f081a3d17f2147b6db7b722a7704b Author: Ralph Boehme Date: Thu Apr 20 16:52:19 2023 +0200 mdscli: increase MAX_SLQ_TOCIDX Now that the client supports fragementation, when procesing reassambled large result sets from macOS Spotlight server, it's possible to hit this limit in the client. Let's just increase it to some larger value. Signed-off-by: Ralph Boehme Reviewed-by: Noel Power commit 1149d497b35faf375b9011241af821d73b90a337 Author: Ralph Boehme Date: Thu Apr 20 16:50:58 2023 +0200 mdssvc: increase MAX_SLQ_TOC Now that the client supports fragementation, when procesing reassambled large result sets from macOS Spotlight server, it's possible to hit this limit in the client. Let's just increase it to some larger value. Signed-off-by: Ralph Boehme Reviewed-by: Noel Power commit 68bb582bc513448a9b16705ca566539cfaf45882 Author: Ralph Boehme Date: Mon Jul 17 14:51:54 2023 +0200 mdssvc: introduce MAX_MDSCMD_SIZE Allow larger value for the reassembled mdscmd's. Now that the client supports fragementation, when processing reassambled large result sets from macOS Spotlight server, it's possible to hit this limit in the unmarshalling code. Let's just increase it to some larger value. Signed-off-by: Ralph Boehme Reviewed-by: Noel Power commit c2b4fe3fb7c71579541829aca7c112bc2c0eebeb Author: Ralph Boehme Date: Thu Apr 20 10:45:52 2023 +0200 mdscli: add fragmentation support Signed-off-by: Ralph Boehme Reviewed-by: Noel Power commit 27980c87c9b77d6d8a4de6210e13fa20ff870ba9 Author: Ralph Boehme Date: Thu Apr 20 14:59:12 2023 +0200 mdssvc: remove duplicate define of MAX_SL_FRAGMENT_SIZE Signed-off-by: Ralph Boehme Reviewed-by: Noel Power commit 566427c4f0e8c0d9a6ceae4807f6fe6c2fceea1c Author: Ralph Boehme Date: Thu Apr 20 10:44:58 2023 +0200 librpc/idl: mdssvc: unkn4 field is a fragment indicator Signed-off-by: Ralph Boehme Reviewed-by: Noel Power --- Summary of changes: librpc/idl/mdssvc.idl | 2 +- source3/rpc_client/cli_mdssvc.c | 76 + source3/rpc_client/py_mdscli.c | 7 ++- source3/rpc_server/mdssvc/marshalling.c | 14 +++--- source3/rpc_server/mdssvc/marshalling.h | 1 + source3/rpc_server/mdssvc/mdssvc.h | 1 - source3/utils/mdsearch.c| 10 - 7 files changed, 91 insertions(+), 20 deletions(-) Changeset truncated at 500 lines: diff --git a/librpc/idl/mdssvc.idl b/librpc/idl/mdssvc.idl index e7004f07419..b77474713c9 100644 --- a/librpc/idl/mdssvc.idl +++ b/librpc/idl/mdssvc.idl @@ -41,7 +41,7 @@ interface mdssvc [in]uint32 unkn1, /* always 0, status ? */ [in]uint32 device_id, [in]uint32 unkn3, /* = mdssvc_open.unkn2 ? */ - [in]uint32 unkn4, /* always 0 ? */ + [in]uint32 next_fragment, /* Set to 1 to request next fragment
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 5442c47dad2 libsmb: increase a debug level when site-aware DC
lookup failed
from 9bab902fc50 CVE-2023-3347: smbd: fix "server signing = mandatory"
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 5442c47dad2d1c018b60a3a1e19c400bd0f4b4ac
Author: Ralph Boehme
Date: Thu Jul 20 17:08:19 2023 +0200
libsmb: increase a debug level when site-aware DC lookup failed
Signed-off-by: Ralph Boehme
Reviewed-by: Noel Power
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Fri Jul 21 16:19:35 UTC 2023 on atb-devel-224
---
Summary of changes:
source3/libsmb/namequery.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c
index 4733aaed693..e6c0c7d2a09 100644
--- a/source3/libsmb/namequery.c
+++ b/source3/libsmb/namequery.c
@@ -3472,10 +3472,10 @@ NTSTATUS get_sorted_dc_list(TALLOC_CTX *ctx,
);
if (NT_STATUS_EQUAL(status, NT_STATUS_NO_LOGON_SERVERS)
&& sitename) {
- DBG_NOTICE("no server for name %s available"
- " in site %s, fallback to all servers\n",
- domain,
- sitename);
+ DBG_WARNING("No server for domain '%s' available"
+ " in site '%s', fallback to all servers\n",
+ domain,
+ sitename);
status = get_dc_list(ctx,
domain,
NULL,
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via c66f6c58c7b torture/smb2: do not use client time in delayed
timestamp updates test
via bea154c9c13 lib: Fix tdb_validate() for incorrect tdb entries
via 12c8b67ef63 torture3: Add tdb-validate test
from 47f401095ea smbd: squash check_path_syntax() variants
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit c66f6c58c7b5ceb9185cb5dd70b7c261c817a021
Author: Amir Goldstein
Date: Tue Mar 14 19:57:08 2023 +0200
torture/smb2: do not use client time in delayed timestamp updates test
Client time cannot be compared to server timestamp, because the clocks
on client and server may not be in sync.
Compare server timestamps, only to previous timestamps read from server.
Signed-off-by: Amir Goldstein
Reviewed-by: Ralph Boehme
Reviewed-by: Jeremy Allison
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Sat Apr 1 06:23:36 UTC 2023 on atb-devel-224
commit bea154c9c13e2849eadcaccc1d5acccf9a3b8931
Author: Volker Lendecke
Date: Wed Mar 29 06:20:01 2023 -0400
lib: Fix tdb_validate() for incorrect tdb entries
We should not overwrite the "rc=1" initialization with the tdb_check
retval. This will lead to tdb_validate_child() returning 0 even when
validate_fn() found invalid entries.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14789
Signed-off-by: Volker Lendecke
Reviewed-by: Andreas Schneider
Reviewed-by: Jeremy Allison
commit 12c8b67ef6355f9527b53f274cc7a1acc1648dcb
Author: Volker Lendecke
Date: Wed Mar 29 09:07:19 2023 -0400
torture3: Add tdb-validate test
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14789
Signed-off-by: Volker Lendecke
Reviewed-by: Andreas Schneider
Reviewed-by: Jeremy Allison
---
Summary of changes:
source3/lib/tdb_validate.c | 5 +--
source3/selftest/tests.py | 1 +
source3/torture/proto.h | 1 +
source3/torture/test_tdb_validate.c | 68 +
source3/torture/torture.c | 4 +++
source3/torture/wscript_build | 2 ++
source4/torture/smb2/timestamps.c | 7 ++--
7 files changed, 81 insertions(+), 7 deletions(-)
create mode 100644 source3/torture/test_tdb_validate.c
Changeset truncated at 500 lines:
diff --git a/source3/lib/tdb_validate.c b/source3/lib/tdb_validate.c
index 9db182fb0b3..78bd824c09d 100644
--- a/source3/lib/tdb_validate.c
+++ b/source3/lib/tdb_validate.c
@@ -31,6 +31,7 @@ static int tdb_validate_child(struct tdb_context *tdb,
tdb_validate_data_func validate_fn)
{
int ret = 1;
+ int check_rc;
int num_entries = 0;
struct tdb_validation_status v_status;
@@ -50,8 +51,8 @@ static int tdb_validate_child(struct tdb_context *tdb,
* we can simplify this by passing a check function,
* but I don't want to change all the callers...
*/
- ret = tdb_check(tdb, NULL, NULL);
- if (ret != 0) {
+ check_rc = tdb_check(tdb, NULL, NULL);
+ if (check_rc != 0) {
v_status.tdb_error = True;
v_status.success = False;
goto out;
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 31112d4be9f..47234896ed6 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -503,6 +503,7 @@ local_tests = [
"LOCAL-G-LOCK8",
"LOCAL-NAMEMAP-CACHE1",
"LOCAL-IDMAP-CACHE1",
+"LOCAL-TDB-VALIDATE",
"LOCAL-hex_encode_buf",
"LOCAL-remove_duplicate_addrs2"]
diff --git a/source3/torture/proto.h b/source3/torture/proto.h
index 5e6d914c3da..a67a771ef45 100644
--- a/source3/torture/proto.h
+++ b/source3/torture/proto.h
@@ -176,5 +176,6 @@ bool run_hidenewfiles_showdirs(int dummy);
bool run_readdir_timestamp(int dummy);
bool run_ctdbd_conn1(int dummy);
bool run_rpc_scale(int dummy);
+bool run_tdb_validate(int dummy);
#endif /* __TORTURE_H__ */
diff --git a/source3/torture/test_tdb_validate.c
b/source3/torture/test_tdb_validate.c
new file mode 100644
index 000..4768512e159
--- /dev/null
+++ b/source3/torture/test_tdb_validate.c
@@ -0,0 +1,68 @@
+/*
+ * Unix SMB/CIFS implementation.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public Licens
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 47f401095ea smbd: squash check_path_syntax() variants via 1d220e3170b s3: smbd: Correctly process SMB3 POSIX paths in create. via 09221cea5a1 s3: smbd: Correctly set smb2req->smb1req->posix_pathnames from the calling fsp on SMB2 calls. via 3f33ea95eb6 smbd: Ensure share root POSIX attrs are cleared after mode_fn via adfa3a428bd s3: smbd: Add check_path_syntax_smb2_posix(). via a8329d2536a s3: smbd: Flatten the check_path_syntax_smb2() wrapper. from 874e10ef79a s4:kdc: Add support for AD device claims https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 47f401095ea723cbca6a8fc1a841465a32852cdc Author: Ralph Boehme Date: Fri Mar 31 11:44:00 2023 +0200 smbd: squash check_path_syntax() variants Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Mar 31 21:21:57 UTC 2023 on atb-devel-224 commit 1d220e3170b1eb2afbff48d0148e30f8cec9fba0 Author: Jeremy Allison Date: Tue Mar 28 13:55:49 2023 -0700 s3: smbd: Correctly process SMB3 POSIX paths in create. Remove knownfail for posix path handling of case/reserved char Signed-off-by: David Mulder Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit 09221cea5a19034fd19394134cd2d9c3181966ca Author: Jeremy Allison Date: Tue Mar 28 13:53:20 2023 -0700 s3: smbd: Correctly set smb2req->smb1req->posix_pathnames from the calling fsp on SMB2 calls. We must always do SMB3+POSIX operations on fsp's opened with a posix create context. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit 3f33ea95eb654ab41636f2216002d7916fc56521 Author: David Mulder Date: Thu Dec 1 10:53:44 2022 -0700 smbd: Ensure share root POSIX attrs are cleared after mode_fn The call to mode_fn (smbd_dirptr_lanman2_mode_fn) was filling the cleared attributes back in to the stat. Ensure the clear happens after this call. Signed-off-by: David Mulder Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit adfa3a428bda14a19ef506203d82d055ee98f1be Author: Jeremy Allison Date: Tue Mar 28 11:06:36 2023 -0700 s3: smbd: Add check_path_syntax_smb2_posix(). Not yet used. Simple wrapper, identical to check_path_syntax_posix(). I want to keep SMB1/SMB2 code as separate as possible so we can remove any SMB1 code path later. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit a8329d2536a9333d63a7b2fd5106377364fde42a Author: Jeremy Allison Date: Tue Mar 28 11:03:59 2023 -0700 s3: smbd: Flatten the check_path_syntax_smb2() wrapper. Keep it, rather and move all SMB2 code to check_path_syntax() as I want to keep SMB1/SMB2 code as separate as possible so we can remove any SMB1 code path later. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme --- Summary of changes: selftest/knownfail.d/smb3unix | 2 -- source3/smbd/dir.c | 21 --- source3/smbd/globals.h | 3 ++- source3/smbd/msdfs.c| 6 +++--- source3/smbd/proto.h| 4 +--- source3/smbd/smb1_reply.c | 2 +- source3/smbd/smb2_break.c | 2 +- source3/smbd/smb2_close.c | 2 +- source3/smbd/smb2_create.c | 40 ++- source3/smbd/smb2_flush.c | 2 +- source3/smbd/smb2_getinfo.c | 2 +- source3/smbd/smb2_glue.c| 7 ++- source3/smbd/smb2_ioctl.c | 2 +- source3/smbd/smb2_lock.c| 2 +- source3/smbd/smb2_notify.c | 2 +- source3/smbd/smb2_query_directory.c | 2 +- source3/smbd/smb2_read.c| 2 +- source3/smbd/smb2_reply.c | 42 +++-- source3/smbd/smb2_setinfo.c | 2 +- source3/smbd/smb2_trans2.c | 6 -- source3/smbd/smb2_write.c | 2 +- 21 files changed, 71 insertions(+), 84 deletions(-) delete mode 100644 selftest/knownfail.d/smb3unix Changeset truncated at 500 lines: diff --git a/selftest/knownfail.d/smb3unix b/selftest/knownfail.d/smb3unix deleted file mode 100644 index 2ab886ae75e..000 --- a/selftest/knownfail.d/smb3unix +++ /dev/null @@ -1,2 +0,0 @@ -^samba.tests.smb3unix.samba.tests.smb3unix.Smb3UnixTests.test_posix_reserved_char\(fileserver\) -^samba.tests.smb3unix.samba.tests.smb3unix.Smb3UnixTests.test_posix_case_sensitive\(fileserver\) diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c index 859c8f0dc83..09029ee0c23 100644 --- a/source3/smbd/dir.c +++ b/source3/smbd/dir.c @@ -979,13 +979,6 @@ bool smbd_dirptr_get_entry(TAL
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 360b7394644 s3: smbd: Fix dumb typos that meant smb1.SMB1-DFS-* tests were running against an SMB2-only fileserver. via c3f48b0581e s3: smbd: Remove now unused dfs_filename_convert(). via e0ac0a2562c smbd: RIP DFS pathname processing in filename_convert_dirfsp_nosymlink() via 777e324efbb s3: smbd: In smb_file_link_information() and smb_file_rename_information() the target path is never DFS. via f32215dbac2 smbd: use smb1_strip_dfs_path() in call_trans2findfirst() via f539e632bb6 smbd: use smb1_strip_dfs_path() in reply_search() via fc3df8f5968 smbd: use smb1_strip_dfs_path() in call_trans2mkdir() via 6187381 smbd: use smb1_strip_dfs_path() in call_trans2setpathinfo() via 32a1f381137 smbd: use smb1_strip_dfs_path() in smb_set_file_unix_hlink() via adb34770fc2 smbd: use smb1_strip_dfs_path() in call_trans2qpathinfo() via 96765e535d7 smbd: use smb1_strip_dfs_path() in call_trans2open() via 2c4e4c22eac smbd: use smb1_strip_dfs_path() in reply_mv() via c3a87ffb632 smbd: use smb1_strip_dfs_path() in reply_mv() via c44491676ea smbd: use smb1_strip_dfs_path() in reply_rmdir() via 9c151af3135 smbd: use smb1_strip_dfs_path() in reply_mkdir() via 7ff2473bedc smbd: use smb1_strip_dfs_path() in reply_unlink() via 0d298ff757e smbd: use smb1_strip_dfs_path() in reply_ctemp() via 574b1369b7a smbd: use smb1_strip_dfs_path() in reply_mknew() via e4fbaae22bf smbd: use smb1_strip_dfs_path() in reply_open_and_X() via ba325ca2d26 smbd: use smb1_strip_dfs_path() in reply_open() via 0cb37f78c1c smbd: use smb1_strip_dfs_path() in reply_setatr() via 00c836436e0 smbd: use smb1_strip_dfs_path() in reply_getatr via 004d14a0244 smbd: use smb1_strip_dfs_path() in reply_checkpath() via d5b5589d012 smbd: use smb1_strip_dfs_path() in reply_ntrename() via 0089ea2a31e smbd: use smb1_strip_dfs_path() in reply_ntrename() via 666e42ef5b3 smbd: use smb1_strip_dfs_path() in call_nt_transact_create() via 8ad023c1990 smbd: use smb1_strip_dfs_path() in reply_ntcreate_and_X() via 66d7996dbcf s3: smbd: Add utility function smb1_strip_dfs_path(). via 06c738738ea s3: smbd: Remove unused and commented out check_path_syntax_smb2_msdfs(). via 34fabc26f1d s3: smbd: Remove 'is_dfs' parameter to check_path_syntax_smb2(). via 31f5c714c60 s3: smbd: Add assertion to filename_convert_dirfsp_nosymlink() that shows SMB2 is *never* dealing with a DFS path here. via 2c40e28908e s3: smbd: Remove all DFS path prefixes before passing to check_path_syntax_smb2(). via 39ad689eeac s3: smbd: Add utility function smb2_strip_dfs_path(). via 1b510ca2d98 s3: smbd: Change smb2_file_link_information() to use srvstr_pull_talloc()/check_path_syntax_smb2(). via b3fdc892b4f s3: smbd: In smb2_file_link_information(), don't ever expect @GMT tokens in the pathname. via 377c50abe91 s3: smbd: Duplicate smb_file_link_information() hardlink handling as smb2_file_link_information(). via 4c5a07ed4e0 s3: smbd: Cleanup. smb2_file_rename_information() can never have a @GMT path in the destination. via bb92df7c9e5 s3: smbd: Cleanup - don't set the FLAGS2_DFS_PATHNAMES in flags2 in the glue struct if it's not a DFS server or share. from ea4be00361e selftest: Add test parsing krb5 PAC claims via ndrdump https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 360b739464461acece91c04b8a29da30a022ac23 Author: Jeremy Allison Date: Thu Mar 30 13:19:22 2023 -0700 s3: smbd: Fix dumb typos that meant smb1.SMB1-DFS-* tests were running against an SMB2-only fileserver. Remove knownfail on SMB1-DFS-SEARCH-PATHS, as we now pass it with the new SMB1 remove DFS paths before pathname processing changes. Note, we still fail: smb1.SMB1-DFS-PATHS.smbtorture\(fileserver_smb1\) smb1.SMB1-DFS-OPERATIONS.smbtorture\(fileserver_smb1\) even with the new SMB1 remove DFS paths before pathname processing as those tests test *very* specific Windows behaviors. We now pass many more of the individual internal tests, but in order to pass them all completely I need to add specific --with-sambaserver checks to avoid some of the Windows DFS SMB1 insanity (error messages). Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Mar 31 06:07:01 UTC 2023 on atb-devel-224 commit c3f48b0581e5a948d1f31c8a65e8294aa6c92591 Author: Jeremy Allison Date: Thu Mar 30 13:01:08 2023 -0700 s3: smbd: Remove now unused dfs_filename_convert(). And all the static functions it called. Signed-off-by: Jeremy
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 76573d6d8f1 s3: libcli: Refuse to connect to any server with zero
values for max_trans_size, max_read_size, max_write_size.
via 006fe806782 tests: Add samba3.blackbox.zero_readsize test.
via b755b81d66a test: Add a test for "deny ous"
via f9849dbf4ff tests: Slightly simplify test_idmap_ad.sh
via 3fdf8d15c05 idmap_ad: Add "deny ous" and "allow ous" options
via c9c709e39dd idmap: Initialize struct idmap_ad_context
via 6499a2dcb3b winbind: Add idmap_config_string_list()
via 443572ce420 winbind: Factor out idmap_config_name()
from ffdfb78da7f buildtools: Remove compile_commands.json symlink
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 76573d6d8f168d6e6107af26a434b8c71aaf93af
Author: Jeremy Allison
Date: Tue Mar 21 10:34:46 2023 -0700
s3: libcli: Refuse to connect to any server with zero values for
max_trans_size, max_read_size, max_write_size.
There's nothing we can do to such a server (this
now matches the behavior for SMB1).
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15306
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Wed Mar 29 18:58:33 UTC 2023 on atb-devel-224
commit 006fe806782c42e860ed2cf2bc9f6b1b82c3a307
Author: Jeremy Allison
Date: Tue Mar 21 10:31:36 2023 -0700
tests: Add samba3.blackbox.zero_readsize test.
smbclient crashes when smbd has "smb2 max read = 0"
in the [global] section of smb.conf.
We should fail the protocol negotiation with
NT_STATUS_INVALID_NETWORK_RESPONSE in this case.
Adds knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15306
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
commit b755b81d66a2b63e2e0a1fe9406d8f24b91d983e
Author: Volker Lendecke
Date: Tue Mar 7 17:21:56 2023 +0100
test: Add a test for "deny ous"
Not a comprehensive test for all possible combinations, but it shows
the basic functionality, and it found a bug in the initial
implementation :-)
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Boehme
commit f9849dbf4ff87e848eb323ca6ca0f612c80c3f95
Author: Volker Lendecke
Date: Tue Mar 7 13:54:47 2023 +0100
tests: Slightly simplify test_idmap_ad.sh
ldbmodify can change multiple objects in one run
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Boehme
commit 3fdf8d15c05518aa08770583d4d0172b15a9b389
Author: Volker Lendecke
Date: Fri Nov 18 11:36:28 2022 +0100
idmap_ad: Add "deny ous" and "allow ous" options
With these options, certain OUs can be denied or a list of OUs can be
explicitly permitted for idmapping.
Use case: Administration of OUs in AD has been delegated to people not
100% trusted by the unix server team, this can prevent arbitrary unix
IDs to be assigned by these delegated admins.
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Boehme
commit c9c709e39dd13680490338fd37caf095f17b70c8
Author: Volker Lendecke
Date: Tue Mar 7 16:08:18 2023 +0100
idmap: Initialize struct idmap_ad_context
We'll add another pointer next that should be initialized to NULL
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Boehme
commit 6499a2dcb3bc4e6f22af5445517dd3e1ba9efff0
Author: Volker Lendecke
Date: Thu Nov 17 10:43:22 2022 +0100
winbind: Add idmap_config_string_list()
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Boehme
commit 443572ce4204c338a0e92417a9d0539a9ec2ddfa
Author: Volker Lendecke
Date: Thu Nov 17 10:40:36 2022 +0100
winbind: Factor out idmap_config_name()
3 times is enough, next patch will add a 4th one.
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Boehme
---
Summary of changes:
docs-xml/manpages/idmap_ad.8.xml | 31 +
libcli/smb/smbXcli_base.c | 11 ++
nsswitch/tests/test_idmap_ad.sh| 54 +
selftest/target/Samba3.pm | 1 +
source3/script/tests/test_zero_readsize.sh | 101
source3/selftest/tests.py | 12 ++
source3/winbindd/idmap.c | 60 +-
source3/winbindd/idmap_ad.c| 180 -
source3/winbindd/winbindd_proto.h | 3 +
9 files changed, 401 insertions(+), 52 deletions(-)
create mode 100755 source3/script/tests/test_zero_readsize.sh
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages/idmap_ad.8.xml b/docs-xml/manpages/idmap_ad.8.xml
index 12cdeb60393..b3
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 3f84a6df454 s3: smbd: Fix fsp/fd leak when looking up a
non-existent stream name on a file.
via c54bec26ad2 s3: tests: Add new test_stream_dir_rename.sh test.
via 5a3db5105bd s3: provision: Add new streams_xattr_nostrict share -
needs "strict rename = no".
from e3cfb99d286 net: add hint which options can be used with net ads
dns register command
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 3f84a6df4546e0f1e62dfbcd0b823ea29499a787
Author: Jeremy Allison
Date: Tue Feb 28 11:20:12 2023 -0800
s3: smbd: Fix fsp/fd leak when looking up a non-existent stream name on a
file.
When open_stream_pathref_fsp() returns
NT_STATUS_OBJECT_NAME_NOT_FOUND, smb_fname_rel->fsp
has been set to NULL, so we must free base_fsp separately
to prevent fd-leaks when opening a stream that doesn't
exist.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15314
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Fri Mar 3 16:37:27 UTC 2023 on atb-devel-224
commit c54bec26ad23b0121b2ddfbf04bc81050f27e6e1
Author: Jeremy Allison
Date: Tue Feb 28 11:18:10 2023 -0800
s3: tests: Add new test_stream_dir_rename.sh test.
Shows we are leaking an fsp/fd if we request a non-existent stream on a
file.
This then causes rename of a directory containing the file to be denied, as
it thinks we have an existing open file below it.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15314
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
commit 5a3db5105bd8360b245cd35810002740ccff605c
Author: Jeremy Allison
Date: Tue Feb 28 11:14:34 2023 -0800
s3: provision: Add new streams_xattr_nostrict share - needs "strict rename
= no".
The bug we're testing for needs "strict rename = no" (the default),
but the existing streams_xattr share uses "strict rename = yes" from
the [global] section.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15314
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
---
Summary of changes:
selftest/target/Samba3.pm | 5 ++
source3/script/tests/test_stream_dir_rename.sh | 72 ++
source3/selftest/tests.py | 4 ++
source3/smbd/filename.c| 21
4 files changed, 102 insertions(+)
create mode 100755 source3/script/tests/test_stream_dir_rename.sh
Changeset truncated at 500 lines:
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 476f59c8783..15b13f2920f 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -3461,6 +3461,11 @@ sub provision($$)
copy = tmp
vfs objects = streams_xattr xattr_tdb
+[streams_xattr_nostrict]
+ copy = tmp
+ strict rename = no
+ vfs objects = streams_xattr xattr_tdb
+
[acl_streams_xattr]
copy = tmp
vfs objects = acl_xattr streams_xattr fake_acls xattr_tdb
diff --git a/source3/script/tests/test_stream_dir_rename.sh
b/source3/script/tests/test_stream_dir_rename.sh
new file mode 100755
index 000..7ac3194f649
--- /dev/null
+++ b/source3/script/tests/test_stream_dir_rename.sh
@@ -0,0 +1,72 @@
+#!/bin/sh
+#
+# Test a stream can rename a directory once an invalid stream path below it
was requested.
+# BUG: https://bugzilla.samba.org/show_bug.cgi?id=15314
+
+if [ $# -lt 5 ]; then
+cat <$tmpfile <fsp
+* has been set to NULL, so we must free base_fsp separately
+* to prevent fd-leaks when opening a stream that doesn't
+* exist.
+*/
+ fd_close(base_fsp);
+ file_free(NULL, base_fsp);
+ base_fsp = NULL;
goto done;
}
@@ -1402,6 +1412,17 @@ done:
return NT_STATUS_OK;
fail:
+ /*
+* If open_stream_pathref_fsp() returns an error, smb_fname_rel->fsp
+* has been set to NULL, so we must free base_fsp separately
+* to prevent fd-leaks when opening a stream that doesn't
+* exist.
+*/
+ if (base_fsp != NULL) {
+ fd_close(base_fsp);
+ file_free(NULL, base_fsp);
+ base_fsp = NULL;
+ }
TALLOC_FREE(dirname);
TALLOC_FREE(smb_dirname);
TALLOC_FREE(smb_fname_rel);
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via e8abe52df2d s3: smbd: Fix log spam. Change a normal error message
from DBG_ERR (level 0) to DBG_INFO (level 5).
from 5b7fc5b696c gp: gp_sudoers_ext warn w/out visudo installed
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit e8abe52df2d3ae533b3f874a885856f26ba5ec7e
Author: Jeremy Allison
Date: Tue Feb 7 17:51:10 2023 -0800
s3: smbd: Fix log spam. Change a normal error message from DBG_ERR (level
0) to DBG_INFO (level 5).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15302
Signed-off-by: Jeremy Allison
Reviewed-by: Andreas Schneider
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Sat Feb 11 08:48:05 UTC 2023 on atb-devel-224
---
Summary of changes:
source3/smbd/open.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 3ad6b205116..da0498f9e7d 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -3550,7 +3550,7 @@ NTSTATUS smbd_calculate_access_mask_fsp(struct
files_struct *dirfsp,
rejected_share_access = access_mask & ~(fsp->conn->share_access);
if (rejected_share_access) {
- DBG_ERR("Access denied on file %s: "
+ DBG_INFO("Access denied on file %s: "
"rejected by share access mask[0x%08X] "
"orig[0x%08X] mapped[0x%08X] reject[0x%08X]\n",
fsp_str_dbg(fsp),
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 65e9b409a6c s3:utils: Fix UNUSED_VALUE
via 4d83e9fcbda s3:utils: Fix trailing whitespaces
from 0f2978bbc0e s4-drsuapi: Give an error that matches windows on
destination_dsa_guid lookup failure
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 65e9b409a6c27bbdf80307514523b3f37f20859d
Author: Pavel Filipenský
Date: Thu Feb 2 09:49:31 2023 +0100
s3:utils: Fix UNUSED_VALUE
Reported by RedHat internal Covscan
Since cb8a0d9 we no longer stop traversing the list if encryption_flag
or signing_flags are unknown.
Assignment "result = -1;" is always overwritten by
"result = traverse_connections_*()" and is a dead code.
Signed-off-by: Pavel Filipenský
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Thu Feb 2 15:46:52 UTC 2023 on atb-devel-224
commit 4d83e9fcbda34b45a55fdc25da4642e1d7839c7b
Author: Pavel Filipenský
Date: Thu Feb 2 09:48:37 2023 +0100
s3:utils: Fix trailing whitespaces
Signed-off-by: Pavel Filipenský
Reviewed-by: Ralph Boehme
---
Summary of changes:
source3/utils/status.c | 12 +---
1 file changed, 5 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/utils/status.c b/source3/utils/status.c
index cca8b7d6cb2..5359dda90cc 100644
--- a/source3/utils/status.c
+++ b/source3/utils/status.c
@@ -1,4 +1,4 @@
-/*
+/*
Unix SMB/CIFS implementation.
status reporting
Copyright (C) Andrew Tridgell 1994-1998
@@ -86,10 +86,10 @@ static void Ucrit_addUid(uid_t uid)
static unsigned int Ucrit_checkUid(uid_t uid)
{
- if ( !Ucrit_IsActive )
+ if ( !Ucrit_IsActive )
return 1;
- if ( uid == Ucrit_uid )
+ if ( uid == Ucrit_uid )
return 1;
return 0;
@@ -99,7 +99,7 @@ static unsigned int Ucrit_checkPid(struct server_id pid)
{
int i;
- if ( !Ucrit_IsActive )
+ if ( !Ucrit_IsActive )
return 1;
for (i=0;i
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 425aaf6f7eb lib: Fix a use-after-free in "net vfs getntacl"
via d278fe4a847 lib: Fix out-of-bounds access in print_ace_flags()
via 3a458a8198e lib: Use talloc_asprintf_addbuf() in print_ace_flags()
via 6dcbea9e0fb build: Don't compile source3/lib/util_sd.c four times
from 98d84192a03 s3:utils:mdsearch go to cmdline_messaging_context_free
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 425aaf6f7ebecc33463f6ed2f39573e95a72bf55
Author: Volker Lendecke
Date: Thu Jan 12 12:00:26 2023 +0100
lib: Fix a use-after-free in "net vfs getntacl"
Don't hang "sd" off "fsp", which is free'ed before printing
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Thu Jan 12 16:41:07 UTC 2023 on sn-devel-184
commit d278fe4a8478c1108b0f95daa99eb0a4e8fa787c
Author: Volker Lendecke
Date: Thu Jan 12 11:55:04 2023 +0100
lib: Fix out-of-bounds access in print_ace_flags()
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Boehme
commit 3a458a8198eef40e4e58a6dc10525409188d573f
Author: Volker Lendecke
Date: Thu Jan 12 11:51:50 2023 +0100
lib: Use talloc_asprintf_addbuf() in print_ace_flags()
Simplifies code.
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Boehme
commit 6dcbea9e0fb09f2d420b2424081bb20d459277fb
Author: Volker Lendecke
Date: Thu Jan 12 12:11:49 2023 +0100
build: Don't compile source3/lib/util_sd.c four times
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Boehme
---
Summary of changes:
source3/lib/util_sd.c | 45 +--
source3/torture/wscript_build | 2 +-
source3/utils/net_vfs.c | 4 +++-
source3/utils/wscript_build | 8 +---
source3/wscript_build | 3 +++
5 files changed, 25 insertions(+), 37 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/lib/util_sd.c b/source3/lib/util_sd.c
index a4288a46f3d..23f37b7e734 100644
--- a/source3/lib/util_sd.c
+++ b/source3/lib/util_sd.c
@@ -240,53 +240,34 @@ bool StringToSid(struct cli_state *cli, struct dom_sid
*sid, const char *str)
static void print_ace_flags(FILE *f, uint8_t flags)
{
char *str = talloc_strdup(NULL, "");
-
- if (!str) {
- goto out;
- }
+ size_t len;
if (flags & SEC_ACE_FLAG_OBJECT_INHERIT) {
- str = talloc_asprintf(str, "%s%s",
- str, "OI|");
- if (!str) {
- goto out;
- }
+ talloc_asprintf_addbuf(, "OI|");
}
if (flags & SEC_ACE_FLAG_CONTAINER_INHERIT) {
- str = talloc_asprintf(str, "%s%s",
- str, "CI|");
- if (!str) {
- goto out;
- }
+ talloc_asprintf_addbuf(, "CI|");
}
if (flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT) {
- str = talloc_asprintf(str, "%s%s",
- str, "NP|");
- if (!str) {
- goto out;
- }
+ talloc_asprintf_addbuf(, "NP|");
}
if (flags & SEC_ACE_FLAG_INHERIT_ONLY) {
- str = talloc_asprintf(str, "%s%s",
- str, "IO|");
- if (!str) {
- goto out;
- }
+ talloc_asprintf_addbuf(, "IO|");
}
if (flags & SEC_ACE_FLAG_INHERITED_ACE) {
- str = talloc_asprintf(str, "%s%s",
- str, "I|");
- if (!str) {
- goto out;
- }
+ talloc_asprintf_addbuf(, "I|");
}
+ if (str == NULL) {
+ goto out;
+ }
+
/* Ignore define SEC_ACE_FLAG_SUCCESSFUL_ACCESS ( 0x40 )
and SEC_ACE_FLAG_FAILED_ACCESS ( 0x80 ) as they're
audit ace flags. */
- if (str[strlen(str)-1] == '|') {
- str[strlen(str)-1] = '\0';
- fprintf(f, "/%s/", str);
+ len = strlen(str);
+ if (len > 0) {
+ fprintf(f, "/%.*s/", (int)len-1, str);
} else {
fprintf(f, "/0x%x/", flags);
}
diff --git a/source3/torture/wscript_build b/source3/torture/wscript_build
index e941829ab5f..18106aaf59a 100644
--- a/source3/torture/wscript_build
+++ b/source3/torture/wscript_b
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via dd86376294f smbd: Fix indentation
via 17e9758b537 smbd: Fix CID 1518901 Logically dead code
via c1be654988a smbd: Fix CID 1518902 Use after free
from 316b8fa4a8a nsswitch: remove winbind_nss_mutex
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit dd86376294fd4117521dd550165ee4943ae8bec1
Author: Volker Lendecke
Date: Thu Jan 5 15:17:44 2023 +0100
smbd: Fix indentation
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Thu Jan 5 18:00:17 UTC 2023 on sn-devel-184
commit 17e9758b537e3a43f4f290debdc2b812abb394ed
Author: Volker Lendecke
Date: Thu Jan 5 15:17:14 2023 +0100
smbd: Fix CID 1518901 Logically dead code
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Boehme
commit c1be654988a14ed5ac7fb337716cb8f41daebca1
Author: Volker Lendecke
Date: Thu Jan 5 15:11:10 2023 +0100
smbd: Fix CID 1518902 Use after free
The SMB_REALLOC macro properly deals with failure to realloc, so
overwriting the target variable is correct here.
Signed-off-by: Volker Lendecke
---
Summary of changes:
source3/smbd/smb1_trans2.c | 55 +++---
1 file changed, 13 insertions(+), 42 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/smb1_trans2.c b/source3/smbd/smb1_trans2.c
index 815e529b231..336024c9456 100644
--- a/source3/smbd/smb1_trans2.c
+++ b/source3/smbd/smb1_trans2.c
@@ -2113,15 +2113,13 @@ static NTSTATUS smb_q_unix_basic(
int *ptotal_data)
{
const int total_data = 100;
- char *pdata = NULL;
- pdata = SMB_REALLOC(*ppdata, total_data);
- if (pdata == NULL) {
+ *ppdata = SMB_REALLOC(*ppdata, total_data);
+ if (*ppdata == NULL) {
return NT_STATUS_NO_MEMORY;
}
- store_file_unix_basic(conn, pdata, fsp, _fname->st);
+ store_file_unix_basic(conn, *ppdata, fsp, _fname->st);
- *ppdata = pdata;
*ptotal_data = total_data;
return NT_STATUS_OK;
@@ -2136,15 +2134,13 @@ static NTSTATUS smb_q_unix_info2(
int *ptotal_data)
{
const int total_data = 116;
- char *pdata = NULL;
- pdata = SMB_REALLOC(*ppdata, total_data);
- if (pdata == NULL) {
+ *ppdata = SMB_REALLOC(*ppdata, total_data);
+ if (*ppdata == NULL) {
return NT_STATUS_NO_MEMORY;
}
- store_file_unix_basic_info2(conn, pdata, fsp, _fname->st);
+ store_file_unix_basic_info2(conn, *ppdata, fsp, _fname->st);
- *ppdata = pdata;
*ptotal_data = total_data;
return NT_STATUS_OK;
@@ -2442,12 +2438,12 @@ static NTSTATUS smb_q_posix_acl(
}
size_needed += SMB_POSIX_ACL_HEADER_SIZE;
- pdata = SMB_REALLOC(*ppdata, size_needed);
- if (pdata == NULL) {
+ *ppdata = SMB_REALLOC(*ppdata, size_needed);
+ if (*ppdata == NULL) {
status = NT_STATUS_NO_MEMORY;
goto out;
}
- *ppdata = pdata;
+ pdata = *ppdata;
SSVAL(pdata,0,SMB_POSIX_ACL_VERSION);
SSVAL(pdata,2,num_file_acls);
@@ -2547,11 +2543,11 @@ static NTSTATUS smb_q_posix_symlink(
needed = (link_len+1)*2;
- pdata = SMB_REALLOC(*ppdata, needed);
- if (pdata == NULL) {
+ *ppdata = SMB_REALLOC(*ppdata, needed);
+ if (*ppdata == NULL) {
return NT_STATUS_NO_MEMORY;
}
- *ppdata = pdata;
+ pdata = *ppdata;
status = srvstr_push(
pdata,
@@ -4413,7 +4409,6 @@ static void call_trans2setpathinfo(
struct files_struct *fsp = NULL;
char *params = *pparams;
uint32_t ucf_flags = ucf_flags_from_smb_request(req);
- bool require_existing_object = true;
NTTIME twrp = 0;
char *fname = NULL;
bool info_level_handled;
@@ -4549,7 +4544,7 @@ static void call_trans2setpathinfo(
case SMB_SET_POSIX_ACL:
status = smb_set_posix_acl(
conn, req, *ppdata, total_data, NULL, smb_fname);
- break;
+ break;
}
if (info_level_handled) {
@@ -4571,30 +4566,6 @@ static void call_trans2setpathinfo(
*/
fsp = smb_fname->fsp;
- /*
-* There are 4 info levels which can
-* create a new object in the filesystem.
