The branch, v4-1-test has been updated
via dd83f1d s3: modules: streaminfo: As we have no VFS function
SMB_VFS_LLISTXATTR we can't cope with a symlink when lp_posix_pathnames() is
true.
via 6763283 s3: vfs_dirsort module.
via 9cb8ae1 s3: vfs_dirsort module.
via 4ce9501 smbd: Fix an ancient oplock bug
via b5253bf vfs_btrfs: pass-through copy-chunk(len=0) requests
via 1271434 smbd/smb2_ioctl: fail zero length copy chunk requests
via 3a3d027 torture: add zero length FSCTL_SRV_COPYCHUNK test
via 6265959 kdc: Add belts-and-braces check that we fail if the hdb
version changes
via 593ce2a Support for Heimdal's unified krb5 and hdb plugin system.
via 68dc374 Cope with first element in hdb_method having a different
name in different heimdal versions.
via 3f09c5c smbd: Fix memory overwrites
from dc58296 s3-winbind: Improve performance of
wb_fill_pwent_sid2uid_done().
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-test
- Log -----------------------------------------------------------------
commit dd83f1d98ae5a822ed4b000f3eb5e84f1d9f2a4d
Author: Jeremy Allison <j...@samba.org>
Date: Fri Feb 7 10:19:26 2014 -0800
s3: modules: streaminfo: As we have no VFS function SMB_VFS_LLISTXATTR we
can't cope with a symlink when lp_posix_pathnames() is true.
Fix bug : Bug 10429 - samba returns STATUS_OBJECT_NAME_NOT_FOUND when
attempting to remove dangling symlink
https://bugzilla.samba.org/show_bug.cgi?id=10429
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Jeff Layton <jlay...@samba.org>
Autobuild-User(master): Jeremy Allison <j...@samba.org>
Autobuild-Date(master): Sat Feb 8 00:01:16 CET 2014 on sn-devel-104
(cherry picked from commit 17adbbcad7e401dd544dfa76f7ec9aeb6a847381)
Autobuild-User(v4-1-test): Karolin Seeger <ksee...@samba.org>
Autobuild-Date(v4-1-test): Fri Feb 14 22:30:55 CET 2014 on sn-devel-104
commit 6763283ef3c512c1d3b92cbc532c33dd646d46fd
Author: Jeremy Allison <j...@samba.org>
Date: Tue Feb 11 10:39:04 2014 -0800
s3: vfs_dirsort module.
Add raw.search torture test on a share definition with:
vfs objects = dirsort
https://bugzilla.samba.org/show_bug.cgi?id=10406
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
(cherry picked from commit 30cc8f41da58b87ff575860b7cde640520829923)
commit 9cb8ae1de2649f5f7993c799ea7c655f167403d1
Author: Jeremy Allison <j...@samba.org>
Date: Wed Jan 29 17:01:30 2014 -0800
s3: vfs_dirsort module.
Allow dirsort to work when multiple simultaneous
directories are open. The old code only keeps one
active private data pointer on the connection struct, opening
a second directory on the same connection will overwrite it.
This modification turns the private data pointer
into a linked list of open directories on the
connection struct, and finds the correct one by searching
on the passed in DIR *.
With this code in place, smbd passes raw.search
torture test on a share definition with:
vfs objects = dirsort
https://bugzilla.samba.org/show_bug.cgi?id=10406
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
(cherry picked from commit fd79652b0e598882e0c4d156bd897c29dae8ec04)
commit 4ce9501d4d4aed8db3a666b77b556b97f8693014
Author: Volker Lendecke <v...@samba.org>
Date: Wed Sep 4 13:57:00 2013 +0200
smbd: Fix an ancient oplock bug
If we get an oplock break response, we forgot to remove the oplock break
timeout.
Found by stopping raw.oplock.exclusive5 after the 2nd open and watching a
debug
level 10 log. This amends 08a9de89 from 2007.