-* They are:
-* SMB_SET_FILE_UNIX_LINK -> creates POSIX symlink.
-* SMB_POSIX_PATH_OPEN -> creates POSIX file or directory.
-* SMB_SET_FILE_UNIX_BASIC:
-* SMB_SET_FILE_UNIX_INFO2: can create a POSIX special file.
-*
-* These info levels do not requi
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 316b8fa4a8a nsswitch: remove winbind_nss_mutex
via 642a4452ce5 nsswitch: leverage TLS if available in favour over
global locking
via ae4a06f4b08 nsswitch: prepare for removing global locking by using
TLS
via 347f75499e8 nsswitch/stress-nss-libwbclient: also test after fork
via 29a99e5e123 libreplace: require TLS support if pthread support is
available
via 73e7d3731d8 libreplace: update comment on __thread support
from 9636b40b05b smbd: Use get_dirent_ea_size() also for
BOTH_DIRECTORY_INFO
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 316b8fa4a8ae1f5e48692c2a86c6c1c962953389
Author: Ralph Boehme
Date: Wed Dec 21 14:48:06 2022 +0100
nsswitch: remove winbind_nss_mutex
We're now thread-safe by using TLS, so the global lock isn't needed anymore.
Signed-off-by: Ralph Boehme
Reviewed-by: Stefan Metzmacher
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Thu Jan 5 12:34:35 UTC 2023 on sn-devel-184
commit 642a4452ce5bc50e41e54bc6ca779686ecc3
Author: Ralph Boehme
Date: Sun Nov 6 16:57:27 2022 +0100
nsswitch: leverage TLS if available in favour over global locking
The global locking can lead to deadlocks when using nscd: when processing
the
first request in winbind, when we know we call into code that will recurse
into
winbind we call winbind_off() which sets an environment variable which is
later
checked here in the nsswitch module.
But with nscd in the stack, we don't see the env variable in nsswitch, so
when
we try to acquire the global lock again, it is already locked and we
deadlock.
By using a thread specific winbindd_context, plus a few other thread local
global
variables, we don't need a global lock anymore.
Signed-off-by: Ralph Boehme
Reviewed-by: Stefan Metzmacher
commit ae4a06f4b087c6b247f55716a4b3f59aaa79
Author: Ralph Boehme
Date: Sun Nov 6 16:57:27 2022 +0100
nsswitch: prepare for removing global locking by using TLS
Switch to using TLS for all global variables. No change in behaviour.
Signed-off-by: Ralph Boehme
Reviewed-by: Stefan Metzmacher
commit 347f75499e832dc669268c5c1b0368224dbf0374
Author: Ralph Boehme
Date: Mon Oct 31 16:19:21 2022 +0100
nsswitch/stress-nss-libwbclient: also test after fork
Signed-off-by: Ralph Boehme
Reviewed-by: Stefan Metzmacher
commit 29a99e5e123465145f0faf66bddd94ecc26d15ff
Author: Ralph Boehme
Date: Tue Nov 15 11:30:28 2022 +0100
libreplace: require TLS support if pthread support is available
Signed-off-by: Ralph Boehme
Reviewed-by: Stefan Metzmacher
commit 73e7d3731d87b3c3ed907e718fcba5ed2e293e51
Author: Ralph Boehme
Date: Thu Oct 27 07:51:49 2022 +0200
libreplace: update comment on __thread support
Signed-off-by: Ralph Boehme
Reviewed-by: Stefan Metzmacher
---
Summary of changes:
lib/replace/replace.h | 12 +++
lib/replace/wscript | 6 +-
nsswitch/libwbclient/wscript | 6 +-
nsswitch/stress-nss-libwbclient.c | 152 ++
nsswitch/wb_common.c | 127 +--
nsswitch/winbind_nss_linux.c | 123 +-
6 files changed, 296 insertions(+), 130 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/replace/replace.h b/lib/replace/replace.h
index de50761d000..b15f3d14c8a 100644
--- a/lib/replace/replace.h
+++ b/lib/replace/replace.h
@@ -1082,4 +1082,16 @@ static inline bool hex_byte(const char *in, uint8_t *out)
#include
#endif
+/*
+ * This handles the case of missing pthread support and ensures code can use
+ * __thread unconditionally, such that when built on a platform without pthread
+ * support, the __thread qualifier is an empty define.
+ */
+#ifndef HAVE___THREAD
+# ifdef HAVE_PTHREAD
+# error Configure failed to detect pthread library with missing TLS support
+# endif
+#define HAVE___THREAD
+#endif
+
#endif /* _LIBREPLACE_REPLACE_H */
diff --git a/lib/replace/wscript b/lib/replace/wscript
index b1ca95515a0..82c5a8a477b 100644
--- a/lib/replace/wscript
+++ b/lib/replace/wscript
@@ -673,7 +673,8 @@ syscall(SYS_copy_file_range,0,NULL,0,NULL,0,0);
conf.CONFIG_SET('HAVE_PTHREAD_MUTEX_CONSISTENT_NP'))):
conf.DEFINE('HAVE_ROBUST_MUTEXES', 1)
-# __thread is available since 2002 in gcc.
+# __thread is available in Solaris Studio, IBM XL,
+# gcc, Clang and Intel C Compiler
conf.CHECK_CODE('''
__thread int tls;
@@ -685,6 +686,9 @@ syscall(SYS_copy_file_range,0,NULL,0,NULL,0,0);
addmain=False,
msg='Checking for __thread local storage
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 9636b40b05b smbd: Use get_dirent_ea_size() also for BOTH_DIRECTORY_INFO via dc98e564604 smbd: Factor out get_dirent_ea_size() via 8000c188374 pylibsmb: Add reparse tag definitions via ecdb225a7c6 pylibsmb: Get reparse tag when listing directories via d4f47d4b869 smbd: Modernize a DBG statement via eb0e911c73c smbd: Shorten a few lines via 852ce99e2ae smbd: Remove duplicate/unused #defines via 7a21dc75645 torture: Fix whitespace via 71610e3633d smbd: Move SMB_QUERY_FILE_UNIX_LINK to smb1_trans2.c via f48e2489ad7 smbd: Move get_posix_fsp() to smb1_trans2.c via 6fc64f53a80 smbd: Move SMB_QUERY_POSIX_ACL to smb1_trans2.c via 01e14e0fe13 smbd: Move SMB_QUERY_FILE_UNIX_[BASIC|INFO2] to smb1_trans2.c via 0cfea607927 smbd: Remove an unnecessary if-statement via 65fc2b105a3 smbd: Remove an unnecessary if-statement via 4f69b76fa18 smbd: Move smb_set_posix_acl() to smb1_trans2.c via 19c41395e55 smbd: Make get_posix_fsp() public via b0dfee968a4 smbd: smbd_do_qfilepathinfo() does not need lock_data anymore via e53988cdea2 smbd: Handle SMB_QUERY_POSIX_LOCK() in call_trans2qfileinfo() via ad453a3827b smbd: Remove two variables never set after initialization via 2be0e68ec51 smbd: Move SMB_SET_FILE_UNIX_[BASIC|INFO2] to smb1_trans2.c via 483aa414809 smbd: Make map_info2_flags_to_sbuf() public via 1c21fc72e9a smbd: Make smb_set_file_size() public via 765f9bcf666 smbd: Move handling smb_set_posix_lock() to smb1_trans2.c via 2cef6fcd6d1 smbd: Move smb_set_file_unix_hlink() to smb1_trans2.c via 5273c1da12a smbd: Move smb_set_file_unix_link() to smb1_trans2.c via cabef724697 smbd: Move smb_posix_unlink() to smb1_trans2.c via bcc621a69f9 smbd: Make smb_set_file_disposition_info() public via 38b15fada27 smbd: Move smb_posix_open() to smb1_trans2.c via 58287995e5b smbd: Make store_file_unix_basic[_info2] public via bad8aa10cd8 smbd: Factor out handle_trans2qfilepathinfo_result() via 5f7d16dbefa smbd: Simplify call_trans2qfilepathinfo() via d66dc816716 smbd: Fix qfileinfo profiling via 3b76bc9689c smbd: Remove call_trans2setfilepathinfo() via 5f38f23668b smbd: Factor out handle_trans2setfilepathinfo_result() via f72572ff6f4 smbd: Simplify call_trans2setfilepathinfo() via 6619b16fec7 smbd: Fix setfileinfo profiling from c9a6e242d15 s3: smbd: Strip any leading '\' characters if the SMB2 DFS flag is set. https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9636b40b05b90e5317bb1ef29985ffb91bccf482 Author: Volker Lendecke Date: Mon Jan 2 16:21:50 2023 +0100 smbd: Use get_dirent_ea_size() also for BOTH_DIRECTORY_INFO This is a bit more involved as readdir_attr_data needs to be looked at. The meaning of this if-statements should be the same though, readdir_attr_data can only be non-NULL if we don't have a reparse point around. See the beginning of smbd_marshall_dir_entry(). Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Jan 4 09:48:37 UTC 2023 on sn-devel-184 commit dc98e564604f4b61fbc6bd41ba8c05ead30e7aa2 Author: Volker Lendecke Date: Mon Jan 2 16:19:12 2023 +0100 smbd: Factor out get_dirent_ea_size() Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 8000c1883748dcf4a5e2c2ea8f90115dff07254a Author: Volker Lendecke Date: Mon Jan 2 16:01:10 2023 +0100 pylibsmb: Add reparse tag definitions Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit ecdb225a7c6688f1d8ad53e6f651e7e985297582 Author: Volker Lendecke Date: Mon Jan 2 14:29:12 2023 +0100 pylibsmb: Get reparse tag when listing directories Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit d4f47d4b86923741ef8644b6aee8fc2faab79d74 Author: Volker Lendecke Date: Wed Dec 28 23:18:20 2022 +0100 smbd: Modernize a DBG statement Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit eb0e911c73cfc8d1ec348a17de13f71344901f92 Author: Volker Lendecke Date: Wed Dec 28 23:14:25 2022 +0100 smbd: Shorten a few lines Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 852ce99e2aeea148c3f0d5301ad4e93be9c94630 Author: Volker Lendecke Date: Fri Dec 23 09:21:25 2022 +0100 smbd: Remove duplicate/unused #defines Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 7a21dc75645040e44a8940e6dad3e064124e918e Author: Volker Lendecke Date: Sat Dec 24 14:08:40 2022 +0100 torture: Fix whitespace Signed-off-by: Volker Lendecke Reviewed
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 01cdc5e00be lib/replace - add extra check to bsd_attr_list
from a6136b88174 Happy New Year 2023!
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 01cdc5e00be78a51f0766634cc7fe50de2088203
Author: Andrew Walker
Date: Tue Dec 27 10:59:14 2022 -0500
lib/replace - add extra check to bsd_attr_list
The FreeBSD extattr API may return success and truncated
namelist. We need to check for this in bsd_attr_list to
ensure that we don't accidentally read off the end of the
buffer. In the case of a truncated value, the pascal
strings for attr names will reflect the lengths as if
the value were not truncated. For example:
`58DosStrea`
In case of short read we now set error to ERANGE and
fail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15271
Signed-off-by: Andrew Walker
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Mon Jan 2 14:27:23 UTC 2023 on sn-devel-184
---
Summary of changes:
lib/replace/xattr.c | 12
1 file changed, 12 insertions(+)
Changeset truncated at 500 lines:
diff --git a/lib/replace/xattr.c b/lib/replace/xattr.c
index 4869367b7da..1044942f4b9 100644
--- a/lib/replace/xattr.c
+++ b/lib/replace/xattr.c
@@ -267,6 +267,18 @@ static ssize_t bsd_attr_list (int type, extattr_arg arg,
char *list, size_t size
for(i = 0; i < list_size; i += len + 1) {
len = buf[i];
+
+ /*
+* If for some reason we receive a truncated
+* return from call to list xattrs the pascal
+* string lengths will not be changed and
+* therefore we must check that we're not
+* reading garbage data or off end of array
+*/
+ if (len + i >= list_size) {
+ errno = ERANGE;
+ return -1;
+ }
strncpy(list, extattr[t].name, extattr[t].len + 1);
list += extattr[t].len;
strncpy(list, buf + i + 1, len);
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 17bbd6ec4c2 smbd: Add "posix" flag to
openat_pathref_dirfsp_nosymlink()
via 612c8da01cf tests: Show that in smb1 posix we don't treat dirs as
case sensitive
from 897f08f7a03 testprogs: Use new kerberos options for samba-tool in
test_kpasswd_mit.sh
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 17bbd6ec4c2607afeadd91a29c245054a6ca6828
Author: Volker Lendecke
Date: Wed Dec 14 17:35:17 2022 +0100
smbd: Add "posix" flag to openat_pathref_dirfsp_nosymlink()
Don't do the get_real_filename() retry if we're in posix context of if
the connection is case sensitive.
The whole concept of case sensivity blows my brain. In SMB1 without
posix extensions it's a per-request thing. In SMB2 without posix
extensions this should just depend on "case sensitive = yes/no", and
in future SMB2 posix extensions this will become a per-request thing
again, depending on the existence of the posix create context.
Then there are other semantics that are attached to posix-ness, which
have nothing to do with case sensivity. See for example merge request
2819 and bug 8776, or commit f0e1137425f. Also see
check_path_syntax_internal().
This patch uses the same flags as openat_pathref_fsp_case_insensitive()
does, but I am 100% certain this is wrong in a subtle way.
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Thu Dec 15 11:30:04 UTC 2022 on sn-devel-184
commit 612c8da01cf54be1268f2fe27fb187161cc2d0b3
Author: Volker Lendecke
Date: Wed Dec 14 18:05:04 2022 +0100
tests: Show that in smb1 posix we don't treat dirs as case sensitive
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Boehme
---
Summary of changes:
python/samba/tests/smb1posix.py | 52 +
source3/selftest/tests.py | 1 +
source3/smbd/filename.c | 1 +
source3/smbd/files.c| 8 ++-
source3/smbd/proto.h| 1 +
5 files changed, 62 insertions(+), 1 deletion(-)
create mode 100644 python/samba/tests/smb1posix.py
Changeset truncated at 500 lines:
diff --git a/python/samba/tests/smb1posix.py b/python/samba/tests/smb1posix.py
new file mode 100644
index 000..52b0312ac8b
--- /dev/null
+++ b/python/samba/tests/smb1posix.py
@@ -0,0 +1,52 @@
+# Unix SMB/CIFS implementation.
+# Copyright Volker Lendecke 2022
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from samba.samba3 import libsmb_samba_internal as libsmb
+from samba import (ntstatus,NTSTATUSError)
+from samba.dcerpc import security as sec
+import samba.tests.libsmb
+
+class Smb1PosixTests(samba.tests.libsmb.LibsmbTests):
+
+def test_directory_case_sensivity(self):
+"""Test that in smb1 posix dirs are case sensitive"""
+conn = libsmb.Conn(
+self.server_ip,
+"posix_share",
+self.lp,
+self.creds,
+force_smb1=True)
+conn.smb1_posix()
+
+try:
+conn.mkdir("lower")
+except NTSTATUSError as e:
+if e.args[0] != ntstatus.NT_STATUS_OBJECT_NAME_COLLISION:
+raise
+try:
+conn.mkdir("lower/second")
+except NTSTATUSError as e:
+if e.args[0] != ntstatus.NT_STATUS_OBJECT_NAME_COLLISION:
+raise
+
+self.assertFalse(conn.chkpath("Lower/second"))
+conn.rmdir("lower/second")
+conn.rmdir("lower")
+
+if __name__ == '__main__':
+import unittest
+unittest.main()
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 1630fdd2035..a1379e8080e 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -1689,3 +1689,4 @@ for t in CLUSTERED_LOCAL_TESTS:
planpythontestsuite("fileserver", "samba.tests.smb3unix")
planpythontestsuite("fileserver", "samba.tests.reparsepoints")
planpythontestsuite("fileserver_smb1", "sam
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 39df9f4a593 s3: smbd: Fix schedule_smb2_aio_read() to allow the last read in a compound to go async. via 0bb4810719c s3: smbd: Fix schedule_aio_smb2_write() to allow the last write in a compound to go async. via 088b8a1e3e5 s4: torture: Add compound_async.read_read test to show we don't go async on the last read in a compound. via ffd9b94fe0f s4: torture: Add compound_async.write_write test to show we don't go async on the last write in a compound. via fc6c76e6dab s4: torture: Tweak the compound padding streamfile test to send 3 reads instead of 2, and check the middle read padding. via 48b12f11a5c s4: torture: Tweak the compound padding basefile test to send 3 reads instead of 2, and check the middle read padding. via f5b2ae58093 s3: tests: Change smb2.compound_async to run against share aio_delay_inject instead of tmp. from 49b40a13343 s4:torture: Fix segfault in multichannel test https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 39df9f4a593f4dd1f19c8b720fd7fd55081c29d1 Author: Jeremy Allison Date: Fri Nov 18 10:50:35 2022 -0800 s3: smbd: Fix schedule_smb2_aio_read() to allow the last read in a compound to go async. Remove knownfail. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Thu Dec 1 16:04:07 UTC 2022 on sn-devel-184 commit 0bb4810719ce0864114d84b72f8d3b206f1a7d0e Author: Jeremy Allison Date: Fri Nov 18 10:45:19 2022 -0800 s3: smbd: Fix schedule_aio_smb2_write() to allow the last write in a compound to go async. Remove knownfail. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit 088b8a1e3e56cc24a7c2a469042d1ece9e84df38 Author: Jeremy Allison Date: Thu Nov 17 15:50:30 2022 -0800 s4: torture: Add compound_async.read_read test to show we don't go async on the last read in a compound. Add knownfail. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit ffd9b94fe0f59c2b552402543db406cb69003745 Author: Jeremy Allison Date: Thu Nov 17 15:39:16 2022 -0800 s4: torture: Add compound_async.write_write test to show we don't go async on the last write in a compound. Add knownfail. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit fc6c76e6dabdc20bc7401cc2268baa6edb635ee1 Author: Jeremy Allison Date: Fri Nov 18 13:30:05 2022 -0800 s4: torture: Tweak the compound padding streamfile test to send 3 reads instead of 2, and check the middle read padding. The protocol allows the last read in a related compound to be split off and possibly go async (and smbd soon will do this). If the last read is split off, then the padding is different. By sending 3 reads and checking the padding on the 2nd read, we cope with the smbd change and are still correctly checking the padding on a compound related read. Do this for the stream filename compound padding test. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit 48b12f11a5c4ebd9affb2a2589f47881b46b659b Author: Jeremy Allison Date: Fri Nov 18 13:23:48 2022 -0800 s4: torture: Tweak the compound padding basefile test to send 3 reads instead of 2, and check the middle read padding. The protocol allows the last read in a related compound to be split off and possibly go async (and smbd soon will do this). If the last read is split off, then the padding is different. By sending 3 reads and checking the padding on the 2nd read, we cope with the smbd change and are still correctly checking the padding on a compound related read. Do this for the base filename compound padding test. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit f5b2ae58093a0920c7be0394f638b73736fbebc2 Author: Jeremy Allison Date: Fri Nov 18 09:53:23 2022 -0800 s3: tests: Change smb2.compound_async to run against share aio_delay_inject instead of tmp. It doesn't hurt the fsync compound async tests, and we need this for the next commits to ensure smb2_read/smb2_write compound tests take longer than 500ms so can be sure the last read/write in the compound will go async. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme --- Summary of changes: source3/selftest/tests.py | 2 +- source3/smbd/smb2_aio.c | 22 +++- source4/torture/smb2/compound.c | 258 +++- 3 files changed, 277 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index 8e9a4aaba47..1630fdd2035 100755 --- a/source3
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 535a08dfc4c smbd: reject FILE_ATTRIBUTE_TEMPORARY on directories
via fdb19ce8aa1 torture: add a test trying to set
FILE_ATTRIBUTE_TEMPORARY on a directory
from c8bf9495f43 vfs: fix the build of nfs4acl_xattr_ without rpc/xdr.h
support
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 535a08dfc4c045d7b0c0ed335f76b5d560dd7bbd
Author: Ralph Boehme
Date: Tue Nov 22 07:31:52 2022 +0100
smbd: reject FILE_ATTRIBUTE_TEMPORARY on directories
Cf MS-FSA 2.1.5.14.2
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15252
Signed-off-by: Ralph Boehme
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Mon Nov 28 10:14:12 UTC 2022 on sn-devel-184
commit fdb19ce8aa189f6cfbd2d1fd7ed6fe809ba93cf3
Author: Ralph Boehme
Date: Tue Nov 22 10:45:35 2022 +0100
torture: add a test trying to set FILE_ATTRIBUTE_TEMPORARY on a directory
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15252
Signed-off-by: Ralph Boehme
Reviewed-by: Andrew Bartlett
---
Summary of changes:
selftest/knownfail| 1 +
source3/smbd/dosmode.c| 7 +++
source4/torture/smb2/create.c | 47 +++
3 files changed, 55 insertions(+)
Changeset truncated at 500 lines:
diff --git a/selftest/knownfail b/selftest/knownfail
index cd91a7a50e6..c6e0a242ecb 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -146,6 +146,7 @@
^samba4.smb2.create.*.acldir
^samba4.smb2.create.*.impersonation
^samba4.smb2.create.quota-fake-file\(ad_dc_ntvfs\) # not supported by the NTVFS
+^samba4.smb2.create.dosattr_tmp_dir\(ad_dc_ntvfs\)
^samba4.smb2.acls.*.generic
^samba4.smb2.acls.*.inheritflags
^samba4.smb2.acls.*.owner
diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c
index 40fe7b5166a..2e3aa0934a7 100644
--- a/source3/smbd/dosmode.c
+++ b/source3/smbd/dosmode.c
@@ -918,6 +918,13 @@ int file_set_dosmode(connection_struct *conn,
return -1;
}
+ if ((S_ISDIR(smb_fname->st.st_ex_mode)) &&
+ (dosmode & FILE_ATTRIBUTE_TEMPORARY))
+ {
+ errno = EINVAL;
+ return -1;
+ }
+
dosmode &= SAMBA_ATTRIBUTES_MASK;
DEBUG(10,("file_set_dosmode: setting dos mode 0x%x on file %s\n",
diff --git a/source4/torture/smb2/create.c b/source4/torture/smb2/create.c
index 9357528909e..cdd543685a1 100644
--- a/source4/torture/smb2/create.c
+++ b/source4/torture/smb2/create.c
@@ -3372,6 +3372,52 @@ static bool test_fileid_unique_dir(
return test_fileid_unique_object(tctx, tree, 100, true);
}
+static bool test_dosattr_tmp_dir(struct torture_context *tctx,
+struct smb2_tree *tree)
+{
+ bool ret = true;
+ NTSTATUS status;
+ struct smb2_create c;
+ struct smb2_handle h1 = {{0}};
+ const char *fname = DNAME;
+
+ smb2_deltree(tree, fname);
+ smb2_util_rmdir(tree, fname);
+
+ c = (struct smb2_create) {
+ .in.desired_access = SEC_RIGHTS_DIR_ALL,
+ .in.file_attributes = FILE_ATTRIBUTE_DIRECTORY,
+ .in.create_disposition = NTCREATEX_DISP_OPEN_IF,
+ .in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+ NTCREATEX_SHARE_ACCESS_WRITE |
+ NTCREATEX_SHARE_ACCESS_DELETE,
+ .in.create_options = NTCREATEX_OPTIONS_DIRECTORY,
+ .in.fname = DNAME,
+ };
+
+ status = smb2_create(tree, tctx, );
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "smb2_create\n");
+ h1 = c.out.file.handle;
+
+ /* Try to set temporary attribute on directory */
+ SET_ATTRIB(FILE_ATTRIBUTE_TEMPORARY);
+
+ torture_assert_ntstatus_equal_goto(tctx, status,
+ NT_STATUS_INVALID_PARAMETER,
+ ret, done,
+ "Unexpected setinfo result\n");
+
+done:
+ if (!smb2_util_handle_empty(h1)) {
+ smb2_util_close(tree, h1);
+ }
+ smb2_util_unlink(tree, fname);
+ smb2_deltree(tree, fname);
+
+ return ret;
+}
+
/*
test opening quota fakefile handle and returned attributes
*/
@@ -3927,6 +3973,7 @@ struct torture_suite *torture_smb2_create_init(TALLOC_CTX
*ctx)
torture_suite_add_1smb2_test(suite, "nulldacl", test_create_null_dacl);
torture_suite_add_1smb2_test(suite, "mkdir-dup", test_mkdir_dup);
torture_suite_add_1smb2_test(suite, "dir-alloc-size",
test_dir_alloc_size);
+
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c8bf9495f43 vfs: fix the build of nfs4acl_xattr_ without rpc/xdr.h support from 3b9ccfa4ac7 net: use correct printf format, fi3_id is an uint32_t https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c8bf9495f43ed677f90e59937e1e805fc5e60d49 Author: Stefan Metzmacher Date: Wed Mar 27 04:34:12 2019 +0100 vfs: fix the build of nfs4acl_xattr_ without rpc/xdr.h support Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Nov 25 06:07:32 UTC 2022 on sn-devel-184 --- Summary of changes: source3/modules/nfs4acl_xattr_nfs.c | 1 + source3/modules/nfs4acl_xattr_util.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/source3/modules/nfs4acl_xattr_nfs.c b/source3/modules/nfs4acl_xattr_nfs.c index 59e02bf1577..698630f3e6f 100644 --- a/source3/modules/nfs4acl_xattr_nfs.c +++ b/source3/modules/nfs4acl_xattr_nfs.c @@ -874,6 +874,7 @@ NTSTATUS nfs4acl_nfs_blob_to_smb4(struct vfs_handle_struct *handle, } #else /* !HAVE_RPC_XDR_H */ +#include "nfs4_acls.h" #include "nfs4acl_xattr_nfs.h" NTSTATUS nfs4acl_nfs_blob_to_smb4(struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx, diff --git a/source3/modules/nfs4acl_xattr_util.c b/source3/modules/nfs4acl_xattr_util.c index 8ea1e76ad17..998dbf2df4d 100644 --- a/source3/modules/nfs4acl_xattr_util.c +++ b/source3/modules/nfs4acl_xattr_util.c @@ -29,7 +29,6 @@ #ifdef FALSE #undef FALSE #endif -#endif #include "nfs4_acls.h" #include "nfs41acl.h" @@ -71,3 +70,4 @@ uint16_t nfs4acl_to_smb4acl_flags(unsigned nfsacl41_flags) return smb4acl_flags; } +#endif /* HAVE_RPC_XDR_H */ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 26adf334433 s3: smbd: Cause SMB2_OP_FLUSH to go synchronous in a compound anywhere but the last operation in the list. via e668c3a82cd s3: smbd: Add utility function smbd_smb2_is_last_in_compound(). via 6f149dfd9d8 s4: torture: Add an async SMB2_OP_FLUSH + SMB2_OP_FLUSH test to smb2.compound_async. via 17a110c1b58 s4: torture: Add an async SMB2_OP_FLUSH + SMB2_OP_CLOSE test to smb2.compound_async. from f6284877ce0 nsswitch: Fix uninitialized memory when allocating pwdlastset_prelim https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 26adf3344337f4e8d5d2107e6ba42e5ea7656372 Author: Jeremy Allison Date: Thu Oct 20 15:19:05 2022 -0700 s3: smbd: Cause SMB2_OP_FLUSH to go synchronous in a compound anywhere but the last operation in the list. Async read and write go synchronous in the same case, so do the same here. Remove knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15172 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Thu Nov 17 05:55:42 UTC 2022 on sn-devel-184 commit e668c3a82cd566b405c976d45659dd79786948de Author: Jeremy Allison Date: Thu Oct 20 15:08:14 2022 -0700 s3: smbd: Add utility function smbd_smb2_is_last_in_compound(). Not yet used. Returns true if we're processing the last SMB2 request in a compound. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15172 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit 6f149dfd9d8d2619a9e18975ebcf5e69df2b7766 Author: Jeremy Allison Date: Thu Oct 20 14:22:25 2022 -0700 s4: torture: Add an async SMB2_OP_FLUSH + SMB2_OP_FLUSH test to smb2.compound_async. Shows we fail sending an SMB2_OP_FLUSH + SMB2_OP_FLUSH compound if we immediately close the file afterward. Internally the flushes go async and we free the req, then we process the close. When the flushes complete they try to access already freed data. Extra test which will allow me to test when the final component (flush) of the compound goes async and returns NT_STATUS_PENDING. Add knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15172 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit 17a110c1b58196eb8ecf3c76eb97e8508976c544 Author: Jeremy Allison Date: Tue Oct 18 16:22:33 2022 -0700 s4: torture: Add an async SMB2_OP_FLUSH + SMB2_OP_CLOSE test to smb2.compound_async. Shows we fail sending an SMB2_OP_FLUSH + SMB2_OP_CLOSE compound. Internally the flush goes async and we free the req, then we process the close. When the flush completes it tries to access already freed data. Found using the Apple MacOSX client at SNIA SDC 2022. Add knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15172 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme --- Summary of changes: source3/selftest/tests.py | 2 + source3/smbd/globals.h | 1 + source3/smbd/smb2_flush.c | 14 +++ source3/smbd/smb2_server.c | 6 ++ source4/torture/smb2/compound.c | 232 source4/torture/smb2/smb2.c | 1 + 6 files changed, 256 insertions(+) Changeset truncated at 500 lines: diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index 67ba7b10484..f6cc6e0c639 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -1169,6 +1169,8 @@ for t in tests: plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD') plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/aio -U$USERNAME%$PASSWORD', 'aio') plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD') +elif t == "smb2.compound_async": +plansmbtorture4testsuite(t, "fileserver", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD') elif t == "smb2.ea": plansmbtorture4testsuite(t, "fileserver", '//$SERVER/ea_acl_xattr --option=torture:acl_xattr_name=hackme -U$USERNAME%$PASSWORD') elif t == "rpc.samba3.netlogon" or t == "rpc.samba3.sessionkey": diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index efcf02f0d24..125ef64f070 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -238,6 +238,7 @@ void smbd_server_disconnect_client_ex(struct smbXsrv_client *client, const char *smb2_opcode_name(uint16_t opcode); bool smbd_is_smb2_header(const uint8_t *inbuf, size_t size); bool smbd_smb2_is_compound(const struct smbd_smb2_request *req); +bool smbd_smb2_is_las
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via f0ca9546102 s3: smbd: In synthetic_pathref() change DBG_ERR ->
DBG_NOTICE to avoid spamming the logs.
from 434f461e9e5 CVE-2022-42898 third_party/heimdal: PAC parse integer
overflows
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit f0ca9546102acf09f1834c03f8907ed26bfc80f8
Author: Jeremy Allison
Date: Tue Nov 15 13:29:46 2022 -0800
s3: smbd: In synthetic_pathref() change DBG_ERR -> DBG_NOTICE to avoid
spamming the logs.
Can easily be seen by doing make test TESTS=fruit
and looking in st/nt4_dc/smbd_test.log.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15210
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Wed Nov 16 06:00:56 UTC 2022 on sn-devel-184
---
Summary of changes:
source3/smbd/files.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/files.c b/source3/smbd/files.c
index 64297f18773..40d71d8851b 100644
--- a/source3/smbd/files.c
+++ b/source3/smbd/files.c
@@ -1201,7 +1201,7 @@ NTSTATUS synthetic_pathref(TALLOC_CTX *mem_ctx,
status = openat_pathref_fsp(dirfsp, smb_fname);
if (!NT_STATUS_IS_OK(status)) {
- DBG_ERR("opening [%s] failed\n",
+ DBG_NOTICE("opening [%s] failed\n",
smb_fname_str_dbg(smb_fname));
TALLOC_FREE(smb_fname);
return status;
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
==by 0x4861515: reg_diff_load (patchfile.c:353) ==6357==by 0x4861CD3: reg_diff_apply (patchfile.c:542) ==6357==by 0x10ADF9: main (regpatch.c:114) ==6357== Address 0x70f79d0 is 0 bytes inside a block of size 5 free'd ==6357==at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==6357==by 0x4AF38B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2) ==6357==by 0x4AF45D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2) ==6357==by 0x10ADCF: main (regpatch.c:111) ==6357== Block was alloc'd at ==6357==at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==6357==by 0x4AF52EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2) ==6357==by 0x10ACBD: main (regpatch.c:79) ==6357== ==6357== Invalid read of size 1 ==6357==at 0x4B83DDF: _IO_default_xsputn (in /usr/lib64/libc.so.6) ==6357==by 0x4B5D39E: __vfprintf_internal (in /usr/lib64/libc.so.6) ==6357==by 0x4B7E719: __vasprintf_internal (in /usr/lib64/libc.so.6) ==6357==by 0x4AD32F0: __dbgtext_va (debug.c:1904) ==6357==by 0x4AD33F2: dbgtext (debug.c:1925) ==6357==by 0x4861515: reg_diff_load (patchfile.c:353) ==6357==by 0x4861CD3: reg_diff_apply (patchfile.c:542) ==6357==by 0x10ADF9: main (regpatch.c:114) ==6357== Address 0x70f79d2 is 2 bytes inside a block of size 5 free'd ==6357==at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==6357==by 0x4AF38B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2) ==6357==by 0x4AF45D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2) ==6357==by 0x10ADCF: main (regpatch.c:111) ==6357== Block was alloc'd at ==6357==at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==6357==by 0x4AF52EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2) ==6357==by 0x10ACBD: main (regpatch.c:79) ==6357== Error reading registry patch file `file' BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205 Signed-off-by: Noel Power Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Oct 14 13:38:55 UTC 2022 on sn-devel-184 commit 4b15d8c2a5c8547b84e7926fed9890b5676b8bc3 Author: Noel Power Date: Fri Oct 14 11:45:13 2022 +0100 s3/utils: Fix use after free with popt 1.19 popt1.19 fixes a leak that exposes a use as free, make sure we duplicate return of poptGetArg if poptFreeContext is called before we use it. ==6055== Command: ./bin/testparm /etc/samba/smb.conf ==6055== ==6055== Invalid read of size 1 ==6055==at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==6055==by 0x4C1E50F: __vfprintf_internal (in /usr/lib64/libc.so.6) ==6055==by 0x4C1EB74: buffered_vfprintf (in /usr/lib64/libc.so.6) ==6055==by 0x4C119E9: fprintf (in /usr/lib64/libc.so.6) ==6055==by 0x10EBFA: main (testparm.c:862) ==6055== Address 0x72dab70 is 0 bytes inside a block of size 20 free'd ==6055==at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==6055==by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2) ==6055==by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2) ==6055==by 0x10EBAC: main (testparm.c:854) ==6055== Block was alloc'd at ==6055==at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==6055==by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2) ==6055==by 0x10EB2E: main (testparm.c:830) ==6055== ==6055== Invalid read of size 1 ==6055==at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==6055==by 0x4C1E50F: __vfprintf_internal (in /usr/lib64/libc.so.6) ==6055==by 0x4C1EB74: buffered_vfprintf (in /usr/lib64/libc.so.6) ==6055==by 0x4C119E9: fprintf (in /usr/lib64/libc.so.6) ==6055==by 0x10EBFA: main (testparm.c:862) ==6055== Address 0x72dab71 is 1 bytes inside a block of size 20 free'd ==6055==at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==6055==by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2) ==6055==by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2) ==6055==by 0x10EBAC: main (testparm.c:854) ==6055== Block was alloc'd at ==6055==at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==6055==by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2) ==6055==by 0x10EB2E: main (testparm.c:830) ==6055== ==6055== Invalid read of size 1 ==6055==at 0x4C44DD0: _IO_default_xsputn (in /usr/lib64/libc.so.6) ==6055==by 0x4C1E39E: __vfprintf_internal (in /usr/lib64
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 266bcedc18e s4:messaging: let imessaging_client_init() use
imessaging_init_discard_incoming()
via 32df5e4961c s3:auth_samba4: make use of
imessaging_init_discard_incoming()
via a120fb1c724 s4:messaging: add imessaging_init_discard_incoming()
via 5d91ecf01dc vfs_glusterfs: Add path based fallback mechanism for
SMB_VFS_FNTIMES
via 5d66d5b84f8 smbXsrv_client: handle NAME_NOT_FOUND from
smb2srv_client_connection_{pass,drop}()
via 8c8d8cf01e0 smbXsrv_client: make sure we only wait for
smb2srv_client_mc_negprot_filter once and only when needed
via 56c597bc2b2 smbXsrv_client: call
smb2srv_client_connection_{pass,drop}() before dbwrap_watched_watch_send()
via acb3d821dea smbXsrv_client: fix a debug message in
smbXsrv_client_global_verify_record()
via 636ec45c93a smbXsrv_client: ignore NAME_NOT_FOUND from
smb2srv_client_connection_passed
from cc397175cb9 vfs_glusterfs: Simplify SMB_VFS_FDOPENDIR implementation
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 266bcedc18efc52e29efde6bad220623a5423e30
Author: Stefan Metzmacher
Date: Wed Sep 28 14:27:09 2022 +0200
s4:messaging: let imessaging_client_init() use
imessaging_init_discard_incoming()
imessaging_client_init() is for temporary stuff only, so we should drop
(unexpected) incoming messages unless we expect irpc responses.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15201
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Thu Oct 13 13:32:30 UTC 2022 on sn-devel-184
commit 32df5e4961cf064b72bb496157cc6092126d9b8e
Author: Stefan Metzmacher
Date: Wed Sep 28 14:14:41 2022 +0200
s3:auth_samba4: make use of imessaging_init_discard_incoming()
Otherwise we'll generate a memory leak of imessaging_post_state/
tevent_immediate structures per incoming message!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15201
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
commit a120fb1c724dfaed5a99e34aaf979502586f17c0
Author: Stefan Metzmacher
Date: Wed Sep 28 13:47:13 2022 +0200
s4:messaging: add imessaging_init_discard_incoming()
We often create imessaging contexts just for sending messages,
but we'll never process incoming messages because a temporary event
context was used and we just queue a lot of imessaging_post_state
structures with immediate events.
With imessaging_init_discard_incoming() we'll discard any incoming messages
unless we have pending irpc requests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15201
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
commit 5d91ecf01dce95400da5d6ac181144df1e32ca35
Author: Anoop C S
Date: Thu Oct 13 15:54:10 2022 +0530
vfs_glusterfs: Add path based fallback mechanism for SMB_VFS_FNTIMES
Fallback mechanism was missing in vfs_gluster_fntimes() for path based
call. Therefore adding a similar mechanism as seen with other calls like
vfs_gluster_fsetxattr, vfs_gluster_fgetxattr etc.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15198
Signed-off-by: Anoop C S
Reviewed-by: Ralph Boehme
commit 5d66d5b84f87267243dcd5223210906ce589af91
Author: Stefan Metzmacher
Date: Wed Oct 12 14:57:18 2022 +0200
smbXsrv_client: handle NAME_NOT_FOUND from
smb2srv_client_connection_{pass,drop}()
If we get NT_STATUS_OBJECT_NOT_FOUND from
smb2srv_client_connection_{pass,drop}()
we should just keep the connection and overwrite the stale record in
smbXsrv_client_global.tdb. It's basically a race with serverid_exists()
and a process that doesn't cleanly teardown.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15200
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
commit 8c8d8cf01e01c2726d03fa1c81e0ce9992ee736c
Author: Stefan Metzmacher
Date: Wed Oct 12 14:15:53 2022 +0200
smbXsrv_client: make sure we only wait for smb2srv_client_mc_negprot_filter
once and only when needed
This will simplify the following changes...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15200
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
commit 56c597bc2b29dc3e555f737ba189f521d0e31e8c
Author: Stefan Metzmacher
Date: Wed Oct 12 13:54:41 2022 +0200
smbXsrv_client: call smb2srv_client_connection_{pass,drop}() before
dbwrap_watched_watch_send()
dbwrap_watched_watch_send() should typically be the last thing to call
before the db record is unlocked, as it's not that easy to undo.
In future we want to recover from smb2srv_client_connection_{pass,drop}()
returning NT_STATUS_OBJECT_NAME_NOT_FOUND and it would add
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via cc397175cb9 vfs_glusterfs: Simplify SMB_VFS_FDOPENDIR implementation
via 7af4bfe8285 vfs_glusterfs: Add path based fallback mechanism for
SMB_VFS_FGETXATTR
via 6a6bd1a0530 vfs_glusterfs: Do not use glfs_fgetxattr() for
SMB_VFS_GET_REAL_FILENAME_AT
via 8cbd9e63724 vfs_glusterfs: Simplify SMB_VFS_GET_REAL_FILENAME_AT
implementation
from 0bf8d136769 docs-xml: some fixes to acl parameter documentation
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit cc397175cb9a1b06f268ecf6b3d62f621947cbba
Author: Anoop C S
Date: Tue Oct 11 23:02:48 2022 +0530
vfs_glusterfs: Simplify SMB_VFS_FDOPENDIR implementation
It was unnecessary to construct full directory path as "dir/." which is
same as "dir". We could just directly use fsp->fsp_name->base_name and
return directory stream obtained from glfs_opendir().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15198
Signed-off-by: Anoop C S
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Wed Oct 12 12:48:50 UTC 2022 on sn-devel-184
commit 7af4bfe8285714c137b6347b17305c9cd0702bdd
Author: Anoop C S
Date: Mon Oct 10 20:29:13 2022 +0530
vfs_glusterfs: Add path based fallback mechanism for SMB_VFS_FGETXATTR
Fallback mechanism was missing in vfs_gluster_fgetxattr() for path based
call. Therefore adding a similar mechanism as seen with other calls like
vfs_gluster_fsetxattr, vfs_gluster_flistxattr etc.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15198
Signed-off-by: Anoop C S
Reviewed-by: Ralph Boehme
commit 6a6bd1a0530424def64d2d462b54e4c1f4f9bebb
Author: Anoop C S
Date: Tue Oct 11 23:27:37 2022 +0530
vfs_glusterfs: Do not use glfs_fgetxattr() for SMB_VFS_GET_REAL_FILENAME_AT
glfs_fgetxattr() or generally fgetxattr() will return EBADF as dirfsp
here is a pathref fsp. GlusterFS client log had following entries
indicating the error:
W [MSGID: 114031] [client-rpc-fops_v2.c:993:client4_0_fgetxattr_cbk] \
0-vol-client-0: remote operation failed. [{errno=9}, {error=Bad file
descriptor}]
Therefore use glfs_getxattr() only for implementing get_real_filename_at
logic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15198
Signed-off-by: Anoop C S
Reviewed-by: Ralph Boehme
commit 8cbd9e63724d80c06565d0c90bd107166dfd9bbe
Author: Anoop C S
Date: Tue Oct 11 23:25:46 2022 +0530
vfs_glusterfs: Simplify SMB_VFS_GET_REAL_FILENAME_AT implementation
It was unnecessary to construct full directory path as "dir/." which is
same as "dir". We could just directly use dirfsp->fsp_name->base_name
for glfs_getxattr() and return the result.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15198
Signed-off-by: Anoop C S
Reviewed-by: Ralph Boehme
---
Summary of changes:
source3/modules/vfs_glusterfs.c | 89 ++---
1 file changed, 21 insertions(+), 68 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c
index 4284d7dea1d..4b309de1377 100644
--- a/source3/modules/vfs_glusterfs.c
+++ b/source3/modules/vfs_glusterfs.c
@@ -627,38 +627,12 @@ static DIR *vfs_gluster_fdopendir(struct
vfs_handle_struct *handle,
uint32_t attributes)
{
glfs_fd_t *glfd = NULL;
- struct smb_filename *full_fname = NULL;
- struct smb_filename *smb_fname_dot = NULL;
-
- smb_fname_dot = synthetic_smb_fname(fsp->fsp_name,
- ".",
- NULL,
- NULL,
- 0,
- 0);
-
- if (smb_fname_dot == NULL) {
- return NULL;
- }
-
- full_fname = full_path_from_dirfsp_atname(talloc_tos(),
- fsp,
- smb_fname_dot);
- if (full_fname == NULL) {
- TALLOC_FREE(smb_fname_dot);
- return NULL;
- }
- glfd = glfs_opendir(handle->data, full_fname->base_name);
+ glfd = glfs_opendir(handle->data, fsp->fsp_name->base_name);
if (glfd == NULL) {
- TALLOC_FREE(full_fname);
- TALLOC_FREE(smb_fname_dot);
return NULL;
}
- TALLOC_FREE(full_fname);
- TALLOC_FREE(smb_fname_dot);
-
return (DIR *)glfd;
}
@@ -2267,12 +2241,6 @@ static NTSTATUS vfs_gluster_get_real_filenam
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 9a8bc67f4a5 vfs_glusterfs: Remove special handling of O_CREAT flag
from 3ad0fa69255 pyldb: Fix typos in function names
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 9a8bc67f4a5e4afecd648523f43a8e97584fcfd0
Author: Anoop C S
Date: Mon Oct 3 15:36:13 2022 +0530
vfs_glusterfs: Remove special handling of O_CREAT flag
Special handling of O_CREAT flag in SMB_VFS_OPENAT code path was the
only option to ensure correctness due to a bug in libgfapi as detailed
in issue #3838[1] from GlusterFS upstream. This has been fixed recently
so that O_CREAT is handled correctly within glfs_openat() enbaling us to
remove the corresponding special case from vfs_gluster_openat().
[1] https://github.com/gluster/glusterfs/issues/3838
Signed-off-by: Anoop C S
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Thu Oct 6 08:34:56 UTC 2022 on sn-devel-184
---
Summary of changes:
source3/modules/vfs_glusterfs.c | 78 -
1 file changed, 30 insertions(+), 48 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c
index 33f941aaca9..4284d7dea1d 100644
--- a/source3/modules/vfs_glusterfs.c
+++ b/source3/modules/vfs_glusterfs.c
@@ -825,61 +825,43 @@ static int vfs_gluster_openat(struct vfs_handle_struct
*handle,
became_root = true;
}
- /*
-* O_CREAT flag in open is handled differently in a way which is *NOT*
-* safe against symlink race situations. We use glfs_creat() instead
-* for correctness as glfs_openat() is broken with O_CREAT present
-* in open flags.
-*/
- if (flags & O_CREAT) {
- if (fsp_get_pathref_fd(dirfsp) != AT_FDCWD) {
- /*
-* Replace smb_fname with full_path constructed above.
-*/
- smb_fname = full_fname;
+ if (fsp_get_pathref_fd(dirfsp) != AT_FDCWD) {
+#ifdef HAVE_GFAPI_VER_7_11
+ /*
+* Fetch Gluster fd for parent directory using dirfsp
+* before calling glfs_openat();
+*/
+ pglfd = vfs_gluster_fetch_glfd(handle, dirfsp);
+ if (pglfd == NULL) {
+ END_PROFILE(syscall_openat);
+ DBG_ERR("Failed to fetch gluster fd\n");
+ return -1;
}
+ glfd = glfs_openat(pglfd,
+ smb_fname->base_name,
+ flags,
+ how->mode);
+#else
+ /*
+* Replace smb_fname with full_path constructed above.
+*/
+ smb_fname = full_fname;
+#endif
+ }
+
+ if (pglfd == NULL) {
/*
* smb_fname can either be a full_path or the same one
* as received from the caller. In the latter case we
* are operating at current working directory.
*/
- glfd = glfs_creat(handle->data,
- smb_fname->base_name,
- flags,
- how->mode);
- } else {
- if (fsp_get_pathref_fd(dirfsp) != AT_FDCWD) {
-#ifdef HAVE_GFAPI_VER_7_11
- /*
-* Fetch Gluster fd for parent directory using dirfsp
-* before calling glfs_openat();
-*/
- pglfd = vfs_gluster_fetch_glfd(handle, dirfsp);
- if (pglfd == NULL) {
- END_PROFILE(syscall_openat);
- DBG_ERR("Failed to fetch gluster fd\n");
- return -1;
- }
-
- glfd = glfs_openat(pglfd,
- smb_fname->base_name,
- flags,
- how->mode);
-#else
- /*
-* Replace smb_fname with full_path constructed above.
-*/
- smb_fname = full_fname;
-#endif
- }
-
- if (pglfd == NULL) {
- /*
-* smb_fname can either be a full_path or the same one
-* as received from the caller. In the latter case we
-* are operating at current working directory.
-
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 3a37e4155c3 smbd: Catch streams on non-stream shares
via 201e1969bf3 smbd: return NT_STATUS_OBJECT_NAME_INVALID if a share
doesn't support streams
via 3dcdab86f13 smbtorture: add a test trying to create a stream on
share without streams support
from a5156649d58 tests: Test basic handling of SMB2_CREATE_TAG_POSIX
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 3a37e4155c3cd82388652f89b611f2c46fee8525
Author: Volker Lendecke
Date: Fri Sep 2 11:46:53 2022 +0200
smbd: Catch streams on non-stream shares
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15161
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Fri Sep 2 15:56:56 UTC 2022 on sn-devel-184
commit 201e1969bf31af07e8bd52876ff7f4d72b48a848
Author: Ralph Boehme
Date: Fri Sep 2 12:09:53 2022 +0200
smbd: return NT_STATUS_OBJECT_NAME_INVALID if a share doesn't support
streams
This is what a Windows server returns. Tested with a share residing on a FAT
formatted drive, a Windows filesystem that doesn't support streams.
Combinations tested:
file::$DATA
file:stream
file:stream:$DATA
All three fail with NT_STATUS_OBJECT_NAME_INVALID.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15161
Signed-off-by: Ralph Boehme
Reviewed-by: Volker Lendecke
commit 3dcdab86f13fabb7a8c6ce71c59a565287d11244
Author: Ralph Boehme
Date: Thu Sep 1 18:55:23 2022 +0200
smbtorture: add a test trying to create a stream on share without streams
support
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15161
Signed-off-by: Ralph Boehme
Reviewed-by: Volker Lendecke
---
Summary of changes:
source3/selftest/tests.py | 2 ++
source3/smbd/filename.c | 6 ++
source3/smbd/files.c | 10 +++--
source3/smbd/open.c | 2 +-
source4/selftest/tests.py | 1 +
source4/torture/smb2/create.c | 48 +++
source4/torture/smb2/smb2.c | 1 +
7 files changed, 67 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 25f8fa56c58..82f24dbdfab 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -1097,6 +1097,8 @@ for t in tests:
elif t == "smb2.twrp":
# This is being driven by samba3.blackbox.shadow_copy_torture
pass
+elif t == "smb2.create_no_streams":
+plansmbtorture4testsuite(t, "fileserver",
'//$SERVER_IP/nfs4acl_simple_40 -U$USERNAME%$PASSWORD')
elif t == "rpc.wkssvc":
plansmbtorture4testsuite(t, "ad_member", '//$SERVER/tmp
-U$DC_USERNAME%$DC_PASSWORD')
elif t == "rpc.srvsvc":
diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
index ca94b7ec7f9..0be8e320ffa 100644
--- a/source3/smbd/filename.c
+++ b/source3/smbd/filename.c
@@ -1120,6 +1120,12 @@ static NTSTATUS filename_convert_dirfsp_nosymlink(
goto fail;
}
+ if ((streamname != NULL) &&
+ ((conn->fs_capabilities & FILE_NAMED_STREAMS) == 0)) {
+ status = NT_STATUS_OBJECT_NAME_INVALID;
+ goto fail;
+ }
+
if (!posix) {
bool name_has_wild = ms_has_wild(dirname);
name_has_wild |= ms_has_wild(fname_rel);
diff --git a/source3/smbd/files.c b/source3/smbd/files.c
index 095a01723b1..e7c83505328 100644
--- a/source3/smbd/files.c
+++ b/source3/smbd/files.c
@@ -565,8 +565,14 @@ NTSTATUS openat_pathref_fsp(const struct files_struct
*dirfsp,
return NT_STATUS_OK;
}
- if (!(conn->fs_capabilities & FILE_NAMED_STREAMS) ||
- !is_named_stream(smb_fname)) {
+ if (is_named_stream(smb_fname) &&
+ ((conn->fs_capabilities & FILE_NAMED_STREAMS) == 0)) {
+ DBG_DEBUG("stream open [%s] on non-stream share\n",
+ smb_fname_str_dbg(smb_fname));
+ return NT_STATUS_OBJECT_NAME_INVALID;
+ }
+
+ if (!is_named_stream(smb_fname)) {
/*
* openat_pathref_fullname() will make "full_fname" a
* talloc child of the smb_fname->fsp. Don't use
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index db0cb47d34d..d443a0291f9 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -6316,7 +6316,7
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via a5156649d58 tests: Test basic handling of SMB2_CREATE_TAG_POSIX
via eaaa7425b56 smbd: Handle SMB2_CREATE_TAG_POSIX at the smb2 layer
via 95657d40f08 smbd: Introduce helper var in
smbd_smb2_create_fetch_create_ctx()
via cb0381ddc69 pylibsmb: Add create_ex()
via 68ba30215da pylibsmb: Add smb2 create tag strings
via 51f99b7f191 tests: Test invalid smb3 unix negotiate contexts
via b833431b5ca pylibsmb: Allow passing negotiate contexts
via 5d95de0637c libsmb: Allow smb2 neg ctx in
cli_full_connection_creds_send()
via 887facd3738 tests: Add smb3 posix negotiate tests
via 0f75963cf4c param: Add "smb3 unix extensions"
via 0bd31c71ab1 pylibsmb: Add "have_posix" function
via b9eff7b90c5 pylibsmb: Allow requesting Posix extensions
via 2711521b5f6 libsmb: Allow to request SMB311 posix in source3/libsmb
via ae5dc52d236 smbXcli: Detect the SMB311 posix negotiate context
via d7e928794e4 smbd: Convert store_smb2_posix_info() to use an
existing blob
via efc81874ef3 smbd: Convert smb2_posix_cc_info() to use an existing
blob
via 43811868d1d smbd: Introduce "conn" helper var in
smbd_smb2_create_after_exec()
from 1788b59bc0a s3/winbindd: Fix bad access to sid array (with debug
level >= info)
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit a5156649d58df07f58e479076ea8a0b41b450ea4
Author: Volker Lendecke
Date: Wed Aug 31 12:38:23 2022 +0200
tests: Test basic handling of SMB2_CREATE_TAG_POSIX
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Fri Sep 2 14:31:25 UTC 2022 on sn-devel-184
commit eaaa7425b563c6fa88210ff23d5c5d7f0d46b9f5
Author: Volker Lendecke
Date: Thu Sep 1 12:17:44 2022 +0200
smbd: Handle SMB2_CREATE_TAG_POSIX at the smb2 layer
We're not doing anything with this yet, this is just to provide a test
counterpart. Protected by -DDEVELOPER and "smb3 unix extensions = yes"
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Boehme
commit 95657d40f08a7fc7468690b86e8b49333e9eabc3
Author: Volker Lendecke
Date: Wed Aug 31 15:37:03 2022 +0200
smbd: Introduce helper var in smbd_smb2_create_fetch_create_ctx()
xconn will be used in another place soon
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Boehme
commit cb0381ddc692efdff7dd1d7007e161628b8132af
Author: Volker Lendecke
Date: Mon Aug 29 17:02:25 2022 +0200
pylibsmb: Add create_ex()
This is an extension of the create() function allowing smb2 create
contexts to be passed back and forth and also returning the
smb_create_returns. A new function seemed necessary for me because we
need to return not just the fnum. So I chose a 3-tuple, see the test
for an example how to use this.
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Boehme
commit 68ba30215da2623edd0bdb6b92e576d616cee0f3
Author: Volker Lendecke
Date: Wed Aug 31 11:37:54 2022 +0200
pylibsmb: Add smb2 create tag strings
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Boehme
commit 51f99b7f191b18c4aabc632e4e32bfa8fc8a3ee7
Author: Volker Lendecke
Date: Fri Aug 26 16:29:32 2022 +0200
tests: Test invalid smb3 unix negotiate contexts
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Boehme
commit b833431b5ca40d6c6b9a46f93a625aff02415113
Author: Volker Lendecke
Date: Fri Aug 26 15:38:04 2022 +0200
pylibsmb: Allow passing negotiate contexts
Pass in a list of tuples with (type, bytes)
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Boehme
commit 5d95de0637cbf978ba9603e4074ccd3ce37fba9b
Author: Volker Lendecke
Date: Fri Aug 26 14:17:26 2022 +0200
libsmb: Allow smb2 neg ctx in cli_full_connection_creds_send()
Will be used to test smb3 posix contexts
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Boehme
commit 887facd37384ba932a93393e135cf82af66cb058
Author: Volker Lendecke
Date: Fri Aug 26 14:00:28 2022 +0200
tests: Add smb3 posix negotiate tests
Make sure we do and don't announce posix depending on "smb3 unix
extensions" parameter
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Boehme
commit 0f75963cf4c3b0d1b67ce7fc9513c0b578ec86f6
Author: Volker Lendecke
Date: Thu Aug 25 16:42:37 2022 +0200
param: Add "smb3 unix extensions"
Only available in DEVELOPER builds. Adding now to get some testing
step by step done.
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Boehme
commit 0bd31c71ab114930dcfa220faa1f03dbd4e7c059
Author: Volker Lendecke
Date: Thu Aug 25 16:28:04 2022 +02
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via f99fb9aa120 python:tests: Allocate OID range for testing to avoid
collisions
via 672ec6135f9 schema_samba4.ldif: Allocate previously added OIDs
from 6d493a9d568 smbd: implement access checks for SMB2-GETINFO as per
MS-SMB2 3.3.5.20.1
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit f99fb9aa120c5a7d499bff717b812d81ddd7e9f1
Author: Joseph Sutton
Date: Thu Aug 25 20:21:01 2022 +1200
python:tests: Allocate OID range for testing to avoid collisions
sid_strings.py used the same OID range as ldap_schema.py, which
occasionally led to test failures when the same OID was generated twice.
Using a different range, and making use of the expected RID if we have
it, should reduce the likelihood of collisions.
Signed-off-by: Joseph Sutton
Reviewed-by: Douglas Bagnall
Reviewed-by: Stefan Metzmacher
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Thu Aug 25 13:55:47 UTC 2022 on sn-devel-184
commit 672ec6135f9ae3d7b5439523a4f456c19fb03a88
Author: Joseph Sutton
Date: Thu Aug 25 20:15:33 2022 +1200
schema_samba4.ldif: Allocate previously added OIDs
DSDB_CONTROL_FORCE_ALLOW_VALIDATED_DNS_HOSTNAME_SPN_WRITE_OID was added
to source4/dsdb/samdb/samdb.h in commit
c2ab1f4696fa3f52918a126d0b37993a07f68bcb.
DSDB_EXTENDED_SCHEMA_LOAD was added in commit
1fd4cdfafaa6a41c824d1b3d76635bf3e446de0f.
Signed-off-by: Joseph Sutton
Reviewed-by: Douglas Bagnall
Reviewed-by: Stefan Metzmacher
---
Summary of changes:
python/samba/tests/sid_strings.py | 8 +++-
source4/setup/schema_samba4.ldif | 3 +++
2 files changed, 10 insertions(+), 1 deletion(-)
Changeset truncated at 500 lines:
diff --git a/python/samba/tests/sid_strings.py
b/python/samba/tests/sid_strings.py
index ece35c12bfc..71b7756d235 100644
--- a/python/samba/tests/sid_strings.py
+++ b/python/samba/tests/sid_strings.py
@@ -88,11 +88,17 @@ class SidStringTests(TestCase):
class_dn = f'CN={class_name},{self.schema_dn}'
+governs_id = f'1.3.6.1.4.1.7165.4.6.2.9.{random_suffix}'
+if expected_sid is not None:
+# Append the RID to our OID to ensure more uniqueness.
+rid = expected_sid.rsplit('-', 1)[1]
+governs_id += f'.{rid}'
+
ldif = f'''
dn: {class_dn}
objectClass: classSchema
cn: {class_name}
-governsId: 1.3.6.1.4.1.7165.4.6.2.6.3.{random_suffix}
+governsId: {governs_id}
subClassOf: top
possSuperiors: domainDNS
defaultSecurityDescriptor: O:{code}
diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif
index a31b67750d4..d3a1f1c9ad7 100644
--- a/source4/setup/schema_samba4.ldif
+++ b/source4/setup/schema_samba4.ldif
@@ -32,6 +32,7 @@
## 1.3.6.1.4.1.7165.4.6.2.6.x - ldap_schema.py
## 1.3.6.1.4.1.7165.4.6.2.7.x - dsdb_schema_info.py
## 1.3.6.1.4.1.7165.4.6.2.8.x - getnc_schema.py
+## 1.3.6.1.4.1.7165.4.6.2.9.x - sid_strings.py
## 1.3.6.1.4.1.7165.4.255.x - mapped OIDs due to conflicts between AD and
standards-track
#
@@ -231,6 +232,7 @@
#Allocated: DSDB_CONTROL_INVALID_NOT_IMPLEMENTED 1.3.6.1.4.1.7165.4.3.32
#Allocated: DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID 1.3.6.1.4.1.7165.4.3.33
#Allocated: DSDB_CONTROL_TRANSACTION_IDENTIFIER_OID 1.3.6.1.4.1.7165.4.3.34
+#Allocated: DSDB_CONTROL_FORCE_ALLOW_VALIDATED_DNS_HOSTNAME_SPN_WRITE_OID
1.3.6.1.4.1.7165.4.3.35
# Extended 1.3.6.1.4.1.7165.4.4.x
@@ -243,6 +245,7 @@
#Allocated: DSDB_EXTENDED_SEC_DESC_PROPAGATION_OID 1.3.6.1.4.1.7165.4.4.7
#Allocated: DSDB_EXTENDED_CREATE_OWN_RID_SET 1.3.6.1.4.1.7165.4.4.8
#Allocated: DSDB_EXTENDED_ALLOCATE_RID 1.3.6.1.4.1.7165.4.4.9
+#Allocated: DSDB_EXTENDED_SCHEMA_LOAD 1.3.6.1.4.1.7165.4.4.10
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 6d493a9d568 smbd: implement access checks for SMB2-GETINFO as per
MS-SMB2 3.3.5.20.1
via 9b2d2815710 smbtorture: check required access for SMB2-GETINFO
via 66e40690bdd s4/libcli/smb2: avoid using
smb2_composite_setpathinfo() in smb2_util_setatr()
from 339e78f2075 gitlab-ci: Add a shellcheck runner
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 6d493a9d568c08cfe5242821ccbd5a5ee1fe5284
Author: Ralph Boehme
Date: Sun Aug 14 18:46:24 2022 +0200
smbd: implement access checks for SMB2-GETINFO as per MS-SMB2 3.3.5.20.1
The spec lists the following as requiring special access:
- for requiring FILE_READ_ATTRIBUTES:
FileBasicInformation
FileAllInformation
FileNetworkOpenInformation
FileAttributeTagInformation
- for requiring FILE_READ_EA:
FileFullEaInformation
All other infolevels are unrestricted.
We ignore the IPC related infolevels:
FilePipeInformation
FilePipeLocalInformation
FilePipeRemoteInformation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15153
RN: Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1
Signed-off-by: Ralph Boehme
Reviewed-by: Stefan Metzmacher
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Tue Aug 23 12:54:08 UTC 2022 on sn-devel-184
commit 9b2d28157107602fcbe659664cf9ca25f08bb30b
Author: Ralph Boehme
Date: Fri Aug 19 17:29:55 2022 +0200
smbtorture: check required access for SMB2-GETINFO
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15153
Signed-off-by: Ralph Boehme
Reviewed-by: Stefan Metzmacher
commit 66e40690bdd41800a01333ce4243bd62ee2b1894
Author: Ralph Boehme
Date: Sun Aug 14 18:51:30 2022 +0200
s4/libcli/smb2: avoid using smb2_composite_setpathinfo() in
smb2_util_setatr()
smb2_composite_setpathinfo() uses SEC_FLAG_MAXIMUM_ALLOWED which can
have unwanted side effects like breaking oplocks if the effective access
includes [READ|WRITE]_DATA.
For changing the DOS attributes we only need SEC_FILE_WRITE_ATTRIBUTE. With
this
change test_smb2_oplock_batch25() doesn't trigger an oplock break anymore.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15153
Signed-off-by: Ralph Boehme
Reviewed-by: Stefan Metzmacher
---
Summary of changes:
selftest/knownfail | 3 +-
source3/smbd/smb2_getinfo.c| 28
source4/libcli/smb2/util.c | 37 +--
source4/torture/smb2/getinfo.c | 147 +
source4/torture/smb2/oplock.c | 10 +--
5 files changed, 208 insertions(+), 17 deletions(-)
Changeset truncated at 500 lines:
diff --git a/selftest/knownfail b/selftest/knownfail
index 0b4c5a44a7f..82dd7e1e8b4 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -176,6 +176,7 @@
^samba4.smb2.oplock.stream1 # samba 4 oplocks are a mess
^samba4.smb2.oplock.statopen1\(ad_dc_ntvfs\)$ # fails with ACCESS_DENIED on a
SYNCHRONIZE_ACCESS open
^samba4.smb2.getinfo.complex # streams on directories does not work
+^samba4.smb2.getinfo.getinfo_access\(ad_dc_ntvfs\) # Access checks not
implemented
^samba4.smb2.getinfo.qfs_buffercheck # S4 does not do the
INFO_LENGTH_MISMATCH/BUFFER_OVERFLOW thingy
^samba4.smb2.getinfo.qfile_buffercheck # S4 does not do the
INFO_LENGTH_MISMATCH/BUFFER_OVERFLOW thingy
^samba4.smb2.getinfo.qsec_buffercheck # S4 does not do the BUFFER_TOO_SMALL
thingy
@@ -207,10 +208,8 @@
^samba3.smb2.oplock.stream1
^samba3.smb2.streams.rename
^samba3.smb2.streams.rename2
-^samba3.smb2.streams.attributes1\(.*\)
^samba3.smb2.streams streams_xattr.rename\(nt4_dc\)
^samba3.smb2.streams streams_xattr.rename2\(nt4_dc\)
-^samba3.smb2.streams streams_xattr.attributes1\(nt4_dc\)
^samba3.smb2.getinfo.complex
^samba3.smb2.getinfo.fsinfo # quotas don't work yet
^samba3.smb2.setinfo.setinfo
diff --git a/source3/smbd/smb2_getinfo.c b/source3/smbd/smb2_getinfo.c
index 0320dcc5fde..23322e7b85f 100644
--- a/source3/smbd/smb2_getinfo.c
+++ b/source3/smbd/smb2_getinfo.c
@@ -303,6 +303,34 @@ static struct tevent_req
*smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx,
ZERO_STRUCT(write_time_ts);
+ /*
+* MS-SMB2 3.3.5.20.1 "Handling SMB2_0_INFO_FILE"
+*
+* FileBasicInformation, FileAllInformation,
+* FileNetworkOpenInformation, FileAttributeTagInformation
+* require FILE_READ_ATTRIBUTES.
+*
+* FileFullEaInformation requires FILE_READ_EA.
+*/
+ switch (in_file_info_class) {
+ case FSCC_FILE_BASIC_INFORMATION:
+ case FSCC_FILE_ALL_I
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 766151bf5b7 lib:replace: Only include on non-Linux
systems
via 9459f85511a Revert "lib:replace: Remove from
filesys.h"
from 3aecd6e7b50 ctdb-common: CID 1507498: Control flow issues (DEADCODE)
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 766151bf5b7ef95ae4c8c98b8994e5c21c5bbec0
Author: Andreas Schneider
Date: Tue Aug 2 07:55:46 2022 +0200
lib:replace: Only include on non-Linux systems
Details at:
https://sourceware.org/glibc/wiki/Release/2.36#Usage_of_.3Clinux.2Fmount.h.3E_and_.3Csys.2Fmount.h.3E
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15132
Signed-off-by: Andreas Schneider
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Tue Aug 2 11:05:14 UTC 2022 on sn-devel-184
commit 9459f85511a11d9a159fc8c7bb3c2d781555f87d
Author: Andreas Schneider
Date: Tue Aug 2 07:55:11 2022 +0200
Revert "lib:replace: Remove from filesys.h"
This reverts commit 7a6bd2279897ed389d10f09e5b315a7bca96e7d4.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15132
Signed-off-by: Andreas Schneider
Reviewed-by: Ralph Boehme
---
Summary of changes:
lib/replace/system/filesys.h | 6 ++
lib/replace/wscript | 3 +++
2 files changed, 9 insertions(+)
Changeset truncated at 500 lines:
diff --git a/lib/replace/system/filesys.h b/lib/replace/system/filesys.h
index 190c6b90f93..bb9482c69af 100644
--- a/lib/replace/system/filesys.h
+++ b/lib/replace/system/filesys.h
@@ -36,10 +36,16 @@
#include
#endif
+/* This include is required on UNIX (*BSD, AIX, ...) for statfs() */
+#if !defined(LINUX) && defined(HAVE_SYS_MOUNT_H)
+#include
+#endif
+
#ifdef HAVE_MNTENT_H
#include
#endif
+/* This include is required on Linux for statfs() */
#ifdef HAVE_SYS_VFS_H
#include
#endif
diff --git a/lib/replace/wscript b/lib/replace/wscript
index 4c774d9f0c3..dd9b19219a1 100644
--- a/lib/replace/wscript
+++ b/lib/replace/wscript
@@ -31,6 +31,9 @@ def configure(conf):
conf.env.standalone_replace = conf.IN_LAUNCH_DIR()
+if sys.platform.rfind('linux') > -1:
+conf.DEFINE('LINUX', '1')
+
conf.DEFINE('BOOL_DEFINED', 1)
conf.DEFINE('HAVE_LIBREPLACE', 1)
conf.DEFINE('LIBREPLACE_NETWORK_CHECKS', 1)
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
imelimit=60" \
--option="torture:nprocs=256"
From some like this:
open[num/s=8800,avslat=0.021445,minlat=0.95,maxlat=0.179786]
close[num/s=8800,avslat=0.021658,minlat=0.44,maxlat=0.179819]
to:
open[num/s=10223,avslat=0.017922,minlat=0.83,maxlat=0.106759]
close[num/s=10223,avslat=0.017694,minlat=0.40,maxlat=0.107345]
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher
Reviewed-by: Jeremy Allison
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Tue Jul 26 14:32:35 UTC 2022 on sn-devel-184
commit 9d9991166322477781f20372ffd7c19d1632276c
Author: Stefan Metzmacher
Date: Sun Jun 26 12:57:06 2022 +
s3:dbwrap_watch: only notify the first waiter
In case of a highly contended record we will have a lot of watchers,
which will all race to get g_lock_lock() to finish.
If g_lock_unlock() wakes them all, e.g. 250 of them, we get a thundering
herd, were 249 will only find that one of them as able to get the lock
and re-add their watcher entry (not unlikely in a different order).
With this commit we only wake the first watcher and let it remove
itself once it no longer wants to monitor the record content
(at that time it will wake the new first watcher).
It means the woken watcher doesn't have to race with all others
and also means order of watchers is kept, which means that we
most likely get a fair latency distribution for all watchers.
The following test with 256 commections all looping with open/close
on the same inode (share root) is improved drastically:
smbtorture //127.0.0.1/m -Uroot%test
smb2.create.bench-path-contention-shared \
--option='torture:bench_path=' \
--option="torture:timelimit=60" \
--option="torture:nprocs=256"
From some like this:
open[num/s=80,avslat=2.793862,minlat=0.004097,maxlat=46.597053]
close[num/s=80,avslat=2.387326,minlat=0.023875,maxlat=50.878165]
to:
open[num/s=8800,avslat=0.021445,minlat=0.95,maxlat=0.179786]
close[num/s=8800,avslat=0.021658,minlat=0.44,maxlat=0.179819]
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher
Reviewed-by: Jeremy Allison
Reviewed-by: Ralph Boehme
commit 6e701d02ee2d0fc304157395c451d3b972128cfc
Author: Stefan Metzmacher
Date: Tue Jul 5 16:05:15 2022 +0200
s3:smbXsrv_session: only change the dbwrap_watch instance when the record
has changed
This will become important in the following commits when the
dbwrap_watch layer will only wake up one watcher at a time
and each woken watcher will wakeup the next one.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
commit 98269bd5f31a2521b756e0a20fba82e9122582f7
Author: Stefan Metzmacher
Date: Mon Jul 25 22:28:27 2022 +0200
s3:smbXsrv_session: introduce smb2srv_session_close_previous_cleanup()
This makes sure we cleanup the locked record in all cases.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
commit 67af3586d989be9d6a8fe7e7789250451b03f2bb
Author: Stefan Metzmacher
Date: Tue Jul 5 16:04:09 2022 +0200
s3:smbXsrv_client: only change the dbwrap_watch instance when the record
has changed
This will become important in the following commits when the
dbwrap_watch layer will only wake up one watcher at a time
and each woken watcher will wakeup the next one.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
commit e33143099b37a4d79a1cd45ca43a5a5d9d63b261
Author: Stefan Metzmacher
Date: Sun Jun 26 16:16:38 2022 +
s3:g_lock: try to keep the watch instance during g_lock_watch_data()
Unless the unique_lock_epoch changes via g_lock_lock()/g_lock_unlock()
we try to keep our existing watch instance alive while waiting
for unique_data_epoch to change.