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
(cherry picked from commit 0670975261c5f29394f9e9d25f899a7de948dad1)
Fix bug #10436 - cancel fsp->oplock_timeout in downgrade_file_oplock().
commit b5253bf2dc1c9729551f8b4adc5fe77dcc922bb0
Author: David Disseldorp <dd...@samba.org>
Date: Thu Feb 6 20:12:22 2014 +0100
vfs_btrfs: pass-through copy-chunk(len=0) requests
Never map copy-chunk(len=0) requests to BTRFS_IOC_CLONE_RANGE ioctls. A
BTRFS_IOC_CLONE_RANGE with @src_length=0 results in a clone of all data
from @src_offset->EOF!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10424
Signed-off-by: David Disseldorp <dd...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
(cherry picked from commit 3be664969d4de41ebb4778caabce8bcf5e303064)
commit 1271434175a3858abbb3aed88d0bd3ee2eb302a7
Author: David Disseldorp <dd...@samba.org>
Date: Thu Feb 6 20:12:21 2014 +0100
smbd/smb2_ioctl: fail zero length copy chunk requests
As documented in MS-SMB2 3.3.5.15.6 Handling a Server-Side Data Copy
Request, an invalid parameter response should be sent when:
The Length value in a single chunk is greater than
ServerSideCopyMaxChunkSize or *equal to zero*.
We do not currently abide by the latter part of this clause.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10424
Signed-off-by: David Disseldorp <dd...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
(cherry picked from commit 00906f9604ad3e633e3d3cbc8d9dc4e2e305a455)
commit 3a3d0272b1c479080cb73010a2a6b2ab6f8ed660
Author: David Disseldorp <dd...@samba.org>
Date: Thu Feb 6 20:12:20 2014 +0100
torture: add zero length FSCTL_SRV_COPYCHUNK test
Windows Server 2012 returns NT_STATUS_INVALID_PARAMETER for
FSCTL_SRV_COPYCHUNK requests that include a server-side copy length of
zero, in line with MS-SMB2 3.3.5.15.6.
We should match this behaviour, so test for it.
Signed-off-by: David Disseldorp <dd...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
(cherry picked from commit 54d07da81e181072b530e88b42d0d0d17fe60df0)
commit 6265959f5b50c059b5cd3750354750cce12bf48a
Author: Andrew Bartlett <abart...@samba.org>
Date: Tue Jan 14 11:23:04 2014 +1300
kdc: Add belts-and-braces check that we fail if the hdb version changes
This checks both if host system run-time Heimdal has changed version,
and that the build-time version is supported.
Signed-off-by: Andrew Bartlett <abart...@samba.org>
Reviewed-By: Jelmer Vernooij <jel...@samba.org>
Autobuild-User(master): Andrew Bartlett <abart...@samba.org>
Autobuild-Date(master): Mon Jan 20 22:26:49 CET 2014 on sn-devel-104
(cherry picked from commit e758f4111356fafce5b5c8393648c9ea5c400601)
The last 3 patches address bug #10418 - INTERNAL ERROR: Signal 11 in the kdc
pid.
commit 593ce2a7bd16492d7d8840433a2973b7404fe53e
Author: Jeffrey Clark <d...@zaplabs.com>
Date: Fri Jan 10 17:20:14 2014 -0600
Support for Heimdal's unified krb5 and hdb plugin system.
Fixes exportkeytab and a kdc crash when building against heimdal master.
Bug-Debian: http://bugs.debian.org/732342
Reviewed-by: Andrew Bartlett <abart...@samba.org>
Reviewed-by: Jelmer Vernooij <jel...@samba.org>
(cherry picked from commit 368208069e33a6d9b78a90f7326d5ac1bdd204f7)
commit 68dc374c931fecdb15cd1df844d03559bca42308
Author: Jelmer Vernooij <jel...@samba.org>
Date: Sat Nov 23 19:46:29 2013 +0000
Cope with first element in hdb_method having a different name in different
heimdal versions.
It's called `interface_version` in older Heimdal versions and
`version` in newer versions.