This will become important in the following commits when the
dbwrap_watch layer will only wake up one watcher at a time
and each woken watcher will wakeup the next one. Without this
commit we would trigger an endless loop as none of the watchers
will ever change unique_data_epoch.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
commit 20f3fd021911a118228815cb32d436069b0273d1
Author: Stefan Metzmacher
Date: Sun Jun 26 16:16:38 2022 +
s3:g_lock: remember an unique_lock_epoch similar to unique_data_epoch
It changes with every
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 8ff2fe33bda smbd: Userspace symlink eval in
filename_convert_dirfsp()
via 9fc4659215a smbd: Take care of @GMT in SMB1's reply_ntcreate_and_X()
via 7bb8af3f74c vfs_error_inject: Ignore openat() from
openat_pathref_dirfsp_nosymlink()
via d6fcae23f47 smbd: Add openat_pathref_dirfsp_nosymlink()
via 9826da77b90 smbd: Make get_real_filename_at public
via 87f0e8b smbd: Some more assert in fd_openat()
via f292b1ae002 smbd: Simplify open_stream_pathref_fsp()
via 348f19d35b3 smbd: open_stream_pathref_fsp() does not need a dirfsp
via 52ecf98688d smbd: Simplify openat_pathref_fullname()
via afe1b94b230 smbd: Open openat_pathref_fullname() for streams
via 45168bffe02 smbd: Hand full_fname from openat_pathref_nostream()
via 37fd029e6ff smbd: A stream open does not need O_NOFOLLOW
via 8420f62c01a smbd: Simplify openat_pathref_fsp()
via 7295377a41c smbd: Simplify non_widelink_open()
via c267c9839eb VFS: NULL dirfsp for openat on stream opens
via 0c8d55ed899 vfs_shadow_copy2: Don't reference dirfsp for streams
via dd5e10d6013 smbd: Make fsp_attach_smb_fname() talloc_move() the
name to the fsp
via d67c7c091fe smbd: Update fsp->fsp_flags.is_directory in
vfs_stat_fsp()
via 217e7c162c2 libcli: Modernize a few DEBUG statements
via d2e5c9c96be test3: Fix a debug message
via 5c702e03f52 smbd: Factor out extract_snapshot_token() from
canonicalize_snapshot_path()
via b5c17b79364 smbd: Simplify canonicalize_snapshot_path()
via 53f9b32a95b smbd: Don't create a fsp->base_fsp for a "::$DATA"
stream
via 08f4ee6cabb torture3: Fix an error check in torture_delete_fn()
via 3fc5f9f409e registry3: Align an integer type
via 138fdfaa40e registry3: Align function types to what is returned
via 1d02c462f01 lib: Simplify canonicalize_absolute_path()
via e2d30fd5b76 lib: Remove a few #include "includes.h"
via b4a3c22acd5 smbd: Avoid a "? True : False"
via 58d7b76a0ac smbd: Open up openat_internal_dir_from_pathref() for
general dirs
from 930426db02e lib: On FreeBSD util_paths.c does not find struct stat
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 8ff2fe33bdad605a2abfb5f3fac28b32f3211b96
Author: Volker Lendecke
Date: Thu Jul 14 19:47:23 2022 +0200
smbd: Userspace symlink eval in filename_convert_dirfsp()
This converts filename_convert_dirfsp to do symlink evaluation in user
space. It uses openat_pathref_dirfsp_nosymlink() to open the dirpath
and looks at the proper NT_STATUS_STOPPED_ON_SYMLINK response. Using
this avoids filename_convert() and thus unix_convert() completely for
the SMB2_CREATE case.
The tests
samba3.blackbox.smbclient_s3.NT1.plain.Recursive ls across MS-DFS links
now correctly stop the symlink lookup recursion with
NT_STATUS_OBJECT_PATH_NOT_FOUND. Previously we did not correcly pass up the
ELOOP coming back from the stat-call.
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Mon Jul 25 12:56:08 UTC 2022 on sn-devel-184
commit 9fc4659215ac6586003d43c1552e79915093fb58
Author: Volker Lendecke
Date: Tue Jul 12 17:48:25 2022 +0200
smbd: Take care of @GMT in SMB1's reply_ntcreate_and_X()
Next we want to avoid filename_convert() to take care of this. The
SMB2 code has a proper TWRP token anyway, so let's push the
@GMT-handling to the SMB1 code that will be converted to
filename_convert_dirfsp().
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Boehme
commit 7bb8af3f74cb6a2e3a9836bb36bbad5e1d1e6a6d
Author: Volker Lendecke
Date: Sun Jul 24 16:47:37 2022 +0200
vfs_error_inject: Ignore openat() from openat_pathref_dirfsp_nosymlink()
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Boehme
commit d6fcae23f4757d3684862c45ff43155613060ae4
Author: Volker Lendecke
Date: Thu Jul 14 19:44:04 2022 +0200
smbd: Add openat_pathref_dirfsp_nosymlink()
This does a step-by-step path resolution for a directory by splitting
up the path into individual components and does a loop like that
for component in components:
fd = openat(dirfd, component, O_NOFOLLOW);
close(dirfd);
dirfd = fd
and it will report any symlink it finds in a way that will be
indirectly consumable for the smb2 symlink error response.
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Boehme
commit 9826da77b90a4b4d93c0d8e89ad3821c30cc8571
Author: Volker Lendecke
Date: Thu Jul 14 19:37:30 2022 +0200
smbd: Make get_real_filename_at public
We'l
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3d95220a571 Add a .clang-format file from 4c12840e42b testprogs: Reformat common_test_fns.inc https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3d95220a5710731a32a6678ad2878ef6af94b9bb Author: Andreas Schneider Date: Tue Jul 19 15:38:27 2022 +0200 Add a .clang-format file How to use: Install 'git-format-clang' which is part of the clang suite (Fedora: git-clang-format, openSUSE: clang-tools). Now do your changes and stage them with `git add`. Once they are staged format the code using `git clang-format` before you commit. Now the formatting changed can be viewed with `git diff` against the staged changes. Signed-off-by: Andreas Schneider Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Jul 20 18:23:49 UTC 2022 on sn-devel-184 --- Summary of changes: .clang-format| 26 ++ README.Coding.md | 20 2 files changed, 34 insertions(+), 12 deletions(-) create mode 100644 .clang-format Changeset truncated at 500 lines: diff --git a/.clang-format b/.clang-format new file mode 100644 index 000..5385807bc1c --- /dev/null +++ b/.clang-format @@ -0,0 +1,26 @@ +# https://clang.llvm.org/docs/ClangFormatStyleOptions.html +BasedOnStyle: LLVM +IndentWidth: 8 +ContinuationIndentWidth: 8 +UseTab: true +BreakBeforeBraces: Custom +BraceWrapping: +AfterEnum: false +AfterFunction: true +AfterStruct: false +AfterUnion: false +AfterExternBlock: true +BeforeElse: false +BeforeWhile: false +AllowShortIfStatementsOnASingleLine: false +ColumnLimit: 80 +IndentCaseLabels: false +AlignAfterOpenBracket: Align +BinPackParameters: false +BinPackArguments: false +AllowAllParametersOfDeclarationOnNextLine: false +AllowAllArgumentsOnNextLine: false +AllowShortFunctionsOnASingleLine: Empty +AlwaysBreakAfterReturnType: None +AlignEscapedNewlines: Left +SortIncludes: false diff --git a/README.Coding.md b/README.Coding.md index b87580f5f85..09a13283e05 100644 --- a/README.Coding.md +++ b/README.Coding.md @@ -88,20 +88,16 @@ displaying trailing whitespace: autocmd BufNewFile,BufRead *.c,*.h exec 'match Todo /\%>' . . 'v.\+/' ``` -### clang-format +### How to use clang-format -``` -BasedOnStyle: LLVM -IndentWidth: 8 -UseTab: true -BreakBeforeBraces: Linux -AllowShortIfStatementsOnASingleLine: false -IndentCaseLabels: false -BinPackParameters: false -BinPackArguments: false -SortIncludes: false -``` +Install 'git-format-clang' which is part of the clang suite (Fedora: +git-clang-format, openSUSE: clang-tools). + +Now do your changes and stage them with `git add`. Once they are staged +format the code using `git clang-format` before you commit. +Now the formatting changed can be viewed with `git diff` against the +staged changes. ## FAQ & Statement Reference -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 130283cbae0 s3:winbind: Add additional debug level check to
wb_xids2sids_recv()
via 934bc0c5835 s3:winbind: Fix pointer access in wb_xids2sids_recv()
via e824ee6b5ae s3:winbind: Add additional debug level check to
wb_lookupusergroups_recv()
via 450b8da8345 s3:winbind: Fix pointer access in
wb_lookupusergroups_recv()
from b17cae66e75 s3:winbind: Change max_users, num_users from int to
uint32_t in winbindd_getpwent_state
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 130283cbae0f894cd335875ba10d92ea249259d0
Author: Andreas Schneider
Date: Mon Jul 18 13:28:50 2022 +0200
s3:winbind: Add additional debug level check to wb_xids2sids_recv()
Signed-off-by: Andreas Schneider
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Mon Jul 18 14:44:07 UTC 2022 on sn-devel-184
commit 934bc0c583534884d1d56e3538c27b5102b869e7
Author: Andreas Schneider
Date: Mon Jul 18 09:20:22 2022 +0200
s3:winbind: Fix pointer access in wb_xids2sids_recv()
CID 1507348
CID 1507349
Signed-off-by: Andreas Schneider
Reviewed-by: Ralph Boehme
Reviewed-by: Ralph Boehme
commit e824ee6b5aed6fb5b1d251598e0357aacb2b143c
Author: Andreas Schneider
Date: Mon Jul 18 13:26:58 2022 +0200
s3:winbind: Add additional debug level check to wb_lookupusergroups_recv()
Signed-off-by: Andreas Schneider
Reviewed-by: Ralph Boehme
commit 450b8da8345303b6b4458e412cfd9e6f5cd5d132
Author: Andreas Schneider
Date: Mon Jul 18 09:18:59 2022 +0200
s3:winbind: Fix pointer access in wb_lookupusergroups_recv()
Fixes CID 1507350
Signed-off-by: Andreas Schneider
Reviewed-by: Ralph Boehme
Reviewed-by: Ralph Boehme
---
Summary of changes:
source3/winbindd/wb_lookupusergroups.c | 8 +---
source3/winbindd/wb_xids2sids.c| 14 --
2 files changed, 13 insertions(+), 9 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/wb_lookupusergroups.c
b/source3/winbindd/wb_lookupusergroups.c
index 3ec25b49393..c4ac1be8078 100644
--- a/source3/winbindd/wb_lookupusergroups.c
+++ b/source3/winbindd/wb_lookupusergroups.c
@@ -109,9 +109,11 @@ NTSTATUS wb_lookupusergroups_recv(struct tevent_req *req,
TALLOC_CTX *mem_ctx,
D_INFO("WB command lookupusergroups end.\nReceived %u SID(s).\n",
*num_sids);
- for (i = 0; i < *num_sids; i++) {
- struct dom_sid_buf buf;
- D_INFO("%u: %s\n", i, dom_sid_str_buf(&*sids[i], ));
+ if (CHECK_DEBUGLVL(DBGLVL_INFO)) {
+ for (i = 0; i < *num_sids; i++) {
+ struct dom_sid_buf buf;
+ D_INFO("%u: %s\n", i, dom_sid_str_buf(&((*sids)[i]),
));
+ }
}
return NT_STATUS_OK;
}
diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c
index 17e612b7368..c873cc2443b 100644
--- a/source3/winbindd/wb_xids2sids.c
+++ b/source3/winbindd/wb_xids2sids.c
@@ -404,12 +404,14 @@ NTSTATUS wb_xids2sids_recv(struct tevent_req *req,
TALLOC_CTX *mem_ctx,
}
*sids = talloc_move(mem_ctx, >sids);
- for (i = 0; i < state->num_xids; i++) {
- struct dom_sid_buf buf;
- D_INFO("%lu: XID %u mapped to SID %s\n",
- i,
- state->xids[i].id,
- dom_sid_str_buf(&*sids[i], ));
+ if (CHECK_DEBUGLVL(DBGLVL_INFO)) {
+ for (i = 0; i < state->num_xids; i++) {
+ struct dom_sid_buf buf;
+ D_INFO("%lu: XID %u mapped to SID %s\n",
+ i,
+ state->xids[i].id,
+ dom_sid_str_buf(&((*sids)[i]), ));
+ }
}
return NT_STATUS_OK;
}
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 2ec93ac6f34 smbd: follow-up fix for "if close fails just log it,
don't crash"
from c4c086ecc00 s4:utils: Reformat shell scripts
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 2ec93ac6f34fda745912be648148f79d2a2b0671
Author: Ralph Boehme
Date: Fri Jul 8 17:08:05 2022 +0200
smbd: follow-up fix for "if close fails just log it, don't crash"
Signed-off-by: Ralph Boehme
Reviewed-by: Björn Baumbach
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Sat Jul 9 09:04:46 UTC 2022 on sn-devel-184
---
Summary of changes:
source3/smbd/files.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/files.c b/source3/smbd/files.c
index 45cc7ffd79f..b56130f4f04 100644
--- a/source3/smbd/files.c
+++ b/source3/smbd/files.c
@@ -424,7 +424,7 @@ static int smb_fname_fsp_destructor(struct smb_filename
*smb_fname)
fsp_set_base_fsp(fsp, NULL);
status = fd_close(tmp_base_fsp);
- if (NT_STATUS_IS_OK(status)) {
+ if (!NT_STATUS_IS_OK(status)) {
DBG_ERR("Closing fd for fsp [%s] failed: %s. "
"Please check your filesystem!!!\n",
fsp_str_dbg(fsp), nt_errstr(status));
@@ -433,7 +433,7 @@ static int smb_fname_fsp_destructor(struct smb_filename
*smb_fname)
}
status = fd_close(fsp);
- if (NT_STATUS_IS_OK(status)) {
+ if (!NT_STATUS_IS_OK(status)) {
DBG_ERR("Closing fd for fsp [%s] failed: %s. "
"Please check your filesystem!!!\n",
fsp_str_dbg(fsp), nt_errstr(status));
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4f5faa806e8 docs-xml:manpages: update vfs_fileid.8.xml for the recent changes via a63087f527e s3:vfs_fileid: add 'fileid:nolock_all_inodes = BOOL' via dc478f4897f s3:vfs_fileid: add 'fileid:nolock_all_dirs = BOOL' via d0d9732acd3 s3:vfs_fileid: introduce 'fileid:nolock_paths' via c040b811eb2 s3:vfs_fileid: introduce 'fileid:nolock_max_slots' via f99b617c0c0 s3:vfs_fileid: also imply the generic nolock logic to the legacy 'hostname' algorithm via 48403b0ebba s3:vfs_fileid: also handle 'fsname_nodirs' via fileid_is_nolock_inode() via 72419736bda s3:vfs_fileid: always add the 'nolock' behavior via file_id.extid via a1882538299 s3:vfs_fileid: introduce algorithm 'next_module' via 2668700f1e8 s3:vfs_fileid: maintain an array of nolock inodes via 3ec4dddb54c s3:vfs_fileid: move to a single mapping_fn() returning struct file_id via 2dfb334f8cb s4:torture/smb2: add smb2.bench.path-contention-shared via 090c46a5473 s4:torture/smb2: rename 'smb2.bench-oplock' to 'smb2.bench.oplock' from 96a649efd8d s3: libads: Fix coverity false positive. https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4f5faa806e8cdb1c979ca4fd71e04504eeb53cb0 Author: Stefan Metzmacher Date: Tue Jun 28 16:25:46 2022 + docs-xml:manpages: update vfs_fileid.8.xml for the recent changes Signed-off-by: Stefan Metzmacher Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Tue Jul 5 16:01:10 UTC 2022 on sn-devel-184 commit a63087f527eceeba1def358435dc3e5fb8059b26 Author: Stefan Metzmacher Date: Wed Jun 29 17:50:08 2022 +0200 s3:vfs_fileid: add 'fileid:nolock_all_inodes = BOOL' This adds the feature of the 'hostname' algorithm, but provides it for all algorithms, including 'next_module'. This can be used to deliberately break lock coherency, but keep the devid/inode pair untouched, as this will only alter file_id.extid: vfs objects = fileid fileid:algorithm = next_module fileid:nolock_all_inodes = yes This should be preferred unless someone is already using the 'hostname' algorithm. Note this is only for testing (or read only shares if at all...) Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit dc478f4897fe5b8b1ca941f44d1b025a3130ae0a Author: Stefan Metzmacher Date: Wed Jun 29 17:50:08 2022 +0200 s3:vfs_fileid: add 'fileid:nolock_all_dirs = BOOL' This adds the feature of the 'fsname_nodirs' algorithm, but provides it for all algorithms, including 'next_module'. This can be used to deliberately break lock coherency, but keep the devid/inode pair untouched, e.g. vfs objects = fileid fileid:algorithm = next_module fileid:nolock_all_dirs = yes Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit d0d9732acd3dff2511f5a9c0a80aba372b6255e2 Author: Stefan Metzmacher Date: Wed Jun 29 17:14:22 2022 +0200 s3:vfs_fileid: introduce 'fileid:nolock_paths' This brings much more flexibility compared to: - 'fsname_norootdir', 'fsname_norootdir_ext', which only allow the nolock behavior for the share root - 'fileid:nolockinode', which only gets a single inode number, and ignores the devide id completely. You can specify path names, which are relative to the shareroot or absolute. These names are only evaluated at SMB_VFS_CONNECT() time, where they are converted into devide and inode pairs. It means they are completely ignored if the path doesn't exist yet, or is replaced by a new inode later. This allows: - 'fileid:algorithm = fsname_norootdir' to be replaced by: 'fileid:algorithm = fsname' (the default) 'fileid:nolock_paths = .' - 'fileid:algorithm = fsname_norootdir_ext' to be replaced by: 'fileid:algorithm = fsname' (the default) 'fileid:nolock_paths = .' 'fileid:nolock_max_slots = 18446744073709551615' And 'fileid:nolockinode = 1234567' and be replaced by 'fileid:nolock_paths = Very/Contended/Path' or 'fileid:nolock_paths = . Very/Contended/Path1 /data/conteded.dir', if the share root and two additional inodes should be handled by the 'nolock' behavior. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit c040b811eb2b866184cde18145b4a14f249792c9 Author: Stefan Metzmacher Date: Wed Jun 29 17:09:51 2022 +0200 s3:vfs_fileid: introduce 'fileid:nolock_max_slots' This controlls the maximum number of concurrent locking slots on each host. It specifies the maximal number of locking.tdb records for a single inode. It can be used to deliberately break lock coherency
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via fe7daae8c46 s3: smbd: Allow a durable handle on a leased stat-open.
via bb329d4de50 s4: torture: Add a new test -
samba3.smb2.durable-open.stat-open.
from 07081d03da2 script/autobuild.py: allow to run from within git
rebase -i
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit fe7daae8c4692b99ff08d4e3e48034d59ddee245
Author: Jeremy Allison
Date: Wed Apr 27 14:08:13 2022 -0700
s3: smbd: Allow a durable handle on a leased stat-open.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15042
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Fri Apr 29 15:50:21 UTC 2022 on sn-devel-184
commit bb329d4de505d2c01ba45a06311c9dc6d87f8dec
Author: Jeremy Allison
Date: Wed Apr 27 12:50:59 2022 -0700
s4: torture: Add a new test - samba3.smb2.durable-open.stat-open.
Passes against Windows. Shows that Windows allows a durable handle
on a leased open for READ_ATTRUBUTES only (a stat open).
Mark as knownfail for now.
NB. Not sure why we are testing smb2.durable-open against ad_dc
as that provisioning has "smb2 leases = no" which precludes
granting durable handles. Not changing for this bug but this
should be looked at in future.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15042
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
---
Summary of changes:
selftest/knownfail | 1 +
source3/smbd/durable.c | 4 ---
source4/torture/smb2/durable_open.c | 63 +
3 files changed, 64 insertions(+), 4 deletions(-)
Changeset truncated at 500 lines:
diff --git a/selftest/knownfail b/selftest/knownfail
index 99c8768485b..173286a96a0 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -194,6 +194,7 @@
^samba3.smb2.durable-open.delete_on_close2
^samba3.smb2.durable-v2-open.app-instance
^samba3.smb2.durable-open.reopen1a-lease\(ad_dc\)$
+^samba3.smb2.durable-open.stat-open\(ad_dc\)$
^samba3.smb2.durable-v2-open.reopen1a-lease\(ad_dc\)$
^samba4.smb2.ioctl.req_resume_key\(ad_dc_ntvfs\) # not supported by s4 ntvfs
server
^samba4.smb2.ioctl.req_two_resume_keys\(ad_dc_ntvfs\) # not supported by s4
ntvfs server
diff --git a/source3/smbd/durable.c b/source3/smbd/durable.c
index e5dc86a5a7d..838a5ddef05 100644
--- a/source3/smbd/durable.c
+++ b/source3/smbd/durable.c
@@ -75,10 +75,6 @@ NTSTATUS vfs_default_durable_cookie(struct files_struct *fsp,
return NT_STATUS_NOT_SUPPORTED;
}
- if (fsp_get_io_fd(fsp) == -1) {
- return NT_STATUS_NOT_SUPPORTED;
- }
-
if (fsp_is_alternate_stream(fsp)) {
/*
* We do not support durable handles
diff --git a/source4/torture/smb2/durable_open.c
b/source4/torture/smb2/durable_open.c
index 3d78a35d92c..9cd4d88af39 100644
--- a/source4/torture/smb2/durable_open.c
+++ b/source4/torture/smb2/durable_open.c
@@ -2751,6 +2751,67 @@ done:
return ret;
}
+/**
+ * durable stat open with lease.
+ */
+static bool test_durable_open_stat_open(struct torture_context *tctx,
+ struct smb2_tree *tree)
+{
+ TALLOC_CTX *mem_ctx = talloc_new(tctx);
+ struct smb2_create io;
+ struct smb2_handle _h;
+ struct smb2_handle *h = NULL;
+ struct smb2_lease ls;
+ NTSTATUS status;
+ char fname[256];
+ bool ret = true;
+ uint64_t lease;
+
+ snprintf(fname, 256, "durable_open_stat_open_%s.dat",
+generate_random_str(mem_ctx, 8));
+
+ /* Ensure file doesn't exist. */
+ smb2_util_unlink(tree, fname);
+
+ /* Create a normal file. */
+ smb2_oplock_create(, fname, SMB2_OPLOCK_LEVEL_NONE);
+ status = smb2_create(tree, mem_ctx, );
+ CHECK_STATUS(status, NT_STATUS_OK);
+ _h = io.out.file.handle;
+ h = &_h;
+ CHECK_CREATED(, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+ /* Close. */
+ smb2_util_close(tree, *h);
+ h = NULL;
+
+ /* Now try a leased, durable handle stat open. */
+ lease = random();
+ /* Create with lease */
+ smb2_lease_create(,
+ ,
+ false /* dir */,
+ fname,
+ lease,
+ smb2_util_lease_state("RH"));
+ io.in.durable_open = true;
+ io.in.desired_access = SEC_FILE_READ_ATTRIBUTE;
+ io.in.create_disposition = NTCREATEX_DISP_OPEN;
+
+ status = smb2_create(tree, mem_ctx, );
+ CHECK_STATUS(status, NT_STATUS_OK);
+ CHECK_CREATED(, EXISTED, FILE_ATT
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 922261d77ae smbd: Use filename_convert_dirfsp() in smbd_smb2_create_send() via 5efa2ddde32 smbd: Use filename_convert_dirfsp() in reply_ntcreate_and_X() via fde4363f589 smbd: Add filename_convert_dirfsp() via 29fa2f51c36 smbd: Only create an artificial dirfsp when necessary via c1a3104a2ab smbd: Pass dirfsp to create_file_unixpath() via eb3c47ac330 CI: use native Python functions to detect system and release via 6086a73f4e5 Revert "vfs: remove dirfsp arg from SMB_VFS_CREATE_FILE()" via de9986fb9b7 vfs: Remove name-based SMB_VFS_GET_REAL_FILENAME() via 89bffa149dd smbd: Use SMB_VFS_GET_REAL_FILENAME_AT() in dptr_ReadDirName() via 2c05ebe9736 vfs: Implement snapper_gmt_get_real_filename_at() via 2e1d2083f54 vfs: Implement shadow_copy2_get_real_filename_at() via b21cd4c8d21 vfs: Implement vfs_gpfs_get_real_filename_at() via 5aca0056abf vfs: Implement vfs_gluster_get_real_filename_at() via ba6f7cfe805 vfs: Implement vfs_gluster_fuse_get_real_filename_at() via cf60c51dc0d vfs: Implement ceph_snap_gmt_get_real_filename_at() via c4d4fa68d61 smbd: Add get_real_filename_at() via dcdc2585095 smbd: Introduce get_real_filename_full_scan_at() via 973212e8c11 smbd: Add OpenDir_from_pathref via df29512b72f smbd: Add openat_internal_dir_from_pathref() via 02f6130c907 vfs: Add SMB_VFS_GET_REAL_FILENAME_AT via 804a19ca5d6 smbd: Pass up stat-info from openat_pathref_fsp() on error from 03d0dd2651c vfs_gpfs: Ignore pathref fds for gpfs:recalls check https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 922261d77ae9190aada81e97ce8a41c5306acd9c Author: Volker Lendecke Date: Fri Apr 8 13:27:39 2022 +0200 smbd: Use filename_convert_dirfsp() in smbd_smb2_create_send() Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Thu Apr 28 14:02:53 UTC 2022 on sn-devel-184 commit 5efa2ddde3231b389111b57e99b0ccff338ac609 Author: Volker Lendecke Date: Fri Apr 8 13:27:20 2022 +0200 smbd: Use filename_convert_dirfsp() in reply_ntcreate_and_X() Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit fde4363f589d5ac47aba5ad63e964d42006565d5 Author: Volker Lendecke Date: Wed Dec 8 07:08:10 2021 +0100 smbd: Add filename_convert_dirfsp() As part of the filename_convert() process, keep a pathref dirfsp of the containing directory for later use. This avoids having to do another non_widelink_open() on every SMB2_CREATE and ntcreate in later patches. Future work will be to go through other filename_convert() calls and make them use filename_convert_dirfsp(). If we manage to convert all of them except the one in filename_convert_dirfsp() itself, we can simplify filename_convert() and unix_convert() significantly. Too large a patch, but I don't know how to split this up into smaller logic pieces. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 29fa2f51c367bce871262e4b53617567d2fe67fb Author: Volker Lendecke Date: Fri Apr 8 13:10:15 2022 +0200 smbd: Only create an artificial dirfsp when necessary parent_pathref() is expensive, and we should avoid it if possible. Not effective at this point, we always pass in NULL, but will be used soon. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit c1a3104a2ab2ea29059b1aa5b4515d1f39e276ad Author: Volker Lendecke Date: Thu Apr 7 11:50:52 2022 +0200 smbd: Pass dirfsp to create_file_unixpath() Will be used soon. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit eb3c47ac3301ef533086e41e980d7f0b15cf530c Author: Ralph Boehme Date: Wed Mar 2 16:10:28 2022 +0100 CI: use native Python functions to detect system and release This ensures we detect the runtime system and release, not the ones when Samba was build. It's necessary to detect the correct kernel version we're running on because for kernels before 5.3.1 O_PATH opens unnecessarily broke kernel oplocks, which breaks our tests. And in gitlab it can happen that we build on kernels after 5.3.1 and later run on older kernels. In this situation we can't run kernel oplock tests. Signed-off-by: Ralph Boehme Reviewed-by: Ralph Boehme commit 6086a73f4e50fc12db1155e52f026a4ca0f8fc40 Author: Volker Lendecke Date: Tue Nov 23 12:29:17 2021 +0100 Revert "vfs: remove dirfsp arg from SMB_VFS_CREATE_FILE()" This reverts commit 322574834f1e71bc01f21be9059ca4d386517c84. Not strictly a revert anymore, but for future work we do need "dirfsp" i
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 03d0dd2651c vfs_gpfs: Ignore pathref fds for gpfs:recalls check
from eed6869da75 smbd: Slightly simplify call_trans2qpipeinfo()
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 03d0dd2651c9e6552d6c3d9513810e581339ac08
Author: Christof Schmitt
Date: Wed Apr 27 15:37:18 2022 -0700
vfs_gpfs: Ignore pathref fds for gpfs:recalls check
Setting gpfs:recalls=no should prevent data access to offline files.
Since Samba 4.14, the VFS openat function is also called with O_PATH to
get a reference to the path. These accesses should not be blocked,
otherwise this would prevent offline files from being included in
directory listings.
Fix this by skipping the check for pathref fds.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15055
Signed-off-by: Christof Schmitt
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Thu Apr 28 07:59:47 UTC 2022 on sn-devel-184
---
Summary of changes:
source3/modules/vfs_gpfs.c | 1 +
1 file changed, 1 insertion(+)
Changeset truncated at 500 lines:
diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c
index 5c2b2c3705e..0f31896b724 100644
--- a/source3/modules/vfs_gpfs.c
+++ b/source3/modules/vfs_gpfs.c
@@ -2335,6 +2335,7 @@ static int vfs_gpfs_openat(struct vfs_handle_struct
*handle,
return -1);
if (config->hsm && !config->recalls &&
+ !fsp->fsp_flags.is_pathref &&
vfs_gpfs_fsp_is_offline(handle, fsp))
{
DBG_DEBUG("Refusing access to offline file %s\n",
--
Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 68710e6 NEWS[SambaXP2022]: shorten snip from fb768a2 NEWS[SambaXP2022]: SambaXP 2022 https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 68710e6407204028b308aed8be49b9862fdcd0a7 Author: Ralph Boehme Date: Thu Apr 7 10:55:48 2022 +0200 NEWS[SambaXP2022]: shorten snip --- Summary of changes: posted_news/20220407-081336.SambaXP2022.snip.html | 16 1 file changed, 16 deletions(-) Changeset truncated at 500 lines: diff --git a/posted_news/20220407-081336.SambaXP2022.snip.html b/posted_news/20220407-081336.SambaXP2022.snip.html index 3b203d4..b8f91a7 100644 --- a/posted_news/20220407-081336.SambaXP2022.snip.html +++ b/posted_news/20220407-081336.SambaXP2022.snip.html @@ -4,21 +4,5 @@ Agenda for sambaXP 2022 published â get your ticket now! - -The program for the 21st sambaXP from May 31 to June 2, 2022 is -set. The Orga Committee has published the schedule for the event on -the conference page -at https://sambaxp.org;>https://sambaxp.org. Tickets, -which are free of charge, are also available there - please register -to get all relevant information for participation. The agenda is -filled with exciting talks for developers and users. Special thanks go -to this year's sponsors Google, Microsoft and SerNet. - - -sambaXP will again be held purely virtually in 2022 in order to allow -as many people as possible worldwide to participate. For this reason - -and to take into account the different time zones - the presentations -will each start at 3 pm (CEST). - (Read more) -- Samba Website Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via fb768a2 NEWS[SambaXP2022]: SambaXP 2022 from 0f75f0b add sdc logo and link in box_beyond_samba.html https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit fb768a2776efe54f22f0ec54c1836d988aa2a51e Author: Ralph Boehme Date: Thu Apr 7 10:21:39 2022 +0200 NEWS[SambaXP2022]: SambaXP 2022 Signed-off-by: Ralph Boehme --- Summary of changes: posted_news/20220407-081336.SambaXP2022.body.html | 36 ++ .../20220407-081336.SambaXP2022.headline.html | 3 ++ posted_news/20220407-081336.SambaXP2022.snip.html | 24 +++ 3 files changed, 63 insertions(+) create mode 100644 posted_news/20220407-081336.SambaXP2022.body.html create mode 100644 posted_news/20220407-081336.SambaXP2022.headline.html create mode 100644 posted_news/20220407-081336.SambaXP2022.snip.html Changeset truncated at 500 lines: diff --git a/posted_news/20220407-081336.SambaXP2022.body.html b/posted_news/20220407-081336.SambaXP2022.body.html new file mode 100644 index 000..8255c38 --- /dev/null +++ b/posted_news/20220407-081336.SambaXP2022.body.html @@ -0,0 +1,36 @@ + +07 April 2022 +SambaXP 2022 + +Agenda for sambaXP 2022 published â get your ticket now! + + +The program for the 21st sambaXP from May 31 to June 2, 2022 is +set. The Orga Committee has published the schedule for the event on +the conference page +at https://sambaxp.org;>https://sambaxp.org. Tickets, +which are free of charge, are also available there - please register +to get all relevant information for participation. The agenda is +filled with exciting talks for developers and users. Special thanks go +to this year's sponsors Google, Microsoft and SerNet. + + +sambaXP will again be held purely virtually in 2022 in order to allow +as many people as possible worldwide to participate. For this reason - +and to take into account the different time zones - the presentations +will each start at 3 pm (CEST). + + + +The kick-off on May 31 belongs again to the traditional samba workshop +by Stefan Kania. His tutorial (3 pm to 9:30 pm CEST) will cover the +topics Setting up GPOs with Samba and Disaster recovery of an +Active Directory at once. The actual conference will be opened by +Jeremy Allison, chairman of sambaXP, and Ralph Böhme (team leader of +SerNet's Samba team) on June 1st from 3 pm. + + +Detailed abstracts on all presentations can be found at +https://sambaxp.org;>https://sambaxp.org. + + diff --git a/posted_news/20220407-081336.SambaXP2022.headline.html b/posted_news/20220407-081336.SambaXP2022.headline.html new file mode 100644 index 000..ed27f63 --- /dev/null +++ b/posted_news/20220407-081336.SambaXP2022.headline.html @@ -0,0 +1,3 @@ + + 07 April 2022 SambaXP 2022 + diff --git a/posted_news/20220407-081336.SambaXP2022.snip.html b/posted_news/20220407-081336.SambaXP2022.snip.html new file mode 100644 index 000..3b203d4 --- /dev/null +++ b/posted_news/20220407-081336.SambaXP2022.snip.html @@ -0,0 +1,24 @@ + +07 April 2022 +SambaXP 2022 + +Agenda for sambaXP 2022 published â get your ticket now! + + +The program for the 21st sambaXP from May 31 to June 2, 2022 is +set. The Orga Committee has published the schedule for the event on +the conference page +at https://sambaxp.org;>https://sambaxp.org. Tickets, +which are free of charge, are also available there - please register +to get all relevant information for participation. The agenda is +filled with exciting talks for developers and users. Special thanks go +to this year's sponsors Google, Microsoft and SerNet. + + +sambaXP will again be held purely virtually in 2022 in order to allow +as many people as possible worldwide to participate. For this reason - +and to take into account the different time zones - the presentations +will each start at 3 pm (CEST). + +(Read more) + -- Samba Website Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 06bfac2125d s3: smbd: Preserve the fsp->fsp_name->st buf across a
MSG_SMB_FILE_RENAME message.
via 5e1aa469ae6 s3: smbd: Preserve the fsp->fsp_name->st bufs across
rename_open_files()
via 1301e646139 s4: torture: Add test_smb2_close_full_information()
test to smb2.rename.
via 4725ef5c963 s4: torture: Add CHECK_CREATED macro to smb2/rename.c.
Not yet used.
via e862a2d9ec4 s4: torture: Add CHECK_VAL macro to smb2/rename.c. Not
yet used.
via e01c5992b06 s3: tests.py: Only run smb2.rename against fileserver.
from f7f65ceb46d s4:dsdb/descriptor: skip duplicates in
descriptor_sd_propagation_object()
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 06bfac2125da5e4d37a596d1213912f0c698e69e
Author: Jeremy Allison
Date: Mon Mar 28 18:39:55 2022 -0700
s3: smbd: Preserve the fsp->fsp_name->st buf across a MSG_SMB_FILE_RENAME
message.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Wed Mar 30 15:07:09 UTC 2022 on sn-devel-184
commit 5e1aa469ae61af0442f432e0a2e3bf8c8709616a
Author: Jeremy Allison
Date: Mon Mar 28 18:42:18 2022 -0700
s3: smbd: Preserve the fsp->fsp_name->st bufs across rename_open_files()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
commit 1301e6461393601a4d43cfc465a05114e6ae4662
Author: Jeremy Allison
Date: Mon Mar 28 18:25:54 2022 -0700
s4: torture: Add test_smb2_close_full_information() test to smb2.rename.
Creates a file, opens it again on two different connections
and then renames it. When we close and ask for
SMB2_CLOSE_FLAGS_FULL_INFORMATION
we expect this to succeed and return valid data on the handles that did not
do
the rename request.
This currently succeeds by accident on master, so we are not
adding a knownfail.d/ file here. When we back-port this test
to 4.16.next, 4.15.next we will add a knownfail.d file.
The rename request zeros out the fsp->fsp_name->st field on the handles
that are open but are not being renamed, marking them as INVALID_STAT.
This should not happen on any open handle. Fix to follow will
preserve the field on rename in both the local connection and
different connection case.
Master gets away with this as in this branch, openat_pathref_fsp(),
which we use in the setup_close_full_information() call to fetch
the SMB2_CLOSE_FLAGS_FULL_INFORMATION data doesn't require an
existing VALID_STAT struct in order to open the file. This
hides the fact the rename zeroed out fsp->fsp_name->st.
4.16.x and 4.15.x don't have this fix, so expose the bug.
Regardless, even in master we should not zero out any
fsp->fsp_name->st values on rename.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
commit 4725ef5c96395dc2f48fab1160a3312d95e21416
Author: Jeremy Allison
Date: Mon Mar 28 18:24:27 2022 -0700
s4: torture: Add CHECK_CREATED macro to smb2/rename.c. Not yet used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
commit e862a2d9ec4e7bec1dd58490e9dee47d543b9154
Author: Jeremy Allison
Date: Mon Mar 28 18:23:05 2022 -0700
s4: torture: Add CHECK_VAL macro to smb2/rename.c. Not yet used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
commit e01c5992b061d8ed54645fff52a73418013340ab
Author: Jeremy Allison
Date: Mon Mar 28 18:09:20 2022 -0700
s3: tests.py: Only run smb2.rename against fileserver.
No need to run this against nt4_dc or ad_dc.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
---
Summary of changes:
source3/selftest/tests.py | 2 +
source3/smbd/open.c | 20 ++
source3/smbd/reply.c | 15 +
source4/torture/smb2/rename.c | 147 ++
4 files changed, 184 insertions(+)
Changeset truncated at 500 lines:
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 2bfb38fdfff..cae09571fe1 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -1017,6 +1017,8 @@ for t in tests:
plansmbtorture4testsuite("smb2.async_dosmode",
"simpleserver",
&
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 127f728d58e vfs_gpfs: Initialize litemask to 0
from 0bd4bc40f4a samba-tool: Check specified domain and realm against
our own
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 127f728d58e79a42f8826500e3b15c486e88e556
Author: Christof Schmitt
Date: Mon Mar 21 09:26:41 2022 -0700
vfs_gpfs: Initialize litemask to 0
The change from commit fb13c7c94f to query exact values for atime,
mtime, ctime and size is not necessary, as none of these are used in
this codepath. Initiale litemask to 0 instead.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15027
Signed-off-by: Christof Schmitt
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Mon Mar 28 09:10:58 UTC 2022 on sn-devel-184
---
Summary of changes:
source3/modules/vfs_gpfs.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c
index 004c74cd43a..5ef1f5f2e73 100644
--- a/source3/modules/vfs_gpfs.c
+++ b/source3/modules/vfs_gpfs.c
@@ -1482,7 +1482,7 @@ static NTSTATUS vfs_gpfs_fget_dos_attributes(struct
vfs_handle_struct *handle,
char buf[PATH_MAX];
const char *p = NULL;
struct gpfs_iattr64 iattr = { };
- unsigned int litemask = GPFS_SLITE_EXACT_BITS;
+ unsigned int litemask = 0;
struct timespec ts;
uint64_t file_id;
NTSTATUS status;
@@ -1988,7 +1988,7 @@ static int vfs_gpfs_check_pathref_fstat_x(struct
gpfs_config_data *config,
struct connection_struct *conn)
{
struct gpfs_iattr64 iattr = {0};
- unsigned int litemask = GPFS_SLITE_EXACT_BITS;
+ unsigned int litemask = 0;
int saved_errno;
int fd;
int ret;
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d8e966da1c8 smbd: Remove a few vfs_stat() calls via de439cd0304 smbd: Return ISLNK from non_widelink_open() in smb_fname via e7b933100ee smbd: Don't require a valid stat for openat_pathref_fsp() via 2bbdaca8da8 smbd: No need to set O_DIRECTORY in openat_pathref_fsp() via 4e70b754a9c smbd: Mark fsp as directory after calling fstat() via 93d2defa426 smbd: Always use O_NONBLOCK in openat_pathref_fsp() via e316f82bb73 smbd: Pass "dirfsp" and "smb_fname" to reopen_from_fsp() via 0fedcf5939a smbd: Pass dirfsp instead of fname to inherit_new_acl via 749c62ed2b2 smbd: Simplify dos_mode_from_name() with ISDOT()/ISDOTDOT() via 469a7ebf760 smbd: Simplify dos_mode_check_compressed() via 0e4cc565e67 smbd: get_acl_group_bits() needs a fsp, not a name via 8cee31c687f smbd: Fix a typo via 0dda30408fd smbd: Avoid an else via 7153c2c4454 smbd: Avoid two else statements via 1b304efef28 vfs: Format a comment via ed9ee7ed895 printing: Fix a DBG message via 0c05ea15822 smbd: Avoid some casts from 9b48e7f7eda third_party/heimdal: import lorikeet-heimdal-202203101710 (commit df8d801544144949931cd742169be1207b239c3d) https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d8e966da1c80f959ad65596e51cd66127014052b Author: Volker Lendecke Date: Thu Dec 30 16:58:58 2021 +0100 smbd: Remove a few vfs_stat() calls openat_pathref_fsp() does not need them anymore Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Mar 11 19:19:21 UTC 2022 on sn-devel-184 commit de439cd0304773c59ebd33ddeddf675dd611944c Author: Volker Lendecke Date: Sat Jan 8 10:08:16 2022 +0100 smbd: Return ISLNK from non_widelink_open() in smb_fname Soon we want to not require stat() calls before entering openat_pathref_fsp() anymore but rely on the fstat on the O_PATH file handle (alternatively the call to fstatat(AT_SYMLINK_NOFOLLOW)) done properly from within fd_openat(). The callers of non_widelink_open() expect the stat information to be correct in "smb_fname". Copy it in case of not opening a symlink in the posix case. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit e7b933100ee487ae19cd2b3938f58056dca2115a Author: Volker Lendecke Date: Thu Dec 30 16:49:45 2021 +0100 smbd: Don't require a valid stat for openat_pathref_fsp() With the simplifications in non_widelink_open() (don't depend on the is_directory fsp flag) the main reason for requiring a valid stat struct in openat_pathref_fsp() is gone. With this change openat_pathref_fsp() is now capable of being the very first (and authoritative) name-referencing operation with openat(O_PATH) for a name. Without having the stat information around before calling openat_pathref_fsp(), the call to check_same_dev_ino() becomes obsolete here. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 2bbdaca8da8a0f4d4ff6bb5d4a98470db223b265 Author: Volker Lendecke Date: Tue Mar 8 14:31:32 2022 +0100 smbd: No need to set O_DIRECTORY in openat_pathref_fsp() If I read Linux' man 2 open right (and susv4 agrees), O_DIRECTORY is around to make sure opendir() is not raced against non-directory files. opendir() needs to make sure the underlying object is actually a directory. O_DIRECTORY is not required for opening directories in RDONLY mode, regardless of having O_PATH or not. At this point in openat_pathref_fsp() we don't care about the type of the underlying object, we do fstat() and distinguish between files and directories later according to the mode returned from fstat(). Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 4e70b754a9cabb5d31d78e7d4a3f18028db07e99 Author: Volker Lendecke Date: Tue Mar 8 12:57:13 2022 +0100 smbd: Mark fsp as directory after calling fstat() Everything else is racy, and this is cheap to check. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 93d2defa42683cd151b7a11075396aa911dbf0ae Author: Volker Lendecke Date: Tue Mar 8 12:44:33 2022 +0100 smbd: Always use O_NONBLOCK in openat_pathref_fsp() There's no reason why we would ever want to block on open(O_PATH). The only cases that to me right now seem relevant is oplock breaks and FIFOs, which can block forever. Oplock breaks don't happen for O_PATH (hopefully...) but for the non-O_PATH case we don't want to block either but we do handle this higher up. We're handling EWOULDBLOCK for the oplock case correctly in open_file_ntcreate() by
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 3f977cd6f83 s3:lib: Fix possible 32-bit arithmetic overflow
from df7efdf0465 s3: smbd: Cleanup - Make rmdir_internals() use NTSTATUS
internally without depending on errno.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 3f977cd6f839fd904529f12ef2ee5caae88af0ab
Author: Pavel Filipenský
Date: Mon Feb 28 23:33:22 2022 +0100
s3:lib: Fix possible 32-bit arithmetic overflow
Reported by covscan.
Potentially overflowing expression "glue->gtimeout * 1000" with type "int"
(32 bits, signed) is evaluated using 32-bit arithmetic, and then used in
a context that expects an expression of type "uint64_t" (64 bits, unsigned).
Signed-off-by: Pavel Filipenský
Reviewed-by: Ralph Boehme
Reviewed-by: Jeremy Allison
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Sat Mar 5 08:04:28 UTC 2022 on sn-devel-184
---
Summary of changes:
source3/lib/tevent_glib_glue.c | 6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/lib/tevent_glib_glue.c b/source3/lib/tevent_glib_glue.c
index b83f2036d9a..1e1d62e585c 100644
--- a/source3/lib/tevent_glib_glue.c
+++ b/source3/lib/tevent_glib_glue.c
@@ -538,7 +538,6 @@ static bool get_glib_fds_and_timeout(struct
tevent_glib_glue *glue)
static bool tevent_glib_update_events(struct tevent_glib_glue *glue)
{
- uint64_t microsec;
struct timeval tv;
bool ok;
@@ -580,9 +579,8 @@ static bool tevent_glib_update_events(struct
tevent_glib_glue *glue)
return true;
}
- microsec = glue->gtimeout * 1000;
- tv = tevent_timeval_current_ofs(microsec / 100,
- microsec % 100);
+ tv = tevent_timeval_current_ofs(glue->gtimeout / 1000,
+ (glue->gtimeout % 1000) * 1000);
glue->timer = tevent_add_timer(glue->ev,
glue,
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via df7efdf0465 s3: smbd: Cleanup - Make rmdir_internals() use NTSTATUS internally without depending on errno. via 28522bb3771 s3: smbd: Cleanup - make recursive_rmdir() return a more expressive NTSTATUS not bool. via b3514a57e9b smbd: Make complex if-expression in file_set_dosmode() easier to read via ab692aa6e70 smbd: Fix indentation in rename_internals_fsp() via 5567d5bca29 smbd: Save a few lines in file_set_dosmode() with "goto done;" via 2976177005f smbd: Remove unused "lret" variable from file_set_dosmode() via f60ca2e2f35 smbd: Pass dirfsp instead of a parent filename to unix_mode via be6cc4cc23f smbd: Log close_file_free() failure in copy_internals() via fbb4bd365f1 smbd: Pass dirfsp instead of an fname to open_file() via fd1dca2d175 smbd: Inherit acl from an fsp instead of a fname via d1a0862327f smbd: Remove a deref forgotten in c2ac6a9cd7b from e25d6c89bef WHATSNEW: Bronze bit, S4U and RBDC support with MIT Kerberos 1.20 https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit df7efdf046504aa2392a53f8fd96de9c207f854c Author: Jeremy Allison Date: Thu Mar 3 09:49:15 2022 -0800 s3: smbd: Cleanup - Make rmdir_internals() use NTSTATUS internally without depending on errno. As we already need to return NTSTATUS, map errno to NTSTATUS directly at point of failure and don't depend on keeping it around. No change in client-visible behavior but makes rmdir_internals() easier to understand (for me at least). Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Mar 4 18:39:48 UTC 2022 on sn-devel-184 commit 28522bb3771245ae69d7c9e279214b1f8ad2c526 Author: Jeremy Allison Date: Thu Mar 3 09:34:45 2022 -0800 s3: smbd: Cleanup - make recursive_rmdir() return a more expressive NTSTATUS not bool. Next cleanup the internals of rmdir_internals() to do an early map of errno -> NTSTATUS to avoid mapping back and forth. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit b3514a57e9b9b35bc9983d997191c575eeebcf85 Author: Volker Lendecke Date: Fri Mar 4 08:39:01 2022 +0100 smbd: Make complex if-expression in file_set_dosmode() easier to read Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit ab692aa6e706a23722e1d3f538582d8394507adb Author: Volker Lendecke Date: Fri Mar 4 08:36:04 2022 +0100 smbd: Fix indentation in rename_internals_fsp() This one space character makes it more obvious where in the copmlex if-expression lp_store_dos_attributes() lives. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 5567d5bca2963534dcc4fb1728f83f18d42c9691 Author: Volker Lendecke Date: Thu Mar 3 21:49:47 2022 +0100 smbd: Save a few lines in file_set_dosmode() with "goto done;" Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 2976177005feff38f6ef6da1ae0733041849be2b Author: Volker Lendecke Date: Thu Mar 3 21:48:26 2022 +0100 smbd: Remove unused "lret" variable from file_set_dosmode() Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit f60ca2e2f35666583f2e8cd11cb507406bb17393 Author: Volker Lendecke Date: Thu Mar 3 11:52:12 2022 +0100 smbd: Pass dirfsp instead of a parent filename to unix_mode This converts a STAT (with potential symlink race problems) into an FSTAT on the O_PATH fd we have for the directory Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit be6cc4cc23f61d4c44796621daf726733f718a1a Author: Volker Lendecke Date: Thu Mar 3 20:13:25 2022 +0100 smbd: Log close_file_free() failure in copy_internals() Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit fbb4bd365f156fef89e96f7b79040443f0d70d0a Author: Volker Lendecke Date: Thu Mar 3 11:32:20 2022 +0100 smbd: Pass dirfsp instead of an fname to open_file() Moving slowly towards passing directory handles instead of names, representing the idea that we hold a O_PATH file descriptor on directories. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit fd1dca2d175291f2258f7963419b16ea3f5c4e31 Author: Volker Lendecke Date: Thu Mar 3 11:32:20 2022 +0100 smbd: Inherit acl from an fsp instead of a fname Moving slowly towards passing directory handles instead of names, representing the idea that we hold a O_PATH file descriptor on directories. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit d1a0862327f37f2edd1042b3b66c2e85234b1e94 Author: Volker Lendecke Date: Thu Mar 3 11:28:57 2022 +0100 sm
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 5030bba13ae samba-dcerpcd: Silence a DEBUG message via 1912a0d65cb smbd: We have the fsp available, use fsp_is_alternate_stream() via 118b63bb2c2 smbd: Fix a typo via 5204da2ac5a smbd: Convert get_real_filename_full_scan() to OpenDir_ntstatus() via f143eeae169 smbd: Initialize a pointer via 7e3c51ee431 vfs: walk_streams() returns NTSTATUS via 9027cc357a0 smbd: can_delete_directory_fsp() returns NTSTATUS via be201475167 smbd: Factor out OpenDir_ntstatus() via afd037df111 smbd: Make OpenDir_fsp() return NTSTATUS via 2cef24a5fa6 smbd: Initialize a pointer from a2590298b03 util: CID 1499409: Memory - corruptions (OVERLAPPING_COPY) https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5030bba13aee6dc5cc1507c063acf19e4e091cf2 Author: Volker Lendecke Date: Tue Feb 22 10:02:57 2022 +0100 samba-dcerpcd: Silence a DEBUG message This is not worth a debuglevel 1 message Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Tue Feb 22 10:16:44 UTC 2022 on sn-devel-184 commit 1912a0d65cb286ebf76c008bfbc9b0b60024859d Author: Volker Lendecke Date: Fri Feb 11 18:49:53 2022 +0100 smbd: We have the fsp available, use fsp_is_alternate_stream() Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 118b63bb2c2ed9d3d91eb6ab59f9d267adf5c954 Author: Volker Lendecke Date: Mon Feb 21 15:26:06 2022 +0100 smbd: Fix a typo Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 5204da2ac5ace4d62a8665544780453469b885fa Author: Volker Lendecke Date: Mon Feb 21 17:43:17 2022 +0100 smbd: Convert get_real_filename_full_scan() to OpenDir_ntstatus() Get us a better error message without going through the lossy errno. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit f143eeae1690dd0084789859d0898291fe6b75a8 Author: Volker Lendecke Date: Mon Feb 21 17:30:29 2022 +0100 smbd: Initialize a pointer Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 7e3c51ee431f5070f87f3596b11da1b7a1c19e9a Author: Volker Lendecke Date: Mon Feb 21 17:19:49 2022 +0100 vfs: walk_streams() returns NTSTATUS Don't go via errno Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 9027cc357a0db4fe08b3abc93ce2d7a9d729d815 Author: Volker Lendecke Date: Mon Feb 21 17:19:49 2022 +0100 smbd: can_delete_directory_fsp() returns NTSTATUS Don't go via errno Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit be201475167afaeb7824cbb40034b3dde4a182bb Author: Volker Lendecke Date: Mon Feb 21 17:17:24 2022 +0100 smbd: Factor out OpenDir_ntstatus() We might have callers interested in the exact NTSTATUS error code. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit afd037df202adefa49d1b746ec18d522dcd1 Author: Volker Lendecke Date: Mon Feb 21 17:12:05 2022 +0100 smbd: Make OpenDir_fsp() return NTSTATUS Preparation for making OpenDir return NTSTATUS Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 2cef24a5fa681840147509e1f97d8ce19e0f533d Author: Volker Lendecke Date: Mon Feb 21 17:09:36 2022 +0100 smbd: Initialize a pointer Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme --- Summary of changes: source3/modules/vfs_streams_depot.c | 8 +-- source3/rpc_server/rpc_host.c | 8 +-- source3/smbd/close.c| 2 +- source3/smbd/dir.c | 102 +++- source3/smbd/filename.c | 12 +++-- source3/smbd/proto.h| 6 +++ source3/smbd/reply.c| 2 +- 7 files changed, 91 insertions(+), 49 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_streams_depot.c b/source3/modules/vfs_streams_depot.c index ae73ba965a5..f1ec5b9748a 100644 --- a/source3/modules/vfs_streams_depot.c +++ b/source3/modules/vfs_streams_depot.c @@ -551,6 +551,7 @@ static NTSTATUS walk_streams(vfs_handle_struct *handle, const char *dname = NULL; long offset = 0; char *talloced = NULL; + NTSTATUS status; dirname = stream_dir(handle, smb_fname_base, _fname_base->st, false); @@ -594,13 +595,14 @@ static NTSTATUS walk_streams(vfs_handle_struct *handle, orig_connectpath = handle->conn->connectpath; handle->conn->connectpath = rootdir; - dir_hnd = OpenDir(talloc_tos(), handle->conn, dir_smb_fname, NULL, 0); - if (dir_hnd == NULL
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via e34ef99 CVE-2021-44142.html: fix CVE version from f5017ed Add credits to the CVE-2021-44142 advisory https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit e34ef99fc28950a69d6be7f26061e4c7945c0203 Author: Ralph Boehme Date: Tue Feb 1 17:12:47 2022 +0100 CVE-2021-44142.html: fix CVE version Signed-off-by: Ralph Boehme --- Summary of changes: security/CVE-2021-44142.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/security/CVE-2021-44142.html b/security/CVE-2021-44142.html index 7e972e5..d2fe264 100644 --- a/security/CVE-2021-44142.html +++ b/security/CVE-2021-44142.html @@ -8,7 +8,7 @@ - CVE-2022-44142.html: + CVE-2021-44142.html: -- Samba Website Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via f5017ed Add credits to the CVE-2021-44142 advisory from 0c959c8 NEWS[4.16.0rc2]: Samba 4.16.0rc2 Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit f5017ed77c193406fb2adb68cd685b06297c8b71 Author: Ralph Boehme Date: Tue Feb 1 15:07:49 2022 +0100 Add credits to the CVE-2021-44142 advisory Signed-off-by: Ralph Boehme --- Summary of changes: security/CVE-2021-44142.html | 2 ++ 1 file changed, 2 insertions(+) Changeset truncated at 500 lines: diff --git a/security/CVE-2021-44142.html b/security/CVE-2021-44142.html index 8c7e491..7e972e5 100644 --- a/security/CVE-2021-44142.html +++ b/security/CVE-2021-44142.html @@ -85,6 +85,8 @@ Credits === Originally reported by Orange Tsai from DEVCORE. +Nguyen Hoang Thach and Billy Jheng Bing-Jhong of STAR Labs working with Trend Micro Zero Day Initiative +Lucas Leong of Trend Micro Zero Day Initiative Patches provided by Ralph Bhme of the Samba team. -- Samba Website Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 96b10702295 smbd: Assert we don't leak fd's in struct fd_handle
via 529e6718c09 smbd: Replace SMB_VFS_CLOSE() calls with fd_close()
via e6c8b38ecf1 vfs_commit: Reset fsp->fd->fd to -1 after SMB_VFS_CLOSE
via 28e09580b05 pysmbd: Fix file descriptor leaks
via 5988607d7fa smbd: Fix a fd leak when closing a print file
from 9d2bf015378 s3:libsmb: fix signing regression SMBC_server_internal()
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 96b1070229545a7c7e223dddadb9e8503d7d8b6a
Author: Volker Lendecke
Date: Mon Dec 27 11:17:22 2021 +0100
smbd: Assert we don't leak fd's in struct fd_handle
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Thu Dec 30 11:54:17 UTC 2021 on sn-devel-184
commit 529e6718c0944ce2e31ba5c72799bedd8569541c
Author: Volker Lendecke
Date: Tue Dec 28 12:25:59 2021 +0100
smbd: Replace SMB_VFS_CLOSE() calls with fd_close()
fd_close() mostly wraps SMB_VFS_CLOSE() but also takes care of refcounting
fsp->fh properly and also makes sure that fsp->fh->fd is set to -1 after
close.
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Boehme
commit e6c8b38ecf1f040630a91a859d5f5bf528ceffbd
Author: Volker Lendecke
Date: Tue Dec 28 18:42:00 2021 +0100
vfs_commit: Reset fsp->fd->fd to -1 after SMB_VFS_CLOSE
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Boehme
commit 28e09580b05951d2c1f5a6c57a1287b51e034e35
Author: Volker Lendecke
Date: Tue Dec 28 18:34:20 2021 +0100
pysmbd: Fix file descriptor leaks
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Boehme
commit 5988607d7fa3f5f62cf7e0f9517b471c1db19aee
Author: Volker Lendecke
Date: Tue Dec 28 12:25:40 2021 +0100
smbd: Fix a fd leak when closing a print file
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Boehme
---
Summary of changes:
source3/modules/vfs_commit.c | 1 +
source3/smbd/close.c | 1 +
source3/smbd/durable.c | 48 +++-
source3/smbd/fd_handle.c | 9 +
source3/smbd/open.c | 17 ++--
source3/smbd/pysmbd.c| 32 +++--
source3/torture/cmd_vfs.c| 19 +-
7 files changed, 74 insertions(+), 53 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/modules/vfs_commit.c b/source3/modules/vfs_commit.c
index a933a5982e5..6d64896c7e0 100644
--- a/source3/modules/vfs_commit.c
+++ b/source3/modules/vfs_commit.c
@@ -244,6 +244,7 @@ static int commit_openat(struct vfs_handle_struct *handle,
if (SMB_VFS_FSTAT(fsp, ) == -1) {
int saved_errno = errno;
SMB_VFS_CLOSE(fsp);
+ fsp_set_fd(fsp, -1);
errno = saved_errno;
return -1;
}
diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index 0ea0f096fea..610450d086f 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -1542,6 +1542,7 @@ NTSTATUS close_file(struct smb_request *req, files_struct
*fsp,
} else if (fsp->print_file != NULL) {
/* FIXME: return spool errors */
print_spool_end(fsp, close_type);
+ fd_close(fsp);
file_free(req, fsp);
status = NT_STATUS_OK;
} else if (!fsp->fsp_flags.is_fsa) {
diff --git a/source3/smbd/durable.c b/source3/smbd/durable.c
index 88e0b70d137..a49bca6fd61 100644
--- a/source3/smbd/durable.c
+++ b/source3/smbd/durable.c
@@ -837,15 +837,15 @@ NTSTATUS vfs_default_durable_reconnect(struct
connection_struct *conn,
ret = SMB_VFS_FSTAT(fsp, >fsp_name->st);
if (ret == -1) {
+ NTSTATUS close_status;
status = map_nt_error_from_unix_common(errno);
DEBUG(1, ("Unable to fstat stream: %s => %s\n",
smb_fname_str_dbg(smb_fname),
nt_errstr(status)));
- ret = SMB_VFS_CLOSE(fsp);
- if (ret == -1) {
- DEBUG(0, ("vfs_default_durable_reconnect: "
- "SMB_VFS_CLOSE failed (%s) - leaking file "
- "descriptor\n", strerror(errno)));
+ close_status = fd_close(fsp);
+ if (!NT_STATUS_IS_OK(close_status)) {
+ DBG_ERR("fd_close failed (%s) - leaking file "
+ "descriptor\n", nt_errstr(close_status));
}
TALLOC_FREE(lck);
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via b5e7e7b65ae s3: smbtorture3: Fix POSIX-BLOCKING-LOCK to actually negotiate SMB1+POSIX before using POSIX calls. via 89f284af616 s3: tests: Fix the samba3.blackbox.acl_xattr test to actually negotiate SMB1+POSIX before using POSIX calls. via e7f2cfb5442 s3: tests: Fix the samba3.blackbox.inherit_owner test to actually negotiate SMB1+POSIX before using POSIX calls. via 6453e5aac45 s4: torture: Fix unix.info2 test to actually negotiate SMB1+POSIX before using POSIX calls. via 397cc7599b9 s4: torture: Fix raw.search:test_one_file() by using the SMB1+POSIX connection for POSIX info levels. via aaa6d09f6fa s4: torture: raw.search: Add setup_smb1_posix(). Call it on the second connection in test_one_file(). via d681a4b0585 s4: torture: In raw.search:test_one_file() add a second connection. via 4bd1f7609fa s3: smbclient: Give a message if we try and use any POSIX command without negotiating POSIX first. via 59fa3806c94 s3: smbd: Tighten up info level checks for SMB1+POSIX to make sure POSIX was negotiated first. via 00fd039c904 s4: torture: In raw.search:test_one_file() remove the leading '\' in the test filenames. via 57c56d89be0 s4: torture: Fix raw.search:test_one_file() to use torture_result() instead of printf. from 25c87b70c07 s3: smbd: Remove 'struct uc_state' name_has_wildcard element. https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b5e7e7b65ae3251e128bbb41e7bbd0bfaeef4c7b Author: Jeremy Allison Date: Thu Nov 18 12:16:44 2021 -0800 s3: smbtorture3: Fix POSIX-BLOCKING-LOCK to actually negotiate SMB1+POSIX before using POSIX calls. This must be done before doing POSIX calls on a connection. Remove the final entry in knownfail.d/posix_infolevel_fails samba3.smbtorture_s3.plain.POSIX-BLOCKING-LOCK.smbtorture\(nt4_dc_smb1\) And remove the file knownfail.d/posix_infolevel_fails itself. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Sat Dec 11 12:03:36 UTC 2021 on sn-devel-184 commit 89f284af616e63b4ebc8bf00aed289cc7faf372e Author: Jeremy Allison Date: Fri Nov 19 00:05:35 2021 -0800 s3: tests: Fix the samba3.blackbox.acl_xattr test to actually negotiate SMB1+POSIX before using POSIX calls. Remove the following entries in knownfail.d/posix_infolevel_fails. samba3.blackbox.acl_xattr.NT1.nt_affects_posix.* samba3.blackbox.acl_xattr.NT1.nt_affects_chown.* samba3.blackbox.acl_xattr.NT1.nt_affects_chgrp.* Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit e7f2cfb5442f50c25c9a127dc1676360cab78b50 Author: Jeremy Allison Date: Fri Nov 19 12:12:36 2021 -0800 s3: tests: Fix the samba3.blackbox.inherit_owner test to actually negotiate SMB1+POSIX before using POSIX calls. Remove the following entry in knownfail.d/posix_infolevel_fails. samba3.blackbox.inherit_owner.*.NT1.*verify.*unix\ owner.* Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit 6453e5aac45a41b21c5cad989bad34caa47d7e53 Author: Jeremy Allison Date: Fri Nov 19 12:15:06 2021 -0800 s4: torture: Fix unix.info2 test to actually negotiate SMB1+POSIX before using POSIX calls. Cope with the minor difference in wildcard search return when we're actually using SMB1+POSIX on the server (SMB1+POSIX treats all directory search paths as wildcards). Remove the following entries in knownfail.d/posix_infolevel_fails. samba3.unix.info2.info2\(nt4_dc_smb1\) samba3.unix.info2.info2\(ad_dc_smb1\) Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit 397cc7599b91cec10aa79570e29e9ced72a1690f Author: Jeremy Allison Date: Fri Nov 19 14:51:39 2021 -0800 s4: torture: Fix raw.search:test_one_file() by using the SMB1+POSIX connection for POSIX info levels. Remove the following entry in knownfail.d/posix_infolevel_fails. ^samba3.raw.search.one\ file\ search.* from knownfail.d/posix_infolevel_fails Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit aaa6d09f6fa376926237f90168c2dbc22fcf2e39 Author: Jeremy Allison Date: Fri Nov 19 14:48:20 2021 -0800 s4: torture: raw.search: Add setup_smb1_posix(). Call it on the second connection in test_one_file(). Not yet used. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit d681a4b058522211e2db3095653dddf53a1f3caf Author: Jeremy Allison Date: Fri Nov 19 14:44:05 2021 -0800 s4: torture: In raw.search:test_one_file() add a second connection. Change from torture_suite_add_1smb_test() to torture_suite_add_2smb_test(). Not yet
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 25c87b70c07 s3: smbd: Remove 'struct uc_state' name_has_wildcard
element.
via 0ecb5e3e3fb s3: smbd: In unix_convert_step_stat() remove use of
state->name_was_wildcard.
via e6f0269817e s3: smbd: In unix_convert_step() remove all use of
'state->name_was_wildcard'
via ce6b3ba4099 s3: smbd: In unix_convert() remove the now unneeded
block indentation.
via b21ba035bf3 s3: smbd: In unix_convert(), remove all references to
state->name_has_wildcard.
via 1d52a4a4677 s3: smbd: Inside unix_convert(), never set
state->name_is_wildcard.
via 6493d39b679 s3: smbd: UCF_ALWAYS_ALLOW_WCARD_LCOMP 0x0002 is no
longer used.
via 6f15f8b68a5 s3: smbd: We no longer need determine_path_error().
via e1cc3e3a673 s3: smbd: Inside 'struct uc_state', remove
allow_wcard_last_component.
via da1417fb37b s3: smbd: filename_convert() no longer deals with
wildcards.
via 24002be5883 s3: smbd: parse_dfs_path() can ignore wildcards.
via 52ca4bf6d5a s3: smbd: Remove 'bool search_wcard_flag' from
parse_dfs_path().
via 18125747483 s3: smbd: dfs_path_lookup() no longer deals with
wildcards.
via fa45c91cb45 s3: smbd: Fix call_trans2findfirst() to use
filename_convert_smb1_search_path().
via 1658fad32cb s3: smbd: Convert reply_search() to use
filename_convert_smb1_search_path().
via 3ca82218643 s3: smbd: Add filename_convert_smb1_search_path() -
deals with SMB1 search pathnames.
via addbf4cc3ba s3: smbd: Allow dfs_redirect() to return a TWRP token
it got from a parsed pathname.
via a568e92e51a s3: smbd: In dfs_path_lookup(). If we have a DFS path
including a @GMT-token, don't throw away the twrp value when parsing the path.
via 14e0dd43d56 s3: smbd: filename_convert() is now a one-to-one
wrapper around filename_convert_internal().
via 5425f2aa43d s3: smbd: Remove now unused
check_reduced_name_with_privilege().
via 02f840308d5 s3: smbd: Remove unused check_name_with_privilege().
via b18c2abae99 s3: smbd: In filename_convert_internal(), remove call
to check_name_with_privilege().
via 59b7101ac9e s3: smbd: Remove filename_convert_with_privilege(). No
longer used.
via 18a1cc632b4 s3: smbd: In call_trans2findfirst() we don't need
filename_convert_with_privilege() anymore.
via a3acb8698bb s3: smbd: Remove split_fname_dir_mask().
via a325cb09552 s3: smbd: In rename_internals(), remove the name
spliting and re-combining code.
via 449aa4153a6 s3: smbd: check_name() is now static to filename.c
via 07df94ade1e s3: smbd: In rename_internals_fsp(), remove unneeded
call to check_name().
via d58b9094f7b s3: smbd: Handling SMB_FILE_RENAME_INFORMATION, the
destination name is a single component.
via 6db08012e99 s3: smbd: Remove the old unlink_internals()
implementation.
via b2a0664d4c1 s3: smbd: Comment out the old unlink_internals().
Rename do_unlink() -> unlink_internals().
via e60360c4868 s3: smbd: Move to modern debug calls inside do_unlink().
via 048239d s3: smbd: Move setting of dirtype if
FILE_ATTRIBUTE_NORMAL to do_unlink().
from f7e1a81cc05 s3:torture: Initialize pointer with NULL
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 25c87b70c07647896c9e7c4c1132835dbe318b61
Author: Jeremy Allison
Date: Fri Dec 3 13:06:27 2021 -0800
s3: smbd: Remove 'struct uc_state' name_has_wildcard element.
It is never set or looked at.
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Sat Dec 11 08:07:14 UTC 2021 on sn-devel-184
commit 0ecb5e3e3fb45c119c9cb933cc8479b6d33de1ad
Author: Jeremy Allison
Date: Fri Dec 3 13:05:55 2021 -0800
s3: smbd: In unix_convert_step_stat() remove use of
state->name_was_wildcard.
It can never be true.
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
commit e6f0269817ef121f55b212bcec8ed9fad40a6ffd
Author: Jeremy Allison
Date: Fri Dec 3 13:03:47 2021 -0800
s3: smbd: In unix_convert_step() remove all use of
'state->name_was_wildcard'
We know it is never true.
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
commit ce6b3ba4099cf1fd35ccd5b85c59f1e76918fb3b
Author: Jeremy Allison
Date: Fri Dec 3 12:59:50 2021 -0800
s3: smbd: In unix_convert() remove the now unneeded block indentation.
We removed the 'if (state->name_has_wildcard) {' clause, so
the block no longer needs indenting.
Best seen with git show -b.
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
commit b21ba035bf364400c74385c1364ea93387903c7f
Author: Jeremy Allison
Date: Fri Dec 3 12:55:41
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via bd98e040d4a Update WHATSNEW.txt with removal of wildcard copy,
rename and unlink.
via 4ac91bd065c s3: smbd: Remove 'const char *src_original_lcomp' from
reply_mv().
via 5190a8bd821 s3: smbd: Remove 'const char *src_original_lcomp'
parameter from rename_internals().
via 7ac844ce92a s3: smbd: Inside rename_internals() remove '{ ... }'
block around singleton rename code.
via fe92aaa962a s3: smbd: Remove the commented out resolve_wildcards().
via ff722c0fdfb s3: smbd: Remove all wildcard code from
rename_internals().
via 3cb5ef1c798 s3: smbd: Remove dest_has_wild and all associated code
from rename_internals()
via 885a982b9fd s3: smbd: Prepare to remove wildcard matching from
rename_internals().
via de90620bec5 s3: smbd: In reply_ntrename() remove 'bool
dest_has_wcard' and all uses.
via f44fc91505a s3: smbd: In reply_ntrename(), never set dest_has_wcard.
via e66148c8741 s3: smbd: In reply_ntrename() remove the
UCF_ALWAYS_ALLOW_WCARD_LCOMP flag for destination lookups.
via ff4bbb1279a s3: smbd: In SMBntrename (0xa5) prevent wildcards in
destination name.
via f67f25bcf02 s3: smbd: In smb_file_rename_information()
(SMB_FILE_RENAME_INFORMATION info level) prevent destination wildcards.
via 4cfe055ca7e s3: smbd: Remove UCF_ALWAYS_ALLOW_WCARD_LCOMP flag from
pathname processing in reply_mv().
via 098d63a219c s3: smbd: Remove 'bool has_wild' parameter from
unlink_internals().
via 42985702df0 s3: smbd: Change unlink_internals() to ignore has_wild
parameter.
via f46445cb6ae s3: smbd: In reply_unlink() remove the possibility of
receiving a wildcard name.
via 7f61ff777b1 s3: smbd: Remove support for SMBcopy SMB_COM_COPY (0x29)
via d2aae105c61 s3: torture: Remove the wildcard unlink test code.
via fb4e998346d s4: torture: Remove the wildcard rename test code.
via 3c9a33ca346 s4: torture: Remove the wildcard unlink test code.
via ef1d9d31bc3 s3: torture: In run_smb1_wild_mangle_unlink_test() use
a valid pathname for rename target.
via 78ee275c734 s3: torture: In torture_mangle(), use torture_deltree()
for setup and cleanup.
via 6cb9f127e1f s3: torture: In test_mask(), use torture_deltree() for
setup.
via 9398655cfdd s3: torture: In run_streamerror(), use
torture_deltree() for setup.
via 5a802ae2d31 s3: torture: In torture_chkpath_test(), use
torture_deltree() for setup and cleanup.
via 1eeabbf8401 s3: torture: In torture_casetable(), use
torture_deltree() for setup and cleanup.
via 498b3d923cd s3: torture: In torture_utable(), use torture_deltree()
for setup.
via 7ffc03d5e7d s3: torture: In run_smb1_wild_mangle_rename_test() use
torture_deltree() for setup and cleanup.
via 3a73178fe48 s3: torture: In run_smb1_wild_mangle_unlink_test() use
torture_deltree() for setup and cleanup.
via a0bfb37b4be s3: torture: Add torture_deltree() for setup and
teardown.
via 770d8375fca s4: libcli: smbcli_unlink() is no longer used with
wildcard patterns.
via 3a42b351364 s4: torture: Use smbcli_unlink_wcard() to setup and
cleanup in masktest.
via 367dc3cb597 s4: torture: Use smbcli_unlink_wcard() in
base.casetable test.
via c697ad1e389 s4: torture: Use smbcli_unlink_wcard() to cleanup in
base.mangle test.
via 78102894931 s4: torture: Use smbcli_unlink_wcard() to remove
wildcards in base.chkpath test.
via 35d8b146655 s4: torture: In raw.notify test use
smbcli_unlink_wcard() in place of smbcli_unlink().
via 5b7ff5a9d00 s4: libcli: In smbcli_deltree() use
smbcli_unlink_wcard() in place of smbcli_unlink().
via 3d0857c9ec2 s4: libcli: Add smbcli_unlink_wcard().
from e2b7a2f7811 s4-auth: Remove unused headers
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit bd98e040d4a4a24cc2be5bb9cfde5ebbe575ce52
Author: Jeremy Allison
Date: Tue Dec 7 10:25:38 2021 -0800
Update WHATSNEW.txt with removal of wildcard copy, rename and unlink.
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Thu Dec 9 18:57:15 UTC 2021 on sn-devel-184
commit 4ac91bd065cee699cdb4daeff719d02464d75326
Author: Jeremy Allison
Date: Wed Dec 1 16:40:55 2021 -0800
s3: smbd: Remove 'const char *src_original_lcomp' from reply_mv().
No longer used.
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
commit 5190a8bd8211f93b11409ae2ba5fbe365b1a8390
Author: Jeremy Allison
Date: Wed Dec 1 16:39:42 2021 -0800
s3: smbd: Remove 'const char *src_original_lcomp' parameter from
rename_internals().
No longer used.