Signed-off-by: Jelmer Vernooij <jel...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
Autobuild-User(master): Andrew Bartlett <abart...@samba.org>
Autobuild-Date(master): Thu Nov 28 04:17:55 CET 2013 on sn-devel-104
(cherry picked from commit 92489bfed4e6350b6858d5e39d538f41768912ae)
commit 3f09c5ca2b281b6eb6b3eeb1170d79c5a42a361a
Author: Volker Lendecke <v...@samba.org>
Date: Fri Feb 7 16:37:38 2014 +0100
smbd: Fix memory overwrites
SIVAL writes 32 bit, not 16
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Michael Adam <ob...@samba.org>
Autobuild-User(master): Michael Adam <ob...@samba.org>
Autobuild-Date(master): Fri Feb 7 20:07:23 CET 2014 on sn-devel-104
(cherry picked from commit 9088bde059e93a84745ec2158e2e640b5bb13844)
Fix bug #10415 - *** glibc detected *** /usr/sbin/smbd: free(): invalid next
size (fast).
-----------------------------------------------------------------------
Summary of changes:
selftest/target/Samba3.pm | 4 +
source3/modules/vfs_btrfs.c | 22 ++++++-
source3/modules/vfs_dirsort.c | 119 ++++++++++++++++++++++++++++++++--
source3/modules/vfs_streams_depot.c | 13 ++++-
source3/modules/vfs_streams_xattr.c | 13 ++++-
source3/selftest/tests.py | 5 ++
source3/smbd/oplock.c | 2 +
source3/smbd/smb2_ioctl_network_fs.c | 21 +++++-
source4/kdc/hdb-samba4-plugin.c | 24 +++++++-
source4/kdc/hdb-samba4.c | 5 ++
source4/torture/smb2/ioctl.c | 64 ++++++++++++++++++
11 files changed, 278 insertions(+), 14 deletions(-)
Changeset truncated at 500 lines:
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 9a6c86f..bc07403 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -1020,6 +1020,10 @@ sub provision($$$$$$)
[tmp]
path = $shrdir
comment = smb username is [%U]
+[tmpsort]
+ path = $shrdir
+ comment = Load dirsort module
+ vfs objects = dirsort acl_xattr fake_acls xattr_tdb streams_depot
[tmpenc]
path = $shrdir
comment = encrypt smb username is [%U]
diff --git a/source3/modules/vfs_btrfs.c b/source3/modules/vfs_btrfs.c
index f854f2a..4ecf7ab 100644
--- a/source3/modules/vfs_btrfs.c
+++ b/source3/modules/vfs_btrfs.c
@@ -66,6 +66,27 @@ static struct tevent_req *btrfs_copy_chunk_send(struct
vfs_handle_struct *handle
}
cc_state->handle = handle;
+ if (num == 0) {
+ /*
+ * With a @src_length of zero, BTRFS_IOC_CLONE_RANGE clones
+ * all data from @src_offset->EOF! This is certainly not what
+ * the caller expects, and not what vfs_default does.