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f4d0bb164f0 smb2_server: skip tcon check and chdir_current_service() for FSCTL_QUERY_NETWORK_INTERFACE_INFO via 629d161b8f5 s4:torture/smb2: FSCTL_QUERY_NETWORK_INTERFACE_INFO should work on noperm share via 1744dd8c5bc smb2_server: don't let SMB2_OP_IOCTL force FILE_CLOSED for invalid file ids via fb33f145ff5 s4:torture/smb2: FSCTL_QUERY_NETWORK_INTERFACE_INFO gives INVALID_PARAMETER with invalid file ids via aab54050343 smb2_ioctl: return BUFFER_TOO_SMALL in smbd_smb2_request_ioctl_done() via b3212b359ed s4:torture/smb2: test FSCTL_QUERY_NETWORK_INTERFACE_INFO with BUFFER_TOO_SMALL via c850ce96fd3 smb2_server: skip tcon check and chdir_current_service() for FSCTL_VALIDATE_NEGOTIATE_INFO via bd3ba3c96e6 smb2_server: decouple IOCTL check from signing/encryption states via 1cd948d8520 smb2_server: make sure in_ctl_code = IVAL(body, 0x04); reads valid bytes via 735fc34682c s4:torture/smb2: add smb2.ioctl.bug14788.VALIDATE_NEGOTIATE via 04a79139a42 libcli/smb: split out smb2cli_raw_tcon* from smb2cli_tcon* from 0991946ab2e heimdal_build: Remove memset_s from roken, already in libreplace https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f4d0bb164f028da46eab766135bb38175c117deb Author: Stefan Metzmacher Date: Wed Sep 15 19:29:40 2021 +0200 smb2_server: skip tcon check and chdir_current_service() for FSCTL_QUERY_NETWORK_INTERFACE_INFO We should not fail this just because the user doesn't have permissions on the share root. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Dec 1 11:51:50 UTC 2021 on sn-devel-184 commit 629d161b8f579bc24acfaf3fe02612a5237345b4 Author: Stefan Metzmacher Date: Mon Nov 29 19:56:20 2021 +0100 s4:torture/smb2: FSCTL_QUERY_NETWORK_INTERFACE_INFO should work on noperm share Demonstrate that smbd fails FSCTL_QUERY_NETWORK_INTERFACE_INFO only because the user doesn't have permissions on the share root. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit 1744dd8c5bc342a74e397951506468636275fe45 Author: Stefan Metzmacher Date: Wed Sep 15 20:27:12 2021 +0200 smb2_server: don't let SMB2_OP_IOCTL force FILE_CLOSED for invalid file ids smbd_smb2_request_process_ioctl() already detailed checks for file_ids, which not reached before. .allow_invalid_fileid = true was only used for SMB2_OP_IOCTL. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit fb33f145ff598b03a08098b7f12f3c53491f6c04 Author: Stefan Metzmacher Date: Mon Nov 29 19:56:20 2021 +0100 s4:torture/smb2: FSCTL_QUERY_NETWORK_INTERFACE_INFO gives INVALID_PARAMETER with invalid file ids An invalid file id for FSCTL_QUERY_NETWORK_INTERFACE_INFO gives INVALID_PARAMETER instead of FILE_CLOSED. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit aab540503434817cc6b2de1d9c507f9d0b3ad980 Author: Stefan Metzmacher Date: Wed Sep 15 20:26:58 2021 +0200 smb2_ioctl: return BUFFER_TOO_SMALL in smbd_smb2_request_ioctl_done() We should not send more data than the client requested. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit b3212b359edb78d4c60fed377fa18478c8e75d9a Author: Stefan Metzmacher Date: Mon Nov 29 19:44:12 2021 +0100 s4:torture/smb2: test FSCTL_QUERY_NETWORK_INTERFACE_INFO with BUFFER_TOO_SMALL It seems that we currently don't have BUFFER_TOO_SMALL handling for FSCTL/IOCTL calls. FSCTL_QUERY_NETWORK_INTERFACE_INFO is just an easy example to demonstrate it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit c850ce96fd32ea91d8a31223bb09dd5b8b98d99e Author: Stefan Metzmacher Date: Mon Aug 16 17:28:05 2021 +0200 smb2_server: skip tcon check and chdir_current_service() for FSCTL_VALIDATE_NEGOTIATE_INFO We should not fail this just because the user doesn't have permissions on the share root. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit bd3ba3c96e6ba811afd5898ff5470188557a6e33 Author: Stefan Metzmacher Date: Wed Sep 15 17:25:53 2021 +0200 smb2_server: decouple IOCTL check from signing/encryption states There's
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via cdc0268c198 cmdline: Make -P work in clustered mode
via 63c80f25da8 cmdline: Add a callback to set the machine account
details
via d6270525699 lib: Add required includes to source3/include/secrets.h
via 9faa3173193 selftest: Add reproducer for bug 14908
from 2868b803649 lib/replace/timegm: use utf-8
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit cdc0268c1987f36ab400ea01df88d55c02dccfdb
Author: Volker Lendecke
Date: Wed Nov 17 12:27:27 2021 +0100
cmdline: Make -P work in clustered mode
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Wed Nov 17 18:29:09 UTC 2021 on sn-devel-184
commit 63c80f25da8829a7bd3244afea29c13f699efac1
Author: Volker Lendecke
Date: Wed Nov 17 12:25:58 2021 +0100
cmdline: Add a callback to set the machine account details
source3 clients need to work in clustered mode, the default
cli_credentials_set_machine_account() only looks at the local
secrets.tdb file
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Boehme
commit d6270525699fbc856b217cf18ece7f1d063b144d
Author: Volker Lendecke
Date: Wed Nov 17 12:25:05 2021 +0100
lib: Add required includes to source3/include/secrets.h
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Boehme
commit 9faa3173193ddcb95905993d960cc10d4366524e
Author: Volker Lendecke
Date: Wed Nov 17 16:34:07 2021 +0100
selftest: Add reproducer for bug 14908
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Boehme
---
Summary of changes:
lib/cmdline/cmdline.c| 16 --
lib/cmdline/cmdline.h| 4
lib/cmdline/cmdline_s3.c | 28
lib/cmdline/wscript | 2 +-
source3/include/secrets.h| 3 +++
source3/script/tests/test_net_machine_account.sh | 22 +++
source3/selftest/tests.py| 9
7 files changed, 81 insertions(+), 3 deletions(-)
create mode 100755 source3/script/tests/test_net_machine_account.sh
Changeset truncated at 500 lines:
diff --git a/lib/cmdline/cmdline.c b/lib/cmdline/cmdline.c
index 753cec27c3f..33d0c94e3b1 100644
--- a/lib/cmdline/cmdline.c
+++ b/lib/cmdline/cmdline.c
@@ -30,6 +30,11 @@ static struct cli_credentials *cmdline_creds;
static samba_cmdline_load_config cmdline_load_config_fn;
static struct samba_cmdline_daemon_cfg cmdline_daemon_cfg;
+static NTSTATUS (*cli_credentials_set_machine_account_fn)(
+ struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx) =
+ cli_credentials_set_machine_account;
+
/* PRIVATE */
bool samba_cmdline_set_talloc_ctx(TALLOC_CTX *mem_ctx)
{
@@ -122,6 +127,13 @@ struct samba_cmdline_daemon_cfg
*samba_cmdline_get_daemon_cfg(void)
return _daemon_cfg;
}
+void samba_cmdline_set_machine_account_fn(
+ NTSTATUS (*fn) (struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx))
+{
+ cli_credentials_set_machine_account_fn = fn;
+}
+
void samba_cmdline_burn(int argc, char *argv[])
{
bool found = false;
@@ -792,8 +804,8 @@ static void popt_common_credentials_callback(poptContext
popt_ctx,
if (machine_account_pending) {
NTSTATUS status;
- status = cli_credentials_set_machine_account(creds,
-lp_ctx);
+ status = cli_credentials_set_machine_account_fn(
+ creds, lp_ctx);
if (!NT_STATUS_IS_OK(status)) {
fprintf(stderr,
"Failed to set machine account: %s\n",
diff --git a/lib/cmdline/cmdline.h b/lib/cmdline/cmdline.h
index 1f85da0099e..5cd58c3ddbb 100644
--- a/lib/cmdline/cmdline.h
+++ b/lib/cmdline/cmdline.h
@@ -131,6 +131,10 @@ struct poptOption *samba_cmdline_get_popt(enum
smb_cmdline_popt_options opt);
*/
struct samba_cmdline_daemon_cfg *samba_cmdline_get_daemon_cfg(void);
+void samba_cmdline_set_machine_account_fn(
+ NTSTATUS (*fn) (struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx));
+
/**
* @brief Burn secrets on the command line.
*
diff --git a/lib/cmdline/cmdline_s3.c b/lib/cmdline/cmdline_s3.c
index 639d403aed3..6e2c154c
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 2868b803649 lib/replace/timegm: use utf-8 via 039f876c4e9 s4/auth/gensec/gensec_krb5_heimdal: use utf-8 via 6ced906e2be test/blackbox/test_samba-tool_ntacl: use utf-8 via 4c85693f553 s3/modules/vfs_acl_common.h: use utf-8 via c3194d0d65d test/bad_chars: ensure our tests could fail via fccb105e079 pytests: check that we don't have bad format characters from 1c8ea2448ea s3: smbd: In SMB1 call_trans2findnext() add and use a helper variable to ensure we don't call mangle_is_mangled() with a posix name. https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2868b8036498e7fa0c7ae3615f5d97b42b360da2 Author: Douglas Bagnall Date: Wed Nov 17 09:47:18 2021 +1300 lib/replace/timegm: use utf-8 Signed-off-by: Douglas Bagnall Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Nov 17 05:27:39 UTC 2021 on sn-devel-184 commit 039f876c4e9f635b207f3b16c99662297a93dd5e Author: Douglas Bagnall Date: Wed Nov 17 09:48:37 2021 +1300 s4/auth/gensec/gensec_krb5_heimdal: use utf-8 Signed-off-by: Douglas Bagnall Reviewed-by: Ralph Boehme commit 6ced906e2be66fb324aa012a06c8d3b10bbf78b2 Author: Douglas Bagnall Date: Wed Nov 17 09:49:05 2021 +1300 test/blackbox/test_samba-tool_ntacl: use utf-8 Signed-off-by: Douglas Bagnall Reviewed-by: Ralph Boehme commit 4c85693f55341344117f0b6d2bb7498099828dab Author: Douglas Bagnall Date: Wed Nov 17 09:47:52 2021 +1300 s3/modules/vfs_acl_common.h: use utf-8 Signed-off-by: Douglas Bagnall Reviewed-by: Ralph Boehme commit c3194d0d65d838b79cb5345a9d9433704b2f95ba Author: Douglas Bagnall Date: Wed Nov 17 10:23:02 2021 +1300 test/bad_chars: ensure our tests could fail Signed-off-by: Douglas Bagnall Reviewed-by: Ralph Boehme commit fccb105e079df7bfe22b6887262128ab9e81064d Author: Douglas Bagnall Date: Tue Nov 16 20:23:04 2021 + pytests: check that we don't have bad format characters Unicode has format control characters that affect the appearance — including the apparent order — of other characters. Some of these, like the bidi controls (for mixing left-to-right scripts with right-to-left scripts) can be used make text that means one thing look very much like it means another thing. The potential for duplicity using these characters has recently been publicised under the name “Trojan Source”, and CVE-2021-42694. A specific example, as it affects the Rust language is CVE-2021-42574. We don't have many format control characters in our code — in fact, just the non-breaking space (\u200b) and the redundant BOM thing (\ufeff), and this test aims to ensure we keep it that way. The test uses a series of allow-lists and deny-lists to check most text files for unknown format control characters. The filtering is fairly conservative but not exhaustive. For example, XML and text files are checked, but UTF-16 files are not. Signed-off-by: Douglas Bagnall Reviewed-by: Ralph Boehme --- Summary of changes: lib/replace/timegm.c| 2 +- python/samba/tests/source_chars.py | 261 selftest/tests.py | 2 + source3/modules/vfs_acl_common.h| 2 +- source4/auth/gensec/gensec_krb5_heimdal.c | 2 +- testdata/source-chars-bad.c | 23 +++ testprogs/blackbox/test_samba-tool_ntacl.sh | 2 +- 7 files changed, 290 insertions(+), 4 deletions(-) create mode 100644 python/samba/tests/source_chars.py create mode 100644 testdata/source-chars-bad.c Changeset truncated at 500 lines: diff --git a/lib/replace/timegm.c b/lib/replace/timegm.c index 395c684e117..93263a2d182 100644 --- a/lib/replace/timegm.c +++ b/lib/replace/timegm.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 Kungliga Tekniska H�gskolan + * Copyright (c) 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * diff --git a/python/samba/tests/source_chars.py b/python/samba/tests/source_chars.py new file mode 100644 index 000..f60dc5899af --- /dev/null +++ b/python/samba/tests/source_chars.py @@ -0,0 +1,261 @@ +# Unix SMB/CIFS implementation. +# +# Copyright (C) Catalyst.Net Ltd. 2021 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1c8ea2448ea s3: smbd: In SMB1 call_trans2findnext() add and use a helper variable to ensure we don't call mangle_is_mangled() with a posix name. via 761c9190454 s3: smbd: In unlink_internals() ensure we never call mangle_is_mangled for a posix path. via e2c45a09263 s3: smbd: SMB1 reply_copy(). Posix pathnames always means case_sensitive = true. via e3c40250fb1 s3: smbd: SMB1 reply_copy(). Posix pathnames should never call into mangle_is_mangled(). via d0d8f32d8f7 s3: smbd: In SMB1 reply_copy(), make req->posix_pathnames a helper variable. via 826ae5c8069 s3: smbd: Add and use helper variables for case_sensitive, case_preserve, short_case_preserve to rename_internals(). via 395acac7b46 s3: smbd: Ensure we never call mangle_is_mangled() for a posix path. via 23be0565dc7 s3: smbd: Add and use helper variable posix_pathname in rename_internals(). via 026b4318967 s3: smbd: Add and use helper variables case_sensitive, case_preserve in rename_internals_fsp(). via 836d6f8a226 s3: smbd: Add and use case_sensitive helper variable to unlink_internals(). via 89d986ec130 s3: smbd: Use a helper variable in smbd_smb2_query_directory_send(). via db6902a3c58 s3: smbd: In open_file() use the helper variable to select correct case_sensitive setting to is_in_path(). via 51b582546b5 s3: smbd: In open_file(), use a helper variable instead of always checking sp->posix_flags & FSP_POSIX_FLAGS_OPEN. via df8abb5aa76 s3: smbd: Use dptr_case_sensitive() in directory listing code. via e163f22e81d s3: smbd: Add dptr_case_sensitive(). Not yet used. via ab1e97f87b1 s3: smbd: In OpenDir_fsp(), set dir_hnd->case_sensitive to true if FSP_POSIX_FLAGS_OPEN is set. via ede3a45dfca s3: smbd: Use dir_hnd->case_sensitive instead of conn->case_sensitive. via af35c684a39 s3: smbd: Add case_sensitive to struct smb_Dir. via 1b130decc2b s3: smbd: Use state->case_sensitive instead of state->conn->case_sensitive. via 1240f741e66 s3: smbd: Add 'bool case_sensitive' to struct smbd_dirptr_lanman2_state. via 1cc5a394209 s3: smbd: In unix_convert() component_was_mangled is always false for posix. via 3911ca59f48 s3: smbd: In unix_convert_step_search_fail() ensure posix names don't call into name mangling functions. via d650d9ad8ae s3: smbd: Add comment to unix_convert() explaining why posix never calls into mangle_is_mangled() here. via 77f54fc14f2 s3: smbd: Turn on case sensitivity for a posix filename lookup. via f4354571d61 s3: smbd: Use state->short_case_preserve instead of state->conn->short_case_preserve. via 598c07b106e s3: smbd: Use state->case_preserve instead of state->conn->case_preserve. via 2910657694e s3: smbd: Use state->case_sensitive instead of state->conn->case_sensitive. via 35ee8a7b6c7 s3: smbd: Add case_sensitive, case_preserve, short_case_preserve to state struct. via b460c534272 s3: smbd: Ensure normalize_filename_case() doesn't modify posix names. via 86e42fb4841 s3: smbd: Add ucf_flags parameter to normalize_filename_case(). via 3f0935b369e s3: smbd: get_real_filename() is actually static to filename.c from a8c0c2c9e3a smbd: get rid of get_file_handle_for_metadata() https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1c8ea2448eaacb84c1c134e9597a5f873779b0a4 Author: Jeremy Allison Date: Tue Nov 9 14:57:18 2021 -0800 s3: smbd: In SMB1 call_trans2findnext() add and use a helper variable to ensure we don't call mangle_is_mangled() with a posix name. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Tue Nov 16 21:06:38 UTC 2021 on sn-devel-184 commit 761c9190454ce1704a041275723e23025bf62cf3 Author: Jeremy Allison Date: Tue Nov 9 14:55:05 2021 -0800 s3: smbd: In unlink_internals() ensure we never call mangle_is_mangled for a posix path. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit e2c45a092639c56d4a6b615fecef6d85f13b87eb Author: Jeremy Allison Date: Tue Nov 9 14:28:34 2021 -0800 s3: smbd: SMB1 reply_copy(). Posix pathnames always means case_sensitive = true. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit e3c40250fb1afafe833a02ff65474a76ea6e41eb Author: Jeremy Allison Date: Tue Nov 9 14:23:22 2021 -0800 s3: smbd: SMB1 reply_copy(). Posix pathnames should never call into mangle_is_mangled(). Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit d0d8f32d8f764bb2c9c00a3eda36367a7cd5a08f Author: Jeremy Allison Date: Tue Nov 9 14:21:41 2021 -0800 s3: smbd: I
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 0a546be0529 CVE-2020-25717: s3:auth: Fallback to a SID/UID based
mapping if the named based lookup fails
via 494bf7de6ff CVE-2020-25717: tests/krb5: Add a test for idmap_nss
mapping users to SIDs
via 8a9f2aa2c1c CVE-2020-25717: selftest: turn ad_member_no_nss_wb into
ad_member_idmap_nss
via fdbee5e074e CVE-2020-25717: nsswitch/nsstest.c: Lower 'non existent
uid' to make room for new accounts
via 5ea347d3673 CVE-2020-25717: tests/krb5: Add method to automatically
obtain server credentials
via bfd093648b4 CVE-2020-25727: idmap_nss: verify that the name of the
sid belongs to the configured domain
from c69b66f649c IPA DC: add missing checks
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 0a546be05295a7e4a552f9f4f0c74aeb2e9a0d6e
Author: Andrew Bartlett
Date: Fri Nov 12 16:10:31 2021 +1300
CVE-2020-25717: s3:auth: Fallback to a SID/UID based mapping if the named
based lookup fails
Before the CVE-2020-25717 fixes we had a fallback from
getpwnam('DOMAIN\user') to getpwnam('user') which was very dangerous and
unpredictable.
Now we do the fallback based on sid_to_uid() followed by
getpwuid() on the returned uid.
This obsoletes 'username map [script]' based workaround adviced
for CVE-2020-25717, when nss_winbindd is not used or
idmap_nss is actually used.
In future we may decide to prefer or only do the SID/UID based
lookup, but for now we want to keep this unchanged as much as possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901
Pair-Programmed-With: Stefan Metzmacher
Signed-off-by: Andrew Bartlett
Signed-off-by: Stefan Metzmacher
[me...@samba.org moved the new logic into the fallback codepath only
in order to avoid behavior changes as much as possible]
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Mon Nov 15 19:01:56 UTC 2021 on sn-devel-184
commit 494bf7de6ff3e9abeb3753df0635737b80ce5bb7
Author: Joseph Sutton
Date: Fri Nov 12 14:22:47 2021 +1300
CVE-2020-25717: tests/krb5: Add a test for idmap_nss mapping users to SIDs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901
Pair-Programmed-With: Stefan Metzmacher
Signed-off-by: Joseph Sutton
Signed-off-by: Stefan Metzmacher
[me...@samba.org removed unused tests for a feature that
was removed before merging]
Reviewed-by: Ralph Boehme
commit 8a9f2aa2c1cdfa72ad50d7c4f879220fe37654cd
Author: Joseph Sutton
Date: Fri Nov 12 14:20:45 2021 +1300
CVE-2020-25717: selftest: turn ad_member_no_nss_wb into ad_member_idmap_nss
In reality environments without 'nss_winbind' make use of 'idmap_nss'.
For testing, DOMAIN/bob is mapped to the local 'bob',
while DOMAIN/jane gets the uid based on the local 'jane'
vis idmap_nss.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901
Pair-Programmed-With: Stefan Metzmacher
Signed-off-by: Joseph Sutton
Signed-off-by: Stefan Metzmacher
[me...@samba.org avoid to create a new ad_member_idmap_nss environment
and merge it with ad_member_no_nss_wb instead]
Reviewed-by: Ralph Boehme
commit fdbee5e074ebd76d659613b8b7114d70f938c38a
Author: Joseph Sutton
Date: Fri Nov 12 20:53:30 2021 +1300
CVE-2020-25717: nsswitch/nsstest.c: Lower 'non existent uid' to make room
for new accounts
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901
Signed-off-by: Joseph Sutton
Reviewed-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
commit 5ea347d3673e35891613c90ca837d1ce4833c1b0
Author: Joseph Sutton
Date: Fri Nov 12 14:14:55 2021 +1300
CVE-2020-25717: tests/krb5: Add method to automatically obtain server
credentials
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901
Signed-off-by: Joseph Sutton
Reviewed-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
commit bfd093648b4af51d104096c0cb3535e8706671e5
Author: Stefan Metzmacher
Date: Fri Nov 12 15:27:58 2021 +0100
CVE-2020-25727: idmap_nss: verify that the name of the sid belongs to the
configured domain
We already check the sid belongs to the domain, but checking the name
too feels better and make it easier to understand.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
---
Summary of changes:
nsswitch/nsstest.c| 2 +-
python/samba/tests/krb5/kdc_base_test.py | 42 ++
python/samba/tests/krb5/test_idmap_nss.py | 232 ++
python/samba/tests/usage.py | 1 +
selftest/target
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c89799beda6 docs-xml: Fix smbget manpage from 57c1e115ece smbd: reopen logs on SIGHUP for notifyd and cleanupd https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c89799beda6757c03045e3b103344adc15006a33 Author: Andreas Schneider Date: Thu Nov 11 14:46:15 2021 +0100 docs-xml: Fix smbget manpage There is no anymore. Signed-off-by: Andreas Schneider Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Thu Nov 11 16:27:12 UTC 2021 on sn-devel-184 --- Summary of changes: docs-xml/manpages/smbget.1.xml | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/smbget.1.xml b/docs-xml/manpages/smbget.1.xml index e91e5eb8cf4..64924ef9ca8 100644 --- a/docs-xml/manpages/smbget.1.xml +++ b/docs-xml/manpages/smbget.1.xml @@ -34,6 +34,7 @@ -b, --blocksize -O, --stdout -u, --update + -e, --encrypt -?, --help --usage smb://host/share/path/to/file @@ -145,7 +146,10 @@ Download only when remote file is newer than local file or local file is missing. - + +-e, --encrypt + Enable SMB encryption. + -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 06ed4ccba6c lib/cmdline: setup default file logging for servers
via 97592f16bfb lib/cmdline: remember config_type in
samba_cmdline_init()
via 120a598e531 lib/cmdline: fix indentation
via fa9d9974d06 lib/debug: in debug_set_logfile() call
reopen_logs_internal()
via 948a82bd265 lib/debug: fix fd check before dup'ing to stderr
via 117d45df47a winbindd: remove is_default_dyn_LOGFILEBASE() logic
via 54f54fc2627 samba-bgqd: fix startup and logging
via 25043ebb2e6 source3: move lib/substitute.c functions out of proto.h
from c28be406746 auth:creds: Guess the username first via getpwuid(my_id)
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 06ed4ccba6cfe08aef061866f98b1d1da26682b8
Author: Ralph Boehme
Date: Mon Nov 8 12:09:43 2021 +0100
lib/cmdline: setup default file logging for servers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
RN: samba process doesn't log to logfile
Signed-off-by: Ralph Boehme
Reviewed-by: Andreas Schneider
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Thu Nov 11 14:42:13 UTC 2021 on sn-devel-184
commit 97592f16bfb8590efbd2ed31fc9883d747ec650f
Author: Ralph Boehme
Date: Mon Nov 8 12:09:16 2021 +0100
lib/cmdline: remember config_type in samba_cmdline_init()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
Signed-off-by: Ralph Boehme
Reviewed-by: Andreas Schneider
commit 120a598e53173aacc0994318223bdac33dac4fbd
Author: Ralph Boehme
Date: Mon Nov 8 12:08:47 2021 +0100
lib/cmdline: fix indentation
s/whitespace/tab/
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
Signed-off-by: Ralph Boehme
Reviewed-by: Andreas Schneider
commit fa9d9974d068897d35539e5316f606a15e8b38de
Author: Ralph Boehme
Date: Mon Nov 8 19:41:50 2021 +0100
lib/debug: in debug_set_logfile() call reopen_logs_internal()
This simplifies the logging API for callers that typically would want to set
logging by just setup_logging() once without bothering that typically
configuration is loaded (via some lpcfg_load*() or lp_load*() varient) which
will only then pick up the configured logfile from smb.conf without actually
applying the new logifle to the logging subsytem.
Therefor our daemons will additionally call reopen_logs() explicitly in
their
startup code after config is loaded, eg
setup_logging(getprogname(), DEBUG_FILE);
...
lpcfg_load(lp_ctx, config_file);
...
reopen_logs();
By calling reopen_logs_internal() implicitly from debug_set_logfile()
there's no
need to call reopen_logs() explicitly anymore to apply the logfile.
As reopen_logs() will also apply other logging configuration options, we
have to
keep the explicit calls in the daemon code. But at least this allows
consistent
logging setup wrt to the logfile in the new cmdline library.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
Signed-off-by: Ralph Boehme
Reviewed-by: Andreas Schneider
commit 948a82bd2651e73e4e669a89dc77ba93abbb9b2f
Author: Ralph Boehme
Date: Wed Nov 10 14:13:11 2021 +0100
lib/debug: fix fd check before dup'ing to stderr
Before I added per-class logfile and we had only one fd for the logfile the
code
looked like this:
/* Take over stderr to catch output into logs */
if (state.fd > 0) {
if (dup2(state.fd, 2) == -1) {
/* Close stderr too, if dup2 can't point it -
at the logfile. There really isn't much
that can be done on such a fundamental
failure... */
close_low_fd(2);
}
}
In the current code the equivalent to state.fd is dbgc_config[DBGC_ALL].fd.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
Signed-off-by: Ralph Boehme
Reviewed-by: Andreas Schneider
commit 117d45df47a1f3206bc38aaeaa11f2b327e43530
Author: Ralph Boehme
Date: Wed Nov 10 18:27:08 2021 +0100
winbindd: remove is_default_dyn_LOGFILEBASE() logic
Handling of -l commandline parameter is already implemented by lib/cmdline/.
is_default_dyn_LOGFILEBASE() == true is the default case and this causes us
to
temporarily overwrite the configured logfile with LOGFILEBASE/log.winbindd
until
winbindd_reload_services_file() restores it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
Signed-off-by: Ralph Boehme
Reviewed-by: Andreas Schneider
commit 54f54fc2627acbf5fac5e1fa86ab9f743741f3c4
Author: Ralph Boehme
Date: Thu Nov 11 05:23:09 2021 +0
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 141f3f5f9a5 s3: smbd: Ensure in the directory scanning loops inside
rmdir_internals() we don't overwrite the 'ret' variable.
via adfad639096 s3: smbtorture3: Add test for setting delete on close
on a directory, then creating a file within to see if delete succeeds.
from b919798f575 smbd: early out in is_visible_fsp()
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 141f3f5f9a5ef556cc7864b2afbf8ad48b7ebe77
Author: Jeremy Allison
Date: Wed Nov 3 19:02:36 2021 -0700
s3: smbd: Ensure in the directory scanning loops inside rmdir_internals()
we don't overwrite the 'ret' variable.
If we overwrite with ret=0, we return NT_STATUS_OK even when we goto err.
This function should be restructured to use NT_STATUS internally,
and make 'int ret' transitory, but that's a patch for another
time.
Remove knownfail.
BUG: BUG: https://bugzilla.samba.org/show_bug.cgi?id=14892
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Thu Nov 4 09:10:27 UTC 2021 on sn-devel-184
commit adfad6390962022277cc6aacaa388af86e46b71c
Author: Jeremy Allison
Date: Wed Nov 3 16:50:10 2021 -0700
s3: smbtorture3: Add test for setting delete on close on a directory, then
creating a file within to see if delete succeeds.
Exposes an existing problem where "ret" is overwritten
in the directory scan.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14892
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
---
Summary of changes:
source3/selftest/tests.py | 15 +
source3/smbd/close.c| 13 +++--
source3/torture/proto.h | 1 +
source3/torture/test_smb2.c | 136
source3/torture/torture.c | 4 ++
5 files changed, 163 insertions(+), 6 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 5aba11c11b1..41ed728a03e 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -256,6 +256,21 @@ plantestsuite("samba3.smbtorture_s3.plain.%s" %
"SMB2-LIST-DIR-ASYNC",
smbtorture3,
"",
"-l $LOCAL_PATH"])
+#
+# SMB2-DEL-ON-CLOSE-NONEMPTY needs to run against a special fileserver share
veto_files_delete
+#
+plantestsuite("samba3.smbtorture_s3.plain.%s" % "SMB2-DEL-ON-CLOSE-NONEMPTY",
+"fileserver",
+[os.path.join(samba3srcdir,
+ "script/tests/test_smbtorture_s3.sh"),
+'SMB2-DEL-ON-CLOSE-NONEMPTY',
+'//$SERVER_IP/veto_files_delete',
+'$USERNAME',
+'$PASSWORD',
+smbtorture3,
+"",
+"-l $LOCAL_PATH"])
+
shares = [
diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index ad10215a4fa..e6272376739 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -1058,6 +1058,7 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct
files_struct *fsp)
struct smb_filename *smb_dname_full = NULL;
struct smb_filename *direntry_fname = NULL;
char *fullname = NULL;
+ int retval;
if (ISDOT(dname) || ISDOTDOT(dname)) {
TALLOC_FREE(talloced);
@@ -1092,8 +1093,8 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct
files_struct *fsp)
goto err;
}
- ret = SMB_VFS_LSTAT(conn, smb_dname_full);
- if (ret != 0) {
+ retval = SMB_VFS_LSTAT(conn, smb_dname_full);
+ if (retval != 0) {
int saved_errno = errno;
TALLOC_FREE(talloced);
TALLOC_FREE(fullname);
@@ -1136,8 +1137,8 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct
files_struct *fsp)
}
/* Not a DFS link - could it be a dangling symlink ? */
- ret = SMB_VFS_STAT(conn, smb_dname_full);
- if (ret == -1 && (errno == ENOENT || errno == ELOOP)) {
+ retval = SMB_VFS_STAT(conn, smb_dname_full);
+ if (retval == -1 && (errno == ENOENT || errno ==
ELOOP)) {
/*
* Dangling symlink.
* Allow delete as "delete veto files = yes"
@@ -1240,8 +1241,8 @@ static
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via bbdcd66c048 s3: smbd: dirfsp is being used uninitialized inside
rmdir_internals().
from a8a0667263d s3:librpc: Improve calling of krb5_kt_end_seq_get()
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit bbdcd66c048fee39629aeff450b50d049806e2f7
Author: Jeremy Allison
Date: Tue Nov 2 10:44:44 2021 -0700
s3: smbd: dirfsp is being used uninitialized inside rmdir_internals().
Not caught be the tests in bugs 14878, 14879 as can_delete_directory_fsp()
doesn't have the same bug.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14892
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Wed Nov 3 14:33:49 UTC 2021 on sn-devel-184
---
Summary of changes:
source3/smbd/close.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index eae276b2e9c..ad10215a4fa 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -1052,6 +1052,8 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct
files_struct *fsp)
goto err;
}
+ dirfsp = dir_hnd_fetch_fsp(dir_hnd);
+
while ((dname = ReadDirName(dir_hnd, , , )) != NULL)
{
struct smb_filename *smb_dname_full = NULL;
struct smb_filename *direntry_fname = NULL;
@@ -1200,7 +1202,6 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct
files_struct *fsp)
/* Do a recursive delete. */
RewindDir(dir_hnd,);
- dirfsp = dir_hnd_fetch_fsp(dir_hnd);
while ((dname = ReadDirName(dir_hnd, , , )) != NULL)
{
struct smb_filename *direntry_fname = NULL;
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 494eb0c22a6 debug: Add new smb.conf option "debug syslog format" via 5e1e9d74ab6 debug: Add debug_syslog_format setting from be3a47e22ad s3:modules:recycle - fix crash in recycle_unlink_internal https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 494eb0c22a67f0a9672a53f8941ad6fecf291a77 Author: Martin Schwenke Date: Sun Oct 31 11:59:30 2021 +1100 debug: Add new smb.conf option "debug syslog format" Signed-off-by: Martin Schwenke Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Mon Nov 1 07:29:47 UTC 2021 on sn-devel-184 commit 5e1e9d74ab6f59a62ac8dae3239299a0ef334708 Author: Martin Schwenke Date: Thu Oct 28 19:05:19 2021 +1100 debug: Add debug_syslog_format setting Without debug_hires_timestamp this produces a syslog style header containing: "MON DD HH:MM:SS HOSTNAME PROGNAME[PID] " With debug_hires_timestamp this produces a syslog style header containing: "RFC5424-TIMESTAMP HOSTNAME PROGNAME[PID] " All other settings are ignored. This will be made visible via smb.conf in a subsequent commit. This commit adds some simple hostname handling. It avoids using get_myname() from util.c because using that potentially pulls in all manner of dependencies. No real error handling is done. In the worst case debug_set_hostname() sets the hostname to a truncated version of the given string. Similarly, in an even weirder world, ensure_hostname() sets the hostname to a truncation of "unknown". Both of these are unlikely in all reasonable cases. Signed-off-by: Martin Schwenke Reviewed-by: Ralph Boehme --- Summary of changes: .../smbdotconf/logging/debughirestimestamp.xml | 3 +- docs-xml/smbdotconf/logging/debugsyslogformat.xml | 21 ++ lib/param/loadparm.c | 2 + lib/util/debug.c | 75 +- lib/util/debug.h | 2 + lib/util/debug_s3.c| 2 + source3/param/loadparm.c | 1 + 7 files changed, 104 insertions(+), 2 deletions(-) create mode 100644 docs-xml/smbdotconf/logging/debugsyslogformat.xml Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/logging/debughirestimestamp.xml b/docs-xml/smbdotconf/logging/debughirestimestamp.xml index 72598d757ca..79d928ab3d9 100644 --- a/docs-xml/smbdotconf/logging/debughirestimestamp.xml +++ b/docs-xml/smbdotconf/logging/debughirestimestamp.xml @@ -9,7 +9,8 @@ -Note that the parameter must be on for this to have an effect. +Note that the parameter or + must be on for this to have an effect. diff --git a/docs-xml/smbdotconf/logging/debugsyslogformat.xml b/docs-xml/smbdotconf/logging/debugsyslogformat.xml new file mode 100644 index 000..f943f3a5323 --- /dev/null +++ b/docs-xml/smbdotconf/logging/debugsyslogformat.xml @@ -0,0 +1,21 @@ +http://www.samba.org/samba/DTD/samba-doc;> + + +With this option enabled, debug messages are printed in a +single-line format like that traditionally produced by syslog. +The timestamp consists of an abbreviated month, space-padded date, +and time including seconds. This is followed by the hostname and +the program name, with the process-ID in square brackets. + + + +If is also enabled +then an RFC5424 timestamp is used instead. + + + +no + diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c index 2eac1ba7c38..9c725402758 100644 --- a/lib/param/loadparm.c +++ b/lib/param/loadparm.c @@ -2559,6 +2559,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx) lpcfg_do_global_parameter(lp_ctx, "debug timestamp", "Yes"); lpcfg_do_global_parameter(lp_ctx, "debug prefix timestamp", "No"); lpcfg_do_global_parameter(lp_ctx, "debug hires timestamp", "Yes"); + lpcfg_do_global_parameter(lp_ctx, "debug syslog format", "No"); lpcfg_do_global_parameter(lp_ctx, "debug pid", "No"); lpcfg_do_global_parameter(lp_ctx, "debug uid", "No"); lpcfg_do_global_parameter(lp_ctx, "debug class", "No"); @@ -3102,6 +3103,7 @@ static bool lpcfg_update(struct loadparm_context *lp_ctx) settings.timestamp_logs = lp_ctx->globals->timestamp_logs; settings.debug_prefix_timestamp = lp_ctx->globals->debug_prefix_timestamp; settings.debug_hires_timestamp = lp_ctx->globals->d
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 0b818c6b77e s3: docs-xml: Clarify the "delete veto files" paramter.
via e9ef970eee5 s3: smbd: Fix logic in can_delete_directory_fsp() to
cope with dangling symlinks.
via 26fecad2e66 s3: smbd: Fix logic in rmdir_internals() to cope with
dangling symlinks.
via a37d16e7c55 s3: smbd: Fix rmdir_internals() to do an early return
if lp_delete_veto_files() is not set.
via f254be19d65 s3: VFS: xattr_tdb. Allow unlinkat to cope with
dangling symlinks.
via 295d7d026ba s3: VFS: streams_depot. Allow unlinkat to cope with
dangling symlinks.
via 942123b9592 s3: smbd: Add two tests showing the ability to delete a
directory containing a dangling symlink over SMB2 depends on "delete veto
files" setting.
via 73de1194c3c s3: smbd: Fix recursive directory delete of a directory
containing veto file and msdfs links.
via ad0082d79a6 s3: smbd: Add two tests showing recursive directory
delete of a directory containing veto file and msdfs links over SMB2.
from 866c1633277 editorconfig: Heimdal has mixed spaces and tabs with
different width
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 0b818c6b77e972626d0b071bebcf4ce55619fb84
Author: Jeremy Allison
Date: Mon Oct 25 12:42:02 2021 -0700
s3: docs-xml: Clarify the "delete veto files" paramter.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Fri Oct 29 14:57:14 UTC 2021 on sn-devel-184
commit e9ef970eee5eca8ab3720279c54098e91d2dfda9
Author: Jeremy Allison
Date: Mon Oct 25 12:36:57 2021 -0700
s3: smbd: Fix logic in can_delete_directory_fsp() to cope with dangling
symlinks.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
commit 26fecad2e66e91a3913d88ee2e0889f266e91d89
Author: Jeremy Allison
Date: Mon Oct 25 12:32:29 2021 -0700
s3: smbd: Fix logic in rmdir_internals() to cope with dangling symlinks.
Still need to add the same logic in can_delete_directory_fsp()
before we can delete the knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
commit a37d16e7c55f85e3f2c9c8614755ea6307092d5f
Author: Jeremy Allison
Date: Mon Oct 25 12:21:37 2021 -0700
s3: smbd: Fix rmdir_internals() to do an early return if
lp_delete_veto_files() is not set.
Fix the comments to match what the code actually does. The
exit at the end of the scan directory loop if we find a client
visible filename is a change in behavior, but the previous
behavior (not exist on visible filename, but delete it) was
a bug and in non-tested code. Now it's testd.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
commit f254be19d6501a4f573843af97963e350a9ee2ed
Author: Jeremy Allison
Date: Mon Oct 25 12:02:43 2021 -0700
s3: VFS: xattr_tdb. Allow unlinkat to cope with dangling symlinks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
commit 295d7d026babe3cd5123d0f53adcb16868907f05
Author: Jeremy Allison
Date: Mon Oct 25 12:01:58 2021 -0700
s3: VFS: streams_depot. Allow unlinkat to cope with dangling symlinks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
commit 942123b95923f35a32df4196a072a3ed3468396a
Author: Jeremy Allison
Date: Thu Oct 21 16:37:27 2021 -0700
s3: smbd: Add two tests showing the ability to delete a directory
containing a dangling symlink over SMB2 depends on "delete veto files" setting.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
commit 73de1194c3c429ab93d722a852aa4f54213b112a
Author: Jeremy Allison
Date: Thu Oct 21 16:18:24 2021 -0700
s3: smbd: Fix recursive directory delete of a directory containing veto
file and msdfs links.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14878
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
commit ad0082d79a681b981154747dcde5713e1933b88f
Author: Jeremy Allison
Date: Thu Oct 21 15:06:20 2021 -0700
s3: smbd: Add two tests showing recursive directory delete of a directory
containing veto file and msdfs links over SMB2.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14878
Signed-off-by: Jerem
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 16d43ccfddf lib:cmdline: Fix -k option which doesn't expect anything
via 5c6640470aa testprogs: Use new cmdline option for kerberos
from 2be0a19d448 Revert "samba-tool: Pick local host if calling
samba-tool from DC"
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 16d43ccfddf0e67a0ae87e3f13b3114c858d64ac
Author: Andreas Schneider
Date: Wed Oct 27 13:45:15 2021 +0200
lib:cmdline: Fix -k option which doesn't expect anything
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14846
Signed-off-by: Andreas Schneider
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Thu Oct 28 13:23:34 UTC 2021 on sn-devel-184
commit 5c6640470aa845780fbf17961e67b0d9302c2fbc
Author: Andreas Schneider
Date: Wed Oct 27 15:30:20 2021 +0200
testprogs: Use new cmdline option for kerberos
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14846
Signed-off-by: Andreas Schneider
Reviewed-by: Ralph Boehme
---
Summary of changes:
lib/cmdline/cmdline.c | 2 +-
testprogs/blackbox/test_kpasswd_heimdal.sh | 6 +++---
testprogs/blackbox/test_kpasswd_mit.sh | 2 +-
3 files changed, 5 insertions(+), 5 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/cmdline/cmdline.c b/lib/cmdline/cmdline.c
index 5dd543f244d..753cec27c3f 100644
--- a/lib/cmdline/cmdline.c
+++ b/lib/cmdline/cmdline.c
@@ -1251,7 +1251,7 @@ static struct poptOption popt_legacy_s3[] = {
{
.longName = "kerberos",
.shortName = 'k',
- .argInfo= POPT_ARG_STRING,
+ .argInfo= POPT_ARG_NONE,
.val= 'k',
.descrip= "DEPRECATED: Migrate to --use-kerberos",
},
diff --git a/testprogs/blackbox/test_kpasswd_heimdal.sh
b/testprogs/blackbox/test_kpasswd_heimdal.sh
index 1cf61e5d07d..43f38b09de2 100755
--- a/testprogs/blackbox/test_kpasswd_heimdal.sh
+++ b/testprogs/blackbox/test_kpasswd_heimdal.sh
@@ -71,10 +71,10 @@ testit "kinit with user password" \
do_kinit $TEST_PRINCIPAL $TEST_PASSWORD || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache" \
- "ls" "$SMB_UNC" -k yes || failed=`expr $failed + 1`
+ "ls" "$SMB_UNC" --use-kerberos=required || failed=`expr $failed + 1`
testit "change user password with 'samba-tool user password' (unforced)" \
- $VALGRIND $PYTHON $samba_tool user password -W$DOMAIN
-U$TEST_USERNAME%$TEST_PASSWORD -k no --newpassword=$TEST_PASSWORD_NEW ||
failed=`expr $failed + 1`
+ $VALGRIND $PYTHON $samba_tool user password -W$DOMAIN
-U$TEST_USERNAME%$TEST_PASSWORD --use-kerberos=off
--newpassword=$TEST_PASSWORD_NEW || failed=`expr $failed + 1`
TEST_PASSWORD_OLD=$TEST_PASSWORD
TEST_PASSWORD=$TEST_PASSWORD_NEW
@@ -84,7 +84,7 @@ testit "kinit with user password" \
do_kinit $TEST_PRINCIPAL $TEST_PASSWORD || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache" \
- "ls" "$SMB_UNC" -k yes || failed=`expr $failed + 1`
+ "ls" "$SMB_UNC" --use-kerberos=required || failed=`expr $failed + 1`
###
### check that a short password is rejected
diff --git a/testprogs/blackbox/test_kpasswd_mit.sh
b/testprogs/blackbox/test_kpasswd_mit.sh
index 0d1dcf2eae4..df0f53e0041 100755
--- a/testprogs/blackbox/test_kpasswd_mit.sh
+++ b/testprogs/blackbox/test_kpasswd_mit.sh
@@ -74,7 +74,7 @@ test_smbclient "Test login with user kerberos ccache" \
"ls" "$SMB_UNC" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed +
1`
testit "change user password with 'samba-tool user password' (unforced)" \
- $VALGRIND $PYTHON $samba_tool user password -W$DOMAIN
-U$TEST_USERNAME%$TEST_PASSWORD -k no --newpassword=$TEST_PASSWORD_NEW ||
failed=`expr $failed + 1`
+ $VALGRIND $PYTHON $samba_tool user password -W$DOMAIN
-U$TEST_USERNAME%$TEST_PASSWORD --use-kerberos=off
--newpassword=$TEST_PASSWORD_NEW || failed=`expr $failed + 1`
TEST_PASSWORD_OLD=$TEST_PASSWORD
TEST_PASSWORD=$TEST_PASSWORD_NEW
--
Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 9718fc0 team: add Jule from 85550a3 support/globalsupport: update Sernet Samba team https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 9718fc0819294e7af681a90882fdd5aa8e4f8ddd Author: Ralph Boehme Date: Wed Oct 20 09:46:42 2021 +0200 team: add Jule --- Summary of changes: team/index.html | 1 + 1 file changed, 1 insertion(+) Changeset truncated at 500 lines: diff --git a/team/index.html b/team/index.html index 117259f..ec7e369 100755 --- a/team/index.html +++ b/team/index.html @@ -50,6 +50,7 @@ mailing list and start contributing to the development of Samba. https://www.samba.org/~obnox/;>Michael Adam(https://www.redhat.com/;>Red Hat) https://www.samba.org/~jra;>Jeremy Allison mailto:a...@samba.org;>Christian Ambach +mailto:jan...@samba.org;>Jule Anger(http://www.sernet.de/en/;>SerNet) mailto:aap...@samba.org;>Aurlien Aptel(https://www.suse.com/;>SUSE) http://halo.gen.nz/;>Douglas Bagnall(http://catalyst.net.nz/what-we-offer/enterprise-solutions/samba;>Catalyst) https://www.samba.org/~abartlet/;>Andrew Bartlett(http://catalyst.net.nz/what-we-offer/enterprise-solutions/samba;>Catalyst) -- Samba Website Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 85550a3 support/globalsupport: update Sernet Samba team from a149f34 Add Samba 4.14.8 https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 85550a3d9412f33e65397e430181b5ce1e541fe9 Author: Ralph Boehme Date: Wed Oct 20 07:57:14 2021 +0200 support/globalsupport: update Sernet Samba team --- Summary of changes: support/globalsupport.html | 2 -- 1 file changed, 2 deletions(-) Changeset truncated at 500 lines: diff --git a/support/globalsupport.html b/support/globalsupport.html index 1f733c1..765aadb 100644 --- a/support/globalsupport.html +++ b/support/globalsupport.html @@ -90,8 +90,6 @@ fixes numerous Samba bugs. mailto:me...@samba.org>Stefan Metzmacher works on ActiveDirectory and security, he is one of the main Samba 4 authors. -mailto:k...@samba.org>Karolin Seeger is member of the Samba Project Leadership committee. - Links: -- Samba Website Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 12d04d9a928 docs-xml: Update winbindd(8) manpage
via b92589c31f0 s3:winbindd: Fix winbindd child logfile name handling
from 4fe96583624 s3: smbd: Ensure when we change security context we
delete any $cwd cache.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 12d04d9a9288a9358d5f5aebaec126cc610952b1
Author: Pavel Filipenský
Date: Fri Oct 8 13:16:05 2021 +0200
docs-xml: Update winbindd(8) manpage
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14852
Signed-off-by: Pavel Filipenský
Reviewed-by: Ralph Boehme
Reviewed-by: Andreas Schneider
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Tue Oct 12 09:30:02 UTC 2021 on sn-devel-184
commit b92589c31f0eb3eaf2b3b1867e10b759f6a2edda
Author: Pavel Filipenský
Date: Thu Oct 7 12:08:22 2021 +0200
s3:winbindd: Fix winbindd child logfile name handling
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14852
Handling of logfile name for main and child winbindd must ensure:
1) Log directory is selected in this order:
* -l option of winbindd
* "log file" parameter in smb.conf
* compile time value '/usr/local/samba/var'
2) Log filename pattern
* parent process uses log.winbindd
* child uses log.wb-
3) Log reopen works for both parent and child (i.e. log filename is not
changed)
* kill -HUP
* smbcontrol reload-config
This commit removes 3 calls of is_default_dyn_LOGFILEBASE() to make sure
that:
- 1st removal: child uses log.wb- after the fork
- 2nd removal: child after HUP signal, does not switch to log.winbindd
- 3rd removal: child after smbcontrol reload-config, does not switch to
log.winbindd
Interesting commits: bfa1b2a8 1484b7f3 3b015a4c d1f7a371
Signed-off-by: Pavel Filipenský
Reviewed-by: Ralph Boehme
Reviewed-by: Andreas Schneider
---
Summary of changes:
docs-xml/manpages/winbindd.8.xml | 20 +++-
source3/winbindd/winbindd_dual.c | 11 ++-
2 files changed, 25 insertions(+), 6 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages/winbindd.8.xml b/docs-xml/manpages/winbindd.8.xml
index 3b7487c1b1c..7a643b8879c 100644
--- a/docs-xml/manpages/winbindd.8.xml
+++ b/docs-xml/manpages/winbindd.8.xml
@@ -195,7 +195,25 @@ hosts: files wins
-
+
+
+
+
+
+ -l|--log-basename=logdirectory
+
+
+ Base directory name for log/debug
files. The parent process
+ uses filename log.winbindd, the child
process uses filename
+ log.wb-name>. The log file is never
removed by winbindd.
+
+
+
+
+
+
+
+
diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c
index e19dfafc52f..b275dfb128c 100644
--- a/source3/winbindd/winbindd_dual.c
+++ b/source3/winbindd/winbindd_dual.c
@@ -1544,15 +1544,16 @@ NTSTATUS winbindd_reinit_after_fork(const struct
winbindd_child *myself,
close_conns_after_fork();
- if (is_default_dyn_LOGFILEBASE() && logfilename) {
+ if (logfilename != NULL) {
lp_set_logfile(logfilename);
reopen_logs();
}
- if (!winbindd_setup_sig_term_handler(false))
+ if (!winbindd_setup_sig_term_handler(false)) {
return NT_STATUS_NO_MEMORY;
- if (!winbindd_setup_sig_hup_handler(
- !is_default_dyn_LOGFILEBASE() ? NULL : logfilename)) {
+ }
+
+ if (!winbindd_setup_sig_hup_handler(logfilename)) {
return NT_STATUS_NO_MEMORY;
}
@@ -1777,7 +1778,7 @@ static bool fork_domain_child(struct winbindd_child
*child)
winbind_msg_disconnect_dc);
messaging_register(
global_messaging_context(),
- !is_default_dyn_LOGFILEBASE() ? NULL : child->logfilename,
+ child->logfilename,
MSG_SMB_CONF_UPDATED,
winbindd_msg_reload_services_child);
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 4fe96583624 s3: smbd: Ensure when we change security context we
delete any $cwd cache.
via 954e637ddc6 s3: selftest: Add regression test to show the $cwd
cache is misbehaving when we connect as a different user on a share.
from 3268bcd8f56 vfs: add and use a few SMB_VFS_ODX defines
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 4fe965836243928ac33eb95a67d3e889fdc15861
Author: Jeremy Allison
Date: Thu Oct 7 14:11:25 2021 -0700
s3: smbd: Ensure when we change security context we delete any $cwd cache.
This will ensure we *always* call into the VFS_SMB_CHDIR backends
on security context switch. The $cwd was an optimization that
was only looking at the raw filesystem path. We could delete it
completely but that is a patch for another day.
Remove knownfail on regression test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14682
RN: vfs_shadow_copy2: core dump in make_relative_path
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Fri Oct 8 21:28:04 UTC 2021 on sn-devel-184
commit 954e637ddc6f0f5291d0a15cdbcbc6a4f7a6cb13
Author: Jeremy Allison
Date: Thu Oct 7 14:08:48 2021 -0700
s3: selftest: Add regression test to show the $cwd cache is misbehaving
when we connect as a different user on a share.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14682
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
---
Summary of changes:
source3/script/tests/test_chdir_cache.sh | 102 +++
source3/selftest/tests.py| 9 +++
source3/smbd/sec_ctx.c | 8 +++
3 files changed, 119 insertions(+)
create mode 100755 source3/script/tests/test_chdir_cache.sh
Changeset truncated at 500 lines:
diff --git a/source3/script/tests/test_chdir_cache.sh
b/source3/script/tests/test_chdir_cache.sh
new file mode 100755
index 000..6287d17354a
--- /dev/null
+++ b/source3/script/tests/test_chdir_cache.sh
@@ -0,0 +1,102 @@
+#!/bin/bash
+#
+# Ensure we get a chdir_current_service error if CHDIR fails with EACCESS
+# for an SMB2 request.
+#
+# BUG:https://bugzilla.samba.org/show_bug.cgi?id=14682
+#
+# Copyright (C) 2021 Jeremy Allison
+
+if [ $# -lt 5 ]; then
+echo Usage: test_chdir_user.sh \
+--configfile=SERVERCONFFILE SMBCLIENT SMBCONTROL SERVER SHARE
+exit 1
+fi
+
+CONF=$1; shift 1
+SMBCLIENT=$1; shift 1
+SMBCONTROL=$1; shift 1
+SERVER=$1; shift 1
+SHARE=$1; shift 1
+
+# Do not let deprecated option warnings muck this up
+SAMBA_DEPRECATED_SUPPRESS=1
+export SAMBA_DEPRECATED_SUPPRESS
+
+conf_dir=$(dirname ${SERVERCONFFILE})
+
+log_file=${conf_dir}/../smbd_test.log
+
+error_inject_conf=${conf_dir}/error_inject.conf
+> ${error_inject_conf}
+
+incdir=$(dirname $0)/../../../testprogs/blackbox
+. $incdir/subunit.sh
+
+failed=0
+
+cd $SELFTEST_TMPDIR || exit 1
+
+rm -f smbclient-stdin smbclient-stdout smbclient-stderr
+mkfifo smbclient-stdin smbclient-stdout smbclient-stderr
+
+CLI_FORCE_INTERACTIVE=1; export CLI_FORCE_INTERACTIVE
+
+${SMBCLIENT} //${SERVER}/${SHARE} ${CONF} -U${USER}%${PASSWORD} \
+< smbclient-stdin > smbclient-stdout 2>smbclient-stderr &
+CLIENT_PID=$!
+
+# Count the number of chdir_current_service: vfs_ChDir.*failed: Permission
denied
+# errors that are already in the log (should be zero).
+num_errs=`grep "chdir_current_service: vfs_ChDir.*failed: Permission denied"
${log_file} | wc -l`
+
+sleep 1
+
+exec 100>smbclient-stdin 101&100
+
+# consume the smbclient output
+head -n 4 <&101
+
+# Now change user to user2, and connect to the share.
+# This should leave us in the same share directory.
+echo "logon user2 ${PASSWORD}" >&100
+echo "tcon ${SHARE}" >&100
+
+# consume the smbclient output
+head -n 4 <&101
+
+# Ensure any chdir will give EACCESS.
+echo "error_inject:chdir = EACCES" > ${error_inject_conf}
+${SMBCONTROL} ${CONF} 0 reload-config
+
+sleep 1
+
+# Do an 'ls' as user2. Changing users should have
+# deleted the CHDIR cache, so we should now see
+# a chdir_current_service: vfs_ChDir.*failed: Permission denied
+# error message in the log.
+echo 'ls' >&100
+
+kill ${CLIENT_PID}
+rm -f smbclient-stdin smbclient-stdout smbclient-stderr
+
+# Remove the chdir inject.
+> ${error_inject_conf}
+${SMBCONTROL} ${CONF} 0 reload-config
+
+# Now look for chdir_current_service: vfs_ChDir.*failed: Permission denied
+# in the smb log. There should be one more than before.
+
+num_errs1=`grep "chdir_current_service: vfs_ChDir.*failed: Permission denied"
${log_file} | wc -l`
+
+testit "Verify we got at least one chdir
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 702ebb3d8c8 registry: skip root check when running with uid-wrapper
enabled
from ec95b3042bf tests/krb5: Add RodcPacEncryptionKey type allowing for
RODC PAC signatures
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 702ebb3d8c8d9f7241bb264f9cb2a41a3dc46f32
Author: Ralph Boehme
Date: Wed Aug 25 09:26:00 2021 +0200
registry: skip root check when running with uid-wrapper enabled
Currently registry config is not used in the clustered testenv, so currently
there's no problem. But once we do add that, the check would be triggered.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14787
Signed-off-by: Ralph Boehme
Reviewed-by: Michael Adam
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Wed Sep 22 16:57:25 UTC 2021 on sn-devel-184
---
Summary of changes:
source3/registry/reg_backend_db.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Changeset truncated at 500 lines:
diff --git a/source3/registry/reg_backend_db.c
b/source3/registry/reg_backend_db.c
index 423b310fe8a..b1f6425d56a 100644
--- a/source3/registry/reg_backend_db.c
+++ b/source3/registry/reg_backend_db.c
@@ -737,7 +737,7 @@ WERROR regdb_init(void)
* Clustered Samba can only work as root because we need messaging to
* talk to ctdb which only works as root.
*/
-if (lp_clustering() && geteuid() != 0) {
+if (!uid_wrapper_enabled() && lp_clustering() && geteuid() != 0) {
DBG_ERR("Cluster mode requires running as root.\n");
return WERR_ACCESS_DENIED;
}
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via b053bea0af2 s4/torture/masktest: don't ignore unknown options via 0c47f244312 s4/torture/locktest: don't ignore unknown options via f6be1c18bf7 s4/torture/gentest: don't ignore unknown options via ecb27e02e11 s4/regtree: don't ignore unknown options via ac86779fe49 s4/regshell: don't ignore unknown options via 604ce3d85a8 s4/regpatch: don't ignore unknown options via 5c75b5bdeb9 s4/regdiff: don't ignore unknown options via 08532b3d2e0 s4/cifsdd: don't ignore unknown options via ac292ec428e testparm: don't ignore unknown options via b851d48277f split_tokens: don't ignore unknown options via 5562674a218 smbtree: don't ignore unknown options via d841457aedd smbget: don't ignore unknown options via 46a0da16710 smbcquotas: don't ignore unknown options via 3755304b6ef smbcacls: don't ignore unknown options via 5a2b4ba0598 sharesec: don't ignore unknown options via 246d4f7b934 regedit: don't ignore unknown options via 372adfda9f0 profiles: don't ignore unknown options via bcc4756d829 pdbedit: don't ignore unknown options via 5536e7981c3 ntlm_auth: don't ignore unknown options via ff6a16806f6 nmblookup: don't ignore unknown options via c84916fef55 mvxattr: don't ignore unknown options via 72a6cf1a8a2 log2pcaphex: don't ignore unknown options via 4056bebf05f s3/async-tracker: don't ignore unknown options via 96ab7909bd9 vfstest: don't ignore unknown options via e3c5516dc57 pdbtest: don't ignore unknown options via 6afa1b3485c rpcclient: don't ignore unknown options via d5f36072334 s3/param: don't ignore unknown options via 08512e3a541 source3/lib/smbconf: don't ignore unknown options via 98c977f44b6 nmblookup: don't ignore unknown options via 6845051266a s4/smbclient: don't ignore unknown options via 4053a59d8dc smbstatus: don't ignore unknown options via c87cc09315a texpect: don't ignore unknown options via d179c4f49b3 smbclient: don't ignore unknown options via 09fd46aa1cb selftest: remove unsupported smbcacls option --get via 29910da882d lib/cmdline: restore s3 option name --max-protocol for MAXPROTOCOL from 4.14 via 9a3b7f1338e manpages: remove duplicate options from smbclient via fdfc475000f selftest: fix ---configfile option via 8f3ef4e6c5a lib/cmdline: fix --configfile handling of POPT_COMMON_CONFIG_ONLY used by ntlm_auth from efba2c445c5 gpo: Add Chromium Group Policy https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b053bea0af2b2f059d7ed2c920f283d82339022f Author: Ralph Boehme Date: Fri Sep 10 07:27:51 2021 +0200 s4/torture/masktest: don't ignore unknown options BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Sep 10 16:02:10 UTC 2021 on sn-devel-184 commit 0c47f244312f193c299d5b5b7b00db90364f8c8e Author: Ralph Boehme Date: Fri Sep 10 07:27:13 2021 +0200 s4/torture/locktest: don't ignore unknown options BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit f6be1c18bf78db9e45be953d95ef8581daed5b4b Author: Ralph Boehme Date: Fri Sep 10 07:26:01 2021 +0200 s4/torture/gentest: don't ignore unknown options BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit ecb27e02e113c597f952457e8a7803325c4c620e Author: Ralph Boehme Date: Fri Sep 10 07:25:30 2021 +0200 s4/regtree: don't ignore unknown options BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit ac86779fe490318a943ab90e5d117537e839b55f Author: Ralph Boehme Date: Fri Sep 10 07:23:59 2021 +0200 s4/regshell: don't ignore unknown options BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit 604ce3d85a879aa50c045b1f36c0580748b72eb7 Author: Ralph Boehme Date: Fri Sep 10 07:22:12 2021 +0200 s4/regpatch: don't ignore unknown options BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit 5c75b5bdeb9b39843f115fe07f1a44689af3fcc5 Author: Ralph Boehme Date: Fri Sep 10 07:21:31 2021 +0200 s4/regdiff: don't ignore unknown options BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 867c6ff9f3f docs-xml: use upper case for "{client,server} smb3
{signing,encryption} algorithms" values
from 16e907f8415 Added russian translate file
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 867c6ff9f3f28ab4bfa0cb1660889f3f5be0d111
Author: Stefan Metzmacher
Date: Wed Sep 8 15:10:14 2021 +0200
docs-xml: use upper case for "{client,server} smb3 {signing,encryption}
algorithms" values
This matches what smbstatus prints out. Note there's also the removal of
an '-' in "hmac-sha-256" => HMAC-SHA256".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14825
RN: "{client,server} smb3 {signing,encryption} algorithms" should use the
same strings as smbstatus output
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Wed Sep 8 16:37:07 UTC 2021 on sn-devel-184
---
Summary of changes:
docs-xml/smbdotconf/security/clientsmbencryptionalgos.xml | 8
docs-xml/smbdotconf/security/clientsmbsigningalgos.xml| 10 +-
docs-xml/smbdotconf/security/serversmbencryptionalgos.xml | 8
docs-xml/smbdotconf/security/serversmbsigningalgos.xml| 10 +-
lib/param/loadparm.h | 4 ++--
libcli/smb/util.c | 14 +++---
6 files changed, 27 insertions(+), 27 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/smbdotconf/security/clientsmbencryptionalgos.xml
b/docs-xml/smbdotconf/security/clientsmbencryptionalgos.xml
index 27da51ad625..78df3f909e9 100644
--- a/docs-xml/smbdotconf/security/clientsmbencryptionalgos.xml
+++ b/docs-xml/smbdotconf/security/clientsmbencryptionalgos.xml
@@ -9,13 +9,13 @@
It is also possible to remove individual algorithms from the
default list,
by prefixing them with '-'. This can avoid having to specify a
hardcoded list.
- Note: that the removal of aes-128-ccm from the list will result
+ Note: that the removal of AES-128-CCM from the list will result
in SMB3_00 and SMB3_02 being unavailable, as it is the default and only
available algorithm for these dialects.
-aes-128-gcm, aes-128-ccm, aes-256-gcm,
aes-256-ccm
-aes-256-gcm
--aes-128-gcm -aes-128-ccm
+AES-128-GCM, AES-128-CCM, AES-256-GCM,
AES-256-CCM
+AES-256-GCM
+-AES-128-GCM -AES-128-CCM
diff --git a/docs-xml/smbdotconf/security/clientsmbsigningalgos.xml
b/docs-xml/smbdotconf/security/clientsmbsigningalgos.xml
index 1ad6c09626f..f7c61f3e661 100644
--- a/docs-xml/smbdotconf/security/clientsmbsigningalgos.xml
+++ b/docs-xml/smbdotconf/security/clientsmbsigningalgos.xml
@@ -9,14 +9,14 @@
It is also possible to remove individual algorithms from the
default list,
by prefixing them with '-'. This can avoid having to specify a
hardcoded list.
- Note: that the removal of aes-128-cmac from the list will result
- in SMB3_00 and SMB3_02 being unavailable, and the removal od
hmac-sha-256
+ Note: that the removal of AES-128-CMAC from the list will result
+ in SMB3_00 and SMB3_02 being unavailable, and the removal of HMAC-SHA256
will result in SMB2_02 and SMB2_10 being unavailable, as these are the
default and only
available algorithms for these dialects.
-aes-128-gmac, aes-128-cmac, hmac-sha-256
-aes-128-cmac, hmac-sha-256
--aes-128-cmac
+AES-128-GMAC, AES-128-CMAC, HMAC-SHA256
+AES-128-CMAC, HMAC-SHA256
+-AES-128-CMAC
diff --git a/docs-xml/smbdotconf/security/serversmbencryptionalgos.xml
b/docs-xml/smbdotconf/security/serversmbencryptionalgos.xml
index 3217970d4e7..2dd2db98cc5 100644
--- a/docs-xml/smbdotconf/security/serversmbencryptionalgos.xml
+++ b/docs-xml/smbdotconf/security/serversmbencryptionalgos.xml
@@ -9,13 +9,13 @@
It is also possible to remove individual algorithms from the
default list,
by prefixing them with '-'. This can avoid having to specify a
hardcoded list.
- Note: that the removal of aes-128-ccm from the list will result
+ Note: that the removal of AES-128-CCM from the list will result
in SMB3_00 and SMB3_02 being unavailable, as it is the default and only
available algorithm for these dialects.
-aes-128-gcm, aes-128-ccm, aes-256-gcm,
aes-256-ccm
-aes-256-gcm
--aes-128-gcm -aes-128-ccm
+AES-128-GCM, AES-128-CCM, AES-256-GCM,
AES-256-CCM
+AES-256-GCM
+-AES-128-GCM -AES-128-CCM
diff --git a/docs-xml/smbdotconf/security/serversmbsigningalgos.xml
b/docs-xml/smbdotconf/security/serversmbsigningalgos.xml
index e73d4f04242..7884e603b5b 100644
--- a/docs-xml/smbdotconf/security/serversmbsig
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 28686f87139 s4/samba: POPT_COMMON_DAEMON via 9d82454cdfc winbindd: use POPT_COMMON_DAEMON via a20f63b3847 nmbd: use POPT_COMMON_DAEMON via ae22442db43 smbd: use POPT_COMMON_DAEMON via 877183ac0b5 lib/cmdline: restore pre-4.15 logging behaviour for daemons via aaa3c6a4132 lib/cmdline: add POPT_COMMON_DAEMON daemon popt options from 2f2c53c4f8f s3: smbd: Fix openat_pathref_fsp() to cope with FIFO's in the filesystem. https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 28686f8713958726085bd38a0889aa7725c95371 Author: Ralph Boehme Date: Fri Sep 3 14:04:22 2021 +0200 s4/samba: POPT_COMMON_DAEMON Note: this also changes logging to go to stderr instead of stdout which is the same behaviour as smbd, nmbd and winbindd (starting with 4.15). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14803 RN: smbd/winbindd started in daemon mode generate output on stderr/stdout Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Mon Sep 6 14:23:15 UTC 2021 on sn-devel-184 commit 9d82454cdfc2b4b8007c7b54b3afd5686f49be19 Author: Ralph Boehme Date: Fri Sep 3 12:25:00 2021 +0200 winbindd: use POPT_COMMON_DAEMON Note: this also changes logging to go to stderr instead of stdout which is the same behaviour as smbd and nmbd (starting with 4.15). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14803 Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke commit a20f63b384750d389aeafd4bd5e229aed72cb271 Author: Ralph Boehme Date: Fri Sep 3 12:14:19 2021 +0200 nmbd: use POPT_COMMON_DAEMON BUG: https://bugzilla.samba.org/show_bug.cgi?id=14803 Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke commit ae22442db437061aada6427adde205cd13f1d202 Author: Ralph Boehme Date: Fri Sep 3 07:33:39 2021 +0200 smbd: use POPT_COMMON_DAEMON BUG: https://bugzilla.samba.org/show_bug.cgi?id=14803 Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke commit 877183ac0b57f5b2902446e41bb6ab3191f84fa6 Author: Ralph Boehme Date: Fri Sep 3 07:28:45 2021 +0200 lib/cmdline: restore pre-4.15 logging behaviour for daemons For servers ensure logging is configured to go to a logfile unless in interactive mode by calling setup_logging() before lp_load_global() is called. In 4.14 servers had the chance to call setup_logging(getprogname(), DEBUG_FILE) before they called lp_load_*() explicitly in the server. Now in 4.15 lp_load_*() is called internally when parsing the command line arguments triggered by the server running the poptGetNextOpt() loop, so it's too late when the server calls setup_logging(getprogname(), DEBUG_FILE) as lots of debugging from lp_load_()* was already written to DEBUG_DEFAULT_STDERR. Note that there's a chicken and egg problem *within* this patchset: this change here breaks stdout logging for servers until the servers are converted to use the new POPT_COMMON_DAEMON. The only way to address that would be squashing all changes into one patchset, but for the sake of reviewability (is that an actual english word? :)) I chose to split the changes. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14803 Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke commit aaa3c6a4132d2e739958e168e7dc3e78dfa4a72e Author: Ralph Boehme Date: Fri Sep 3 07:22:18 2021 +0200 lib/cmdline: add POPT_COMMON_DAEMON daemon popt options Note: interactive=true implies fork=false. This matches the semantics that currently 3/4 daemons implement manually. Not used so far, no change in behaviour. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14803 Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke --- Summary of changes: lib/cmdline/cmdline.c | 80 ++ lib/cmdline/cmdline.h | 29 +++ lib/cmdline/cmdline_private.h | 4 ++ lib/cmdline/cmdline_s3.c | 11 - source3/nmbd/nmbd.c | 103 +- source3/smbd/server.c | 112 +- source3/winbindd/winbindd.c | 88 + source4/samba/server.c| 88 - 8 files changed, 223 insertions(+), 292 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/cmdline/cmdline.c b/lib/cmdline/cmdline.c index a0a55f4dcfb..a299a229f69 100644 --- a/lib/cmdline/cmdline.c +++ b/lib/cmdline/cmdline.c @@ -28,6 +28,7 @@ static TALLOC_CTX *cmdline_mem_ctx; static
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 2f2c53c4f8f s3: smbd: Fix openat_pathref_fsp() to cope with FIFO's
in the filesystem.
via a54d9ffc87e s3: smbd: Add fifo test for the DISABLE_OPATH case.
from 6590bb0b77c selftest: Add prefix to new schema attributes to avoid
flapping dsdb_schema_attributes
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 2f2c53c4f8f59a497bc33a24e5e0fc15ea076876
Author: Jeremy Allison
Date: Thu Sep 2 14:40:53 2021 -0700
s3: smbd: Fix openat_pathref_fsp() to cope with FIFO's in the filesystem.
Remove skip test for the DISABLE_OPATH case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14816
RN: Fix pathref open of a filesystem fifo in the DISABLE_OPATH build
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Mon Sep 6 09:51:54 UTC 2021 on sn-devel-184
commit a54d9ffc87ebe602a0e7c48e35643ed2ff1a00bc
Author: Jeremy Allison
Date: Thu Sep 2 15:32:27 2021 -0700
s3: smbd: Add fifo test for the DISABLE_OPATH case.
Currently we hang when trying to list a directory
containing a fifo when configured with DISABLE_OPATH.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14816
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
---
Summary of changes:
source3/script/tests/test_fifo.sh | 83 +++
source3/selftest/tests.py | 3 ++
source3/smbd/files.c | 4 ++
3 files changed, 90 insertions(+)
create mode 100755 source3/script/tests/test_fifo.sh
Changeset truncated at 500 lines:
diff --git a/source3/script/tests/test_fifo.sh
b/source3/script/tests/test_fifo.sh
new file mode 100755
index 000..11741dcc038
--- /dev/null
+++ b/source3/script/tests/test_fifo.sh
@@ -0,0 +1,83 @@
+#!/bin/sh
+#
+# Check smbclient can list a directory containing a fifo.
+#
+
+if [ $# -lt 7 ]; then
+cat <https://bugzilla.samba.org/show_bug.cgi?id=14816
+#
+test_fifo()
+{
+local fifo_dir_path="$PREFIX/$TARGET_ENV/share/fifodir"
+local fifo_path="$fifo_dir_path/fifo_name"
+
+local tmpfile=$PREFIX/smbclient.in.$$
+
+cat > $tmpfile <st.st_ex_mode)) {
+ open_flags |= O_NONBLOCK;
+ }
+
status = fd_openat(dirfsp, smb_fname, fsp, open_flags, 0);
if (!NT_STATUS_IS_OK(status)) {
if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND) ||
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via fead05a4555 vfs_gpfs: deal with pathrefs fsps in smbd_gpfs_set_times() via 93a48399f42 lib/gpfswrap: add gpfs_set_times_path() wrapper via 1bbdb81899b vfs_gpfs: remove ENOSYS fallback from vfs_gpfs_fntimes() via 9a237e168a4 vfs_gpfs: pass fsp to smbd_gpfs_set_times() via 443608ee812 vfs_gpfs: deal with pathref fsps in vfs_gpfs_fntimes() via 882a466ea5f vfs_gpfs: add sys_proc_fd_path() fallback to vfs_gpfs_fset_dos_attributes() via 3679f54f178 vfs_gpfs: remove ENOSYS fallback from vfs_gpfs_fset_dos_attributes() via fde1b981435 vfs_gpfs: add path based fallback for gpfswrap_fstat_x() on pathref handles via 730f8c49a9b vfs_gpfs: check for O_PATH support in gpfswrap_fstat_x() via 1a3ac7a940f vfs_gpfs: make vfs_gpfs_connect() a no-op on IPC shares via 070dce224bb vfs_gpfs: don't check for struct gpfs_config_data in vfs_gpfs_[l]stat() via 145e739c440 vfs_gpfs: call SMB_VFS_NEXT_CONNECT() before running some module initialization code via bcd6bed7b86 smbd: avoid calling creating a pathref in smb_set_file_dosmode() from 5d53b848f60 wafsamba: always generate compile_commands.json again, but only when the samba dependencies changed https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit fead05a45556993b80a84fe9bb07b10debb4ae62 Author: Ralph Boehme Date: Thu Aug 5 12:08:00 2021 +0200 vfs_gpfs: deal with pathrefs fsps in smbd_gpfs_set_times() BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771 Signed-off-by: Ralph Boehme Reviewed-by: Christof Schmitt Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Thu Aug 26 20:08:51 UTC 2021 on sn-devel-184 commit 93a48399f427d114df63b434e7fcddc62a1d9ce5 Author: Ralph Boehme Date: Thu Aug 5 12:05:16 2021 +0200 lib/gpfswrap: add gpfs_set_times_path() wrapper BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771 Signed-off-by: Ralph Boehme Reviewed-by: Christof Schmitt commit 1bbdb81899be6c1da6fa9a63bf16a00401e09399 Author: Ralph Boehme Date: Fri Aug 13 11:55:16 2021 +0200 vfs_gpfs: remove ENOSYS fallback from vfs_gpfs_fntimes() BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771 Signed-off-by: Ralph Boehme Reviewed-by: Christof Schmitt commit 9a237e168a4bbd5665bd40d521506ca3a6825198 Author: Ralph Boehme Date: Thu Aug 5 11:58:58 2021 +0200 vfs_gpfs: pass fsp to smbd_gpfs_set_times() No change in behaviour. Prepares for dealing with pathref fsps in smbd_gpfs_set_times(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771 Signed-off-by: Ralph Boehme Reviewed-by: Christof Schmitt commit 443608ee8122a2c17258db8dca9885bb524957af Author: Ralph Boehme Date: Thu Aug 5 11:55:30 2021 +0200 vfs_gpfs: deal with pathref fsps in vfs_gpfs_fntimes() BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771 Signed-off-by: Ralph Boehme Reviewed-by: Christof Schmitt commit 882a466ea5f45e5e2197f2408ccd560383e13c3f Author: Ralph Boehme Date: Thu Jul 1 16:08:02 2021 +0200 vfs_gpfs: add sys_proc_fd_path() fallback to vfs_gpfs_fset_dos_attributes() gpfs_set_winattrs() is a modifying operation, my expectation thus is that it is not allowed on pathref (O_PATH) handles even though a recent Linux kernel commit 44a3b87444058b2cb055092cdebc63858707bf66 allowed calling utimensat() on pathref handles. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771 RN: Some VFS operations on pathref (O_PATH) handles fail on GPFS Signed-off-by: Ralph Boehme Reviewed-by: Christof Schmitt commit 3679f54f178ba6ddb940cc66f701e9b3a1dd543d Author: Ralph Boehme Date: Fri Aug 13 11:39:05 2021 +0200 vfs_gpfs: remove ENOSYS fallback from vfs_gpfs_fset_dos_attributes() This API call has existed for a long time, so we can safely assume that this always works. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771 Pair-Programmed-With: Christof Schmitt Signed-off-by: Ralph Boehme Signed-off-by: Christof Schmitt commit fde1b98143568fc816165502583f72e73b5d6b71 Author: Ralph Boehme Date: Thu Jul 29 19:28:14 2021 +0200 vfs_gpfs: add path based fallback for gpfswrap_fstat_x() on pathref handles BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771 Signed-off-by: Ralph Boehme Reviewed-by: Christof Schmitt commit 730f8c49a9bc8333f0b722ad65e4e587421c21ec Author: Ralph Boehme Date: Thu Jul 29 15:53:04 2021 +0200 vfs_gpfs: check for O_PATH support in gpfswrap_fstat_x() BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771 Signed-off-by: Ralph Boehme Reviewed-by: Christof Schmitt commit 1a3ac7a940fbb4ad8575ee3b0c56c9de2bf4b1f6 Author
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 857045f3a23 s3: smbd: In create_conn_struct_cwd(), don't
TALLOC_FREE() an unallocated pointer on error.
via b4d8c62c4e8 s3: mdssvc: Correctly disconnect the VFS connection
inside the mds_ctx destructor.
from 6248eab5103 mangle_hash2: remove LOCK$ from list of reserved names
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 857045f3a236dea125200dd09279d677e513682b
Author: Jeremy Allison
Date: Mon Aug 23 17:42:40 2021 -0700
s3: smbd: In create_conn_struct_cwd(), don't TALLOC_FREE() an unallocated
pointer on error.
Just return the status - if create_conn_struct_as_root() fails
the connection struct never gets returned.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14809
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Wed Aug 25 17:09:23 UTC 2021 on sn-devel-184
commit b4d8c62c4e8191e05fd03dd096a0bc989e224ed3
Author: Jeremy Allison
Date: Mon Aug 23 17:40:42 2021 -0700
s3: mdssvc: Correctly disconnect the VFS connection inside the mds_ctx
destructor.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14809
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
---
Summary of changes:
source3/rpc_server/mdssvc/mdssvc.c | 5 +
source3/smbd/msdfs.c | 7 +--
2 files changed, 6 insertions(+), 6 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/mdssvc/mdssvc.c
b/source3/rpc_server/mdssvc/mdssvc.c
index d0e87dcf646..fa31b55a183 100644
--- a/source3/rpc_server/mdssvc/mdssvc.c
+++ b/source3/rpc_server/mdssvc/mdssvc.c
@@ -1569,6 +1569,11 @@ static int mds_ctx_destructor_cb(struct mds_ctx *mds_ctx)
}
TALLOC_FREE(mds_ctx->ino_path_map);
+ if (mds_ctx->conn != NULL) {
+ SMB_VFS_DISCONNECT(mds_ctx->conn);
+ conn_free(mds_ctx->conn);
+ }
+
ZERO_STRUCTP(mds_ctx);
return 0;
diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c
index 45b6478985d..995ed815d90 100644
--- a/source3/smbd/msdfs.c
+++ b/source3/smbd/msdfs.c
@@ -525,12 +525,7 @@ NTSTATUS create_conn_struct_cwd(TALLOC_CTX *mem_ctx,
path,
session_info);
unbecome_root();
- if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(c);
- return status;
- }
-
- return NT_STATUS_OK;
+ return status;
}
static void shuffle_strlist(char **list, int count)
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 4809f4a6ee9 registry: check for running as root in clustering mode
via fd19cae8d2f s3/lib/dbwrap: check if global_messaging_context()
succeeded
from 1ce08f72a9e testsuite: Fix build with gcc >= 11.1.1
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 4809f4a6ee971bcd9767839c729b636b7582fc02
Author: Ralph Boehme
Date: Sat Aug 7 10:52:28 2021 +
registry: check for running as root in clustering mode
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14787
RN: net conf list crashes when run as normal user
Signed-off-by: Ralph Boehme
Reviewed-by: Andreas Schneider
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Tue Aug 17 11:23:15 UTC 2021 on sn-devel-184
commit fd19cae8d2f21977d8285efd3f29e2b480d241e9
Author: Ralph Boehme
Date: Sat Aug 7 10:51:38 2021 +
s3/lib/dbwrap: check if global_messaging_context() succeeded
The subsequent messaging_ctdb_connection() will fail an assert if messaging
is
not up and running, maybe it's a bit better to add a check if
global_messaging_context() actually succeeded.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14787
Signed-off-by: Ralph Boehme
Reviewed-by: Andreas Schneider
---
Summary of changes:
source3/lib/dbwrap/dbwrap_open.c | 4
source3/registry/reg_backend_db.c | 9 +
2 files changed, 13 insertions(+)
Changeset truncated at 500 lines:
diff --git a/source3/lib/dbwrap/dbwrap_open.c b/source3/lib/dbwrap/dbwrap_open.c
index 1d8c40af75e..52c8a94aeff 100644
--- a/source3/lib/dbwrap/dbwrap_open.c
+++ b/source3/lib/dbwrap/dbwrap_open.c
@@ -149,6 +149,10 @@ struct db_context *db_open(TALLOC_CTX *mem_ctx,
* to be initialized.
*/
msg_ctx = global_messaging_context();
+ if (msg_ctx == NULL) {
+ DBG_ERR("Failed to initialize messaging\n");
+ return NULL;
+ }
conn = messaging_ctdb_connection();
if (conn == NULL) {
diff --git a/source3/registry/reg_backend_db.c
b/source3/registry/reg_backend_db.c
index c870dc57ed6..423b310fe8a 100644
--- a/source3/registry/reg_backend_db.c
+++ b/source3/registry/reg_backend_db.c
@@ -733,6 +733,15 @@ WERROR regdb_init(void)
return WERR_OK;
}
+/*
+ * Clustered Samba can only work as root because we need messaging to
+ * talk to ctdb which only works as root.
+ */
+if (lp_clustering() && geteuid() != 0) {
+DBG_ERR("Cluster mode requires running as root.\n");
+ return WERR_ACCESS_DENIED;
+}
+
db_path = state_path(talloc_tos(), "registry.tdb");
if (db_path == NULL) {
return WERR_NOT_ENOUGH_MEMORY;
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 1641e6c528e libreplace: remove now unused USE_COPY_FILE_RANGE define
via c25f72f4018 vfs_default: detect EOPNOTSUPP and ENOSYS errors from
copy_file_range()
from 25941a1f972 s3:winbindd: Pass the right variable to the debug
message
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 1641e6c528e027dbfff96a834b94a8654a03a168
Author: Ralph Boehme
Date: Thu Aug 12 18:31:40 2021 +0200
libreplace: remove now unused USE_COPY_FILE_RANGE define
The only user was removed in the previous commit. We still need the
preceeding
checks however, based on that replace.c provides a copy_file_range()
fallback.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14795
RN: copy_file_range() may fail with EOPNOTSUPP
Signed-off-by: Ralph Boehme
Reviewed-by: Stefan Metzmacher
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Fri Aug 13 11:45:17 UTC 2021 on sn-devel-184
commit c25f72f401842a18cab1db2bab89deec78274d93
Author: Ralph Boehme
Date: Thu Aug 12 18:23:21 2021 +0200
vfs_default: detect EOPNOTSUPP and ENOSYS errors from copy_file_range()
When building in a RHEL 7 container on a RHEL 8 host, the current configure
check will detect a working SYS_copy_file_range() syscall.
Later when the resulting smbd binary is run in a RHEL 7 container on a RHEL
7 (vs 8 on the build host) host, SYS_copy_file_range() will fail with
EOPNOTSUPP.
Since the kernel support for copy_file_range() included a fallback in case
filesystems didn't implement it, the caching of copy_file_range() support
can be
made a global via the static try_copy_file_range bool, there's no need to
deal
with per-fileystem behaviour differences. For the curious:
SYS_copy_file_range()
appeared in Linux 4.5, fallback code being vfs_copy_file_range() ->
do_splice_direct().
On current kernels the fallback function is generic_copy_file_range() (which
still calls do_splice_direct()) called from the filesystem backends
directly or
from vfs_copy_file_range() -> do_copy_file_range().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14795
Signed-off-by: Ralph Boehme
Reviewed-by: Stefan Metzmacher
---
Summary of changes:
lib/replace/wscript | 2 --
source3/modules/vfs_default.c | 12 +---
2 files changed, 9 insertions(+), 5 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/replace/wscript b/lib/replace/wscript
index 9c23d549dab..a734d478582 100644
--- a/lib/replace/wscript
+++ b/lib/replace/wscript
@@ -483,8 +483,6 @@ def configure(conf):
headers='errno.h string.h stdio.h sys/syscall.h
unistd.h sys/types.h sys/stat.h fcntl.h',
execute=True,
msg='Checking whether we have copy_file_range system
call')
-if conf.CONFIG_SET('HAVE_COPY_FILE_RANGE') or
conf.CONFIG_SET('HAVE_SYSCALL_COPY_FILE_RANGE'):
-conf.DEFINE('USE_COPY_FILE_RANGE', 1)
conf.SET_TARGET_TYPE('attr', 'EMPTY')
diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index aa7dfe3192f..5701e37d5ec 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -2214,10 +2214,11 @@ static NTSTATUS vfswrap_offload_copy_file_range(struct
tevent_req *req)
NTSTATUS status;
bool same_file;
bool ok;
+ static bool try_copy_file_range = true;
-#ifndef USE_COPY_FILE_RANGE
- return NT_STATUS_MORE_PROCESSING_REQUIRED;
-#endif
+ if (!try_copy_file_range) {
+ return NT_STATUS_MORE_PROCESSING_REQUIRED;
+ }
same_file = file_id_equal(>src_fsp->file_id,
>dst_fsp->file_id);
@@ -2286,6 +2287,11 @@ static NTSTATUS vfswrap_offload_copy_file_range(struct
tevent_req *req)
(intmax_t)state->remaining,
strerror(errno));
switch (errno) {
+ case EOPNOTSUPP:
+ case ENOSYS:
+ try_copy_file_range = false;
+ status = NT_STATUS_MORE_PROCESSING_REQUIRED;
+ break;
case EXDEV:
status = NT_STATUS_MORE_PROCESSING_REQUIRED;
break;
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via c0135096807 s3: smbd: For FSCTL calls that go async, add the
outstanding tevent_reqs to the aio list on the file handle.
via 7e7ea761a37 s4: torture: Add test for smb2.ioctl.bug14769.
via c551d33c6bd s3: smbd: Call smbd_fsctl_torture_async_sleep() when we
get FSCTL_SMBTORTURE_FSP_ASYNC_SLEEP.
via 0f4a8d26888 s3: smbd: Add smbd_fsctl_torture_async_sleep()
server-side code.
via 62cd95096a7 s3: libcli: Add FSCTL_SMBTORTURE_FSP_ASYNC_SLEEP.
via 6b6770c2ba8 s3: smbd: Split out smb2_ioctl_smbtorture() into a
separate file.
from 4354823c514 libreplace: properly execute SYS_copy_file_range check
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit c013509680742ff45b2f5965a5564015da7d466b
Author: Jeremy Allison
Date: Fri Aug 6 23:33:06 2021 -0700
s3: smbd: For FSCTL calls that go async, add the outstanding tevent_reqs to
the aio list on the file handle.
Remove knownfails.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769
RN: smbd panic on force-close share during offload write
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Wed Aug 11 20:02:57 UTC 2021 on sn-devel-184
commit 7e7ea761a37f46f758582981bc40404ffd815513
Author: Jeremy Allison
Date: Fri Aug 6 10:54:31 2021 -0700
s4: torture: Add test for smb2.ioctl.bug14769.
Add knownfails.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
commit c551d33c6bd2e74ea3a36bec5575a70d6833b98a
Author: Jeremy Allison
Date: Thu Aug 5 16:07:09 2021 -0700
s3: smbd: Call smbd_fsctl_torture_async_sleep() when we get
FSCTL_SMBTORTURE_FSP_ASYNC_SLEEP.
Now all we need is the client-side test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
commit 0f4a8d26888ec156979a00480ed9886dcac7d426
Author: Jeremy Allison
Date: Thu Aug 5 16:04:38 2021 -0700
s3: smbd: Add smbd_fsctl_torture_async_sleep() server-side code.
Commented out as not yet called.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
commit 62cd95096a76d5064b105c1b4971fa3eabd5f85d
Author: Jeremy Allison
Date: Thu Aug 5 11:01:44 2021 -0700
s3: libcli: Add FSCTL_SMBTORTURE_FSP_ASYNC_SLEEP.
Prepare for async FSCTL tests on an fsp.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
commit 6b6770c2ba83bf25da31623443c19a8de34e5ba4
Author: Jeremy Allison
Date: Thu Aug 5 13:14:16 2021 -0700
s3: smbd: Split out smb2_ioctl_smbtorture() into a separate file.
We will be adding async supporting code to this, and we don't want to
clutter up smb2_ioctl.c.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
---
Summary of changes:
libcli/smb/smb_constants.h | 2 +
selftest/knownfail | 1 +
source3/smbd/smb2_ioctl.c| 83 +++--
source3/smbd/smb2_ioctl_private.h| 5 +
source3/smbd/smb2_ioctl_smbtorture.c | 230 +++
source3/wscript_build| 1 +
source4/torture/smb2/ioctl.c | 80
7 files changed, 334 insertions(+), 68 deletions(-)
create mode 100644 source3/smbd/smb2_ioctl_smbtorture.c
Changeset truncated at 500 lines:
diff --git a/libcli/smb/smb_constants.h b/libcli/smb/smb_constants.h
index a12086e602b..a043cbc883e 100644
--- a/libcli/smb/smb_constants.h
+++ b/libcli/smb/smb_constants.h
@@ -599,6 +599,8 @@ enum csc_policy {
(FSCTL_SMBTORTURE | FSCTL_ACCESS_WRITE | 0x0010 | FSCTL_METHOD_NEITHER)
#define FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8 \
(FSCTL_SMBTORTURE | FSCTL_ACCESS_WRITE | 0x0020 | FSCTL_METHOD_NEITHER)
+#define FSCTL_SMBTORTURE_FSP_ASYNC_SLEEP \
+ (FSCTL_SMBTORTURE | FSCTL_ACCESS_WRITE | 0x0040 | FSCTL_METHOD_NEITHER)
/*
* A few values from [MS-FSCC] 2.1.2.1 Reparse Tags
diff --git a/selftest/knownfail b/selftest/knownfail
index b2c09e73393..9f362c02b47 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -198,6 +198,7 @@
^samba4.smb2.ioctl.req_two_resume_keys\(ad_dc_ntvfs\) # not supported by s4
ntvfs server
^samba4.smb2.ioctl.copy_chunk_\w*\(ad_dc_ntvfs\) # not supported by s4
ntvfs server
^samba4.smb2.ioctl.copy-chunk streams\(ad_dc_ntvfs\) # not supported by s4
ntvfs server
+^samba4.smb2.ioctl.bug14769\(ad_dc_ntvfs\) # not supported by s4 ntvfs server
^samba3
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 069d23f0a71 s3: VFS: solarisacl: Fix compile error (missed variable
rename).
from 7e6b818fea5 ktutil: Print the numeric enctype if
krb5_enctype_to_string() fails
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 069d23f0a717ac520560f853a5f34fd4fd92d220
Author: David Gajewski
Date: Mon Aug 2 14:38:41 2021 -0700
s3: VFS: solarisacl: Fix compile error (missed variable rename).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14773
Signed-off-by: David Gajewski
Reviewed-by: Jeremy Allison
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Fri Aug 6 17:19:57 UTC 2021 on sn-devel-184
---
Summary of changes:
source3/modules/vfs_solarisacl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Changeset truncated at 500 lines:
diff --git a/source3/modules/vfs_solarisacl.c b/source3/modules/vfs_solarisacl.c
index 4a1d652e385..d31bda50233 100644
--- a/source3/modules/vfs_solarisacl.c
+++ b/source3/modules/vfs_solarisacl.c
@@ -204,7 +204,7 @@ int solarisacl_sys_acl_set_fd(vfs_handle_struct *handle,
DEBUG(10, ("solarisacl_sys_acl_set_fd %s.\n",
((ret == 0) ? "succeeded" : "failed" )));
SAFE_FREE(solaris_acl);
- SAFE_FREE(default_acl);
+ SAFE_FREE(other_acl);
return ret;
}
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 7e6b818fea5 ktutil: Print the numeric enctype if
krb5_enctype_to_string() fails
from 4d44db0208a docs: Add vfs_expand_msdfs manpage
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 7e6b818fea5541fbedaa68624ca76ebc1fbbf501
Author: Andrew Bartlett
Date: Mon Aug 2 11:21:51 2021 +1200
ktutil: Print the numeric enctype if krb5_enctype_to_string() fails
Sadly krb5_enctype_to_string() fails when des-cbc-crc encyrption
type is removed, leaving a failure the operate rather than
falling back to anything useful.
So fall back to printing 3 in the absense of anything more
useful. A future fix could be to hard-code this mapping
in the smb_krb5_enctype_to_string() wrapper.
Signed-off-by: Andrew Bartlett
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Fri Aug 6 05:53:44 UTC 2021 on sn-devel-184
---
Summary of changes:
source4/kdc/ktutil.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/kdc/ktutil.c b/source4/kdc/ktutil.c
index 59aa1cf377f..732d247446c 100644
--- a/source4/kdc/ktutil.c
+++ b/source4/kdc/ktutil.c
@@ -96,11 +96,11 @@ int main (int argc, char **argv)
enctype,
_str);
if (ret) {
- smb_krb5_err(mem_ctx, context, 1, ret,
"krb5_enctype_to_string");
+ printf("%s (%d)\n", principal, (int)enctype);
+ } else {
+ printf("%s (%s)\n", principal, enctype_str);
}
- printf("%s (%s)\n", principal, enctype_str);
-
TALLOC_FREE(principal);
SAFE_FREE(enctype_str);
smb_krb5_kt_free_entry(context, );
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 4f093ae6c9e s3: VFS: ceph. Fix enumerating directories.
dirfsp->fh->fd != AT_FDCWD in this case.
from 000f389d09e gitlab: Use shorter names for Samba AD DC env with MIT
KRB5
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 4f093ae6c9ee5b3e0f98b47fbacb0e37fad62052
Author: Jeremy Allison
Date: Fri Jul 16 18:53:24 2021 -0700
s3: VFS: ceph. Fix enumerating directories. dirfsp->fh->fd != AT_FDCWD in
this case.
Same as the fix for glusterfs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14766
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Thu Aug 5 06:15:14 UTC 2021 on sn-devel-184
---
Summary of changes:
source3/modules/vfs_ceph.c | 14 --
1 file changed, 12 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/modules/vfs_ceph.c b/source3/modules/vfs_ceph.c
index 594ebce4b9a..3f55d724143 100644
--- a/source3/modules/vfs_ceph.c
+++ b/source3/modules/vfs_ceph.c
@@ -403,14 +403,23 @@ static int cephwrap_openat(struct vfs_handle_struct
*handle,
int flags,
mode_t mode)
{
+ struct smb_filename *name = NULL;
bool have_opath = false;
bool became_root = false;
int result = -ENOENT;
/*
-* cephfs API doesn't have ceph_openat(), so for now assert this.
+* ceph doesn't have openat().
*/
- SMB_ASSERT(fsp_get_pathref_fd(dirfsp) == AT_FDCWD);
+ if (fsp_get_pathref_fd(dirfsp) != AT_FDCWD) {
+ name = full_path_from_dirfsp_atname(talloc_tos(),
+ dirfsp,
+ smb_fname);
+ if (name == NULL) {
+ return -1;
+ }
+ smb_fname = name;
+ }
DBG_DEBUG("[CEPH] openat(%p, %s, %p, %d, %d)\n", handle,
smb_fname_str_dbg(smb_fname), fsp, flags, mode);
@@ -438,6 +447,7 @@ static int cephwrap_openat(struct vfs_handle_struct *handle,
}
out:
+ TALLOC_FREE(name);
fsp->fsp_flags.have_proc_fds = false;
DBG_DEBUG("[CEPH] open(...) = %d\n", result);
WRAP_RETURN(result);
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 2acad276860 s3: smbd: Don't leak meta-data about the containing
directory of the share root.
via b004ebb1c62 s3: smbd: Allow async dosmode to cope with ".."
pathnames where we close smb_fname->fsp to prevent meta-data leakage.
from 696972c832c selftest: Remove fips env variables from client env
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 2acad27686074029ac83c66b42bb37eea380f449
Author: Jeremy Allison
Date: Wed Jul 14 19:11:05 2021 -0700
s3: smbd: Don't leak meta-data about the containing directory of the share
root.
This is a subtle one. In smbd_dirptr_get_entry() we now
open a pathref fsp on all entries - including "..".
If we're at the root of the share we don't want
a handle to the directory above it, so silently
close the smb_fname->fsp for ".." names to prevent
it from being used to return meta-data to the client
(more than we already have done historically by
calling pathname functions on "..").
The marshalling returned entries and async DOS
code copes with smb_fname->fsp == NULL perfectly
well.
Only in master, but will need fixing for 4.15.rc1
or 2.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14759
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Wed Jul 28 15:07:54 UTC 2021 on sn-devel-184
commit b004ebb1c62742346b84ecb9d52c783173528fac
Author: Jeremy Allison
Date: Wed Jul 14 21:30:09 2021 -0700
s3: smbd: Allow async dosmode to cope with ".." pathnames where we close
smb_fname->fsp to prevent meta-data leakage.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14759
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
---
Summary of changes:
source3/smbd/dir.c | 25 +
source3/smbd/dosmode.c | 23 ++-
2 files changed, 39 insertions(+), 9 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index 127e4b0d08d..4c807c3f85c 100644
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -946,6 +946,31 @@ bool smbd_dirptr_get_entry(TALLOC_CTX *ctx,
continue;
}
+ /*
+* Don't leak metadata about the containing
+* directory of the share.
+*/
+ if (dirptr_path_is_dot && ISDOTDOT(dname)) {
+ /*
+* Making a copy here, then freeing
+* the original will close the smb_fname->fsp.
+*/
+ struct smb_filename *tmp_smb_fname =
+ cp_smb_filename(ctx, smb_fname);
+
+ if (tmp_smb_fname == NULL) {
+ TALLOC_FREE(atname);
+ TALLOC_FREE(smb_fname);
+ TALLOC_FREE(dname);
+ TALLOC_FREE(fname);
+ return false;
+ }
+ TALLOC_FREE(smb_fname);
+ smb_fname = tmp_smb_fname;
+ mode = FILE_ATTRIBUTE_DIRECTORY;
+ get_dosmode = false;
+ }
+
ok = mode_fn(ctx,
private_data,
dirptr->dir_hnd->fsp,
diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c
index 43c46867122..99cb8607944 100644
--- a/source3/smbd/dosmode.c
+++ b/source3/smbd/dosmode.c
@@ -814,15 +814,20 @@ struct tevent_req *dos_mode_at_send(TALLOC_CTX *mem_ctx,
}
if (smb_fname->fsp == NULL) {
- /*
-* The pathological case where a caller does
-* dos_mode_at_send() and smb_fname points at a
-* symlink in POSIX context. smb_fname->fsp is NULL.
-*
-* FIXME ? Should we move to returning
-* FILE_ATTRIBUTE_REPARSE_POINT here ?
-*/
- state->dosmode = FILE_ATTRIBUTE_NORMAL;
+ if (ISDOTDOT(smb_fname->base_name)) {
+ /*
+* smb_fname->fsp is explicitly closed
+* for ".." to prevent meta-data leakage.
+*/
+ state->dosmode = FILE_ATTRIBUTE_DIRECTORY;
+ } else {
+ /*
+* This is a symlink in POSIX context.
+* FIXME ? Should we move to returning
+
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 447c9380dcb s3: VFS: default. In vfswrap_getxattrat_do_async()
always use the pathref fsp.
via 2b4062b4a1f s3: VFS: default. In vfswrap_getxattrat_do_sync()
always use the pathref fsp.
via 24dc3ca67a5 s3: VFS: default: Add 'handle' member to struct
vfswrap_getxattrat_state
via e0b327f2eb5 s3: VFS: default: Move vfswrap_fgetxattr() before the
async versions.
via d1ffcc80642 s3: smbd: Allow "smbd async dosmode = yes" to return
valid DOS attributes again.
via 8f8d0eaad68 s3: tests: Add "SMB2-LIST-DIR-ASYNC" test.
via 6e7ffa8da34 s3: tests: Our tests for "smbd async dosmode = yes"
haven't been working correctly as the parameter has been set incorrectly.
from c5cd5c9d57b WHATSNEW: add client/server smb3 signing/encryption
algorithms
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 447c9380dcb2dac20512d20833f611399fc54ef1
Author: Jeremy Allison
Date: Wed Jul 14 11:23:54 2021 -0700
s3: VFS: default. In vfswrap_getxattrat_do_async() always use the pathref
fsp.
This is always called via a path that mandates
smb_fname->fsp is valid.
https://bugzilla.samba.org/show_bug.cgi?id=14758
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Thu Jul 15 05:48:05 UTC 2021 on sn-devel-184
commit 2b4062b4a1fffd3329c27ea7a840b04cf2069669
Author: Jeremy Allison
Date: Wed Jul 14 11:23:03 2021 -0700
s3: VFS: default. In vfswrap_getxattrat_do_sync() always use the pathref
fsp.
This is always called via a path that mandates
smb_fname->fsp is valid.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14758
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
commit 24dc3ca67a5593954fa13fad56ca3aaf8c1a15c8
Author: Jeremy Allison
Date: Wed Jul 14 11:35:06 2021 -0700
s3: VFS: default: Add 'handle' member to struct vfswrap_getxattrat_state
Not yet used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14758
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
commit e0b327f2eb5781a119efde1a2450de4e6d2570e8
Author: Jeremy Allison
Date: Wed Jul 14 11:17:49 2021 -0700
s3: VFS: default: Move vfswrap_fgetxattr() before the async versions.
We want to re-use this and don't want to have to add forward
declarations.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14758
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
commit d1ffcc8064294060d05d2b657385f69a75df49cf
Author: Jeremy Allison
Date: Wed Jul 14 15:00:13 2021 -0700
s3: smbd: Allow "smbd async dosmode = yes" to return valid DOS attributes
again.
We already have a valid smb_fname->fsp, don't drop
it when returning from smbd_dirptr_lanman2_entry()
to allow it to be reused inside dos_mode_at_send().
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14758
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
commit 8f8d0eaad68620561eb5bdc95fbb855b90f31fc5
Author: Jeremy Allison
Date: Wed Jul 14 15:29:01 2021 -0700
s3: tests: Add "SMB2-LIST-DIR-ASYNC" test.
Add as knownfail.
Shows our "smbd async dosmode" code wasn't working.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14758
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
commit 6e7ffa8da34b85ac27396ee3fe29afb5db534e9e
Author: Jeremy Allison
Date: Wed Jul 14 15:26:42 2021 -0700
s3: tests: Our tests for "smbd async dosmode = yes" haven't been working
correctly as the parameter has been set incorrectly.
If must be "smbd async dosmode", not "smbd:async dosmode"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14758
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
---
Summary of changes:
selftest/target/Samba3.pm | 20
source3/modules/vfs_catia.c | 2 +-
source3/modules/vfs_default.c | 113 +++---
source3/selftest/tests.py | 16 ++
source3/smbd/trans2.c | 28 ++-
source3/torture/proto.h | 1 +
source3/torture/test_smb2.c | 84 +++
source3/torture/torture.c | 4 ++
8 files changed, 183 insertions(+), 85 deletions(-)
Changeset truncated at 500 lines:
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 054ceb38a09..dc1c14e9628 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -1470,7 +1470,7 @@ sub setup_simpleserver
read only = no
vfs objects = aio_pt
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via e168a95c1bb s3: VFS: Update status of SMB_VFS_READ_DFS_PATHAT.
via 1538b44d942 s3: smbd: In dfs_path_lookup(), use relative dirfsp,
atname lookups in SMB_VFS_READ_DFS_PATHAT() for the pathname walk fallback.
via f35c6a48fc5 s3: smbd: In dfs_path_lookup(), use relative dirfsp,
atname lookups in SMB_VFS_READ_DFS_PATHAT() for the whole path optimization.
via c62807e3e1a s3: smbd: In is_msdfs_link(), change to dirfsp, atname
parameters.
via 3b71ead1cc0 s3: smbd: Add dirfsp, atname parameters to
check_msdfs_link().
via 88e56a71c65 s3: smbd: Pass dirfsp, atname down to mode_fn() passed
to smbd_dirptr_get_entry().
via 523bc61c9d2 s3: smbd: In smbd_dirptr_get_entry(), postpone
TALLOC_FREE(atname) as we're going to pass this to mode_fn().
via 165d0998c76 s3: VFS: time_audit. In
smb_time_audit_read_dfs_pathat(), cope with relative pathnames.
via 84070c3e8df s3: VFS: shadow_copy2. In
shadow_copy2_read_dfs_pathat(), cope with relative pathnames.
via a3664ca2e07 s3: VFS: glusterfs. In vfs_gluster_read_dfs_pathat(),
cope with relative pathnames.
via 288eec969ee s3: VFS: full_audit. In
smb_full_audit_read_dfs_pathat(), cope with relative pathnames.
via 43970634cff s3: VFS: ceph: In cephwrap_read_dfs_pathat(), cope with
relative pathnames.
via ac0ff0e1fe9 s3: VFS: cap: Fix cap_read_dfs_pathat() to cope with
relative paths.
via 4da6a9f4e66 s3: VFS: default. In vfswrap_read_dfs_pathat(), cope
with relative pathnames.
via 9fa5e171b96 s3: VFS: default. In vfswrap_read_dfs_pathat() use
sys_fstatat().
via 106beab5bfe s2: VFS: default. Fix vfswrap_read_dfs_pathat() to use
fsp_get_pathref_fd() not fsp_get_io_fd().
via cc6e433b1be s3: VFS: default. Fix vfswrap_readdir() to use
sys_fstatat().
via 8804d240fac s3: lib: Add sys_fstatat() wrapper.
via f66d3621f5e s3: expect fstatat() and dirfd()
via c7d6745858f vfs_shadow_copy2: ensure we call convert_sbuf() in
shadow_copy2_*stat() on already converted paths with absolute path
via 4a7e483c516 selftest: add a test for shadow:fixinodes
via 3aabc9825ca selftest: simplify snapshot directory creation in
test_shadow_copy_torture.sh
via 0a0b438b8ab selftest: enable "shadow:fixinodes" in "shadow_write"
share
via 745ded9afe1 selftest: pass smbclient arg to
samba3.blackbox.shadow_copy_torture test
via b32e56d6eb2 smbd: update smb_fname statinfo from fsp
via 2c9ae4b78cd smbd: put back dev/ino stat/fstat check in
openat_pathref_fsp()
via 18a30d939e6 smbd: canonicalize SMB_VFS_FSTAT() stat buffer
via 40cf129abb5 s3: VFS: streams_xattr: In streams_xattr_stat() use
synthetic_pathref() with basename
via 03e36502f45 s3: VFS: fruit. In ad_get_meta_fsp(), we only need a
handle on the base file, not the stream.
from 0657db26447 s3: smbd: Explicitly code the semantics of "dos
filemode" into the chown code.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit e168a95c1bb1928cf206baf6d2db851c85f65fa9
Author: Jeremy Allison
Date: Mon Jul 12 17:58:29 2021 -0700
s3: VFS: Update status of SMB_VFS_READ_DFS_PATHAT.
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Wed Jul 14 08:58:30 UTC 2021 on sn-devel-184
commit 1538b44d942091d14f6b8f554d249bf98fd06b5e
Author: Jeremy Allison
Date: Mon Jul 12 17:56:13 2021 -0700
s3: smbd: In dfs_path_lookup(), use relative dirfsp, atname lookups in
SMB_VFS_READ_DFS_PATHAT() for the pathname walk fallback.
Note that parent_pathref() must succeed before we call
SMB_VFS_READ_DFS_PATHAT().
If parent_pathref() fails, just step back a component without calling
SMB_VFS_READ_DFS_PATHAT().
There are no longer any non-relative uses of SMB_VFS_READ_DFS_PATHAT().
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
commit f35c6a48fc5a186d477230e465a9b6f71d56e245
Author: Jeremy Allison
Date: Mon Jul 12 17:53:19 2021 -0700
s3: smbd: In dfs_path_lookup(), use relative dirfsp, atname lookups in
SMB_VFS_READ_DFS_PATHAT() for the whole path optimization.
Note parent_pathref() must succeed before we can call
SMB_VFS_READ_DFS_PATHAT().
Otherwise, just skip the whole path optimization and go onto the path walk
code.
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
commit c62807e3e1ad9635c0740ee12f3588a4ce2e9a6c
Author: Jeremy Allison
Date: Mon Jul 12 17:44:10 2021 -0700
s3: smbd: In is_msdfs_link(), change to dirfsp, atname parameters.
Remember to update the smb_fname->st struct inside check_msdfs_link(),
as we now pass the atname to is_msdfs_link(), not t
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 0657db26447 s3: smbd: Explicitly code the semantics of "dos
filemode" into the chown code.
from 147dd9d58a4 libcli/smb: let smb2_negotiate_context_parse() only
parse the expected number of contexts
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 0657db26447ad9b0d2130fe07163e953eba2bcc2
Author: Jeremy Allison
Date: Mon Jun 28 13:54:52 2021 -0700
s3: smbd: Explicitly code the semantics of "dos filemode" into the chown
code.
We actually don't need this to get the right semantics, as the open or the
set_sd() code catches the correct cases and returns ACCESS_DENIED, but it
makes me much happier to see the prerequisites needed expressed in code here
right at the point of use.
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Tue Jul 13 08:11:36 UTC 2021 on sn-devel-184
---
Summary of changes:
source3/smbd/posix_acls.c | 15 +++
1 file changed, 15 insertions(+)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 8bfaea27e39..899e7dc3c1e 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -3440,9 +3440,24 @@ NTSTATUS try_chown(files_struct *fsp, uid_t uid, gid_t
gid)
}
/* Case (4). */
+ /* If "dos filemode" isn't set, we're done. */
if (!lp_dos_filemode(SNUM(fsp->conn))) {
return NT_STATUS_ACCESS_DENIED;
}
+ /*
+* If we have a writable handle, obviously we
+* can write to the file.
+*/
+ if (!fsp->fsp_flags.can_write) {
+ /*
+* If we don't have a writable handle, we
+* need to read the ACL on the file to
+* see if we can write to it.
+*/
+ if (!can_write_to_fsp(fsp)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ }
/* only allow chown to the current user. This is more secure,
and also copes with the case where the SID in a take ownership ACL is
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via edcb095c623 s3:libads: Remove extra new line in keytab list output
from b3ee034b4d4 s4:kdc: prefer newer enctypes for preauth responses
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit edcb095c623a72fac049b6b1b2ab96f13c0a3c8a
Author: Pavel Filipenský
Date: Fri Jul 2 09:14:18 2021 +0200
s3:libads: Remove extra new line in keytab list output
net ads keytab list prints extra new line for uknown encoding types,
so it spans over two lines, instead over a single line:
1 AES-128 CTS mode with 96-bit SHA-1 HMAC
ADDC$@ADDOM.SAMBA.EXAMPLE.COM
1 UNKNOWN: 3
ADDC$@ADDOM.SAMBA.EXAMPLE.COM
Signed-off-by: Pavel Filipenský
Reviewed-by: Ralph Boehme
Reviewed-by: Volker Lendecke
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Fri Jul 2 11:45:48 UTC 2021 on sn-devel-184
---
Summary of changes:
source3/libads/kerberos_keytab.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Changeset truncated at 500 lines:
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index da363741d10..b7e1846bd9f 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -853,7 +853,7 @@ int ads_keytab_list(const char *keytab_name)
ret = smb_krb5_enctype_to_string(context, enctype, _s);
if (ret &&
- (asprintf(_s, "UNKNOWN: %d\n", enctype) == -1)) {
+ (asprintf(_s, "UNKNOWN: %d", enctype) == -1)) {
TALLOC_FREE(princ_s);
goto out;
}
--
Samba Shared Repository