+ */
+ cc_state->subreq = SMB_VFS_NEXT_COPY_CHUNK_SEND(handle,
+ cc_state, ev,
+ src_fsp,
+ src_off,
+ dest_fsp,
+ dest_off, num);
+ if (tevent_req_nomem(cc_state->subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(cc_state->subreq,
+ btrfs_copy_chunk_done,
+ req);
+ return req;
+ }
+
status = vfs_stat_fsp(src_fsp);
if (tevent_req_nterror(req, status)) {
return tevent_req_post(req, ev);
@@ -137,7 +158,6 @@ static struct tevent_req *btrfs_copy_chunk_send(struct
vfs_handle_struct *handle
btrfs_copy_chunk_done,
req);
return req;
-
}
DEBUG(5, ("BTRFS_IOC_CLONE_RANGE returned %d\n", ret));
diff --git a/source3/modules/vfs_dirsort.c b/source3/modules/vfs_dirsort.c
index 2c25765..98109c2 100644
--- a/source3/modules/vfs_dirsort.c
+++ b/source3/modules/vfs_dirsort.c
@@ -28,6 +28,7 @@ static int compare_dirent (const struct dirent *da, const
struct dirent *db)
}
struct dirsort_privates {
+ struct dirsort_privates *prev, *next;
long pos;
struct dirent *directory_list;
unsigned int number_of_entries;
@@ -37,10 +38,6 @@ struct dirsort_privates {
struct smb_filename *smb_fname; /* If open via OPENDIR */
};
-static void free_dirsort_privates(void **datap) {
- TALLOC_FREE(*datap);
-}
-
static bool get_sorted_dir_mtime(vfs_handle_struct *handle,
struct dirsort_privates *data,
struct timespec *ret_mtime)
@@ -119,8 +116,15 @@ static DIR *dirsort_opendir(vfs_handle_struct *handle,
const char *fname, const char *mask,
uint32 attr)
{
+ struct dirsort_privates *list_head = NULL;
struct dirsort_privates *data = NULL;
+ if (SMB_VFS_HANDLE_TEST_DATA(handle)) {
+ /* Find the list head of all open directories. */
+ SMB_VFS_HANDLE_GET_DATA(handle, list_head, struct
dirsort_privates,
+ return NULL);
+ }
+
/* set up our private data about this directory */
data = talloc_zero(handle->conn, struct dirsort_privates);
if (!data) {
@@ -148,7 +152,9 @@ static DIR *dirsort_opendir(vfs_handle_struct *handle,
return NULL;
}
- SMB_VFS_HANDLE_SET_DATA(handle, data, free_dirsort_privates,
+ /* Add to the private list of all open directories. */
+ DLIST_ADD(list_head, data);
+ SMB_VFS_HANDLE_SET_DATA(handle, list_head, NULL,
struct dirsort_privates, return NULL);
return data->source_directory;
@@ -159,8 +165,15 @@ static DIR *dirsort_fdopendir(vfs_handle_struct *handle,
const char *mask,
uint32 attr)
{
+ struct dirsort_privates *list_head = NULL;
struct dirsort_privates *data = NULL;
+ if (SMB_VFS_HANDLE_TEST_DATA(handle)) {
+ /* Find the list head of all open directories. */
+ SMB_VFS_HANDLE_GET_DATA(handle, list_head, struct
dirsort_privates,
+ return NULL);
+ }
+
/* set up our private data about this directory */
data = talloc_zero(handle->conn, struct dirsort_privates);
if (!data) {
@@ -186,7 +199,9 @@ static DIR *dirsort_fdopendir(vfs_handle_struct *handle,
return NULL;
}
- SMB_VFS_HANDLE_SET_DATA(handle, data, free_dirsort_privates,
+ /* Add to the private list of all open directories. */
+ DLIST_ADD(list_head, data);
+ SMB_VFS_HANDLE_SET_DATA(handle, list_head, NULL,
struct dirsort_privates, return NULL);
return data->source_directory;
@@ -202,12 +217,20 @@ static struct dirent *dirsort_readdir(vfs_handle_struct
*handle,
SMB_VFS_HANDLE_GET_DATA(handle, data, struct dirsort_privates,
return NULL);
+ while(data && (data->source_directory != dirp)) {
+ data = data->next;
+ }
+ if (data == NULL) {
+ return NULL;
+ }
+
if (get_sorted_dir_mtime(handle, data, ¤t_mtime) == false) {
return NULL;
}
/* throw away cache and re-read the directory if we've changed */
- if (timespec_compare(¤t_mtime, &data->mtime) > 1) {
+ if (timespec_compare(¤t_mtime, &data->mtime)) {
+ SMB_VFS_NEXT_REWINDDIR(handle, data->source_directory);
open_and_sort_dir(handle, data);
}
@@ -221,10 +244,53 @@ static struct dirent *dirsort_readdir(vfs_handle_struct
*handle,
static void dirsort_seekdir(vfs_handle_struct *handle, DIR *dirp,
long offset)
{
+ struct timespec current_mtime;
struct dirsort_privates *data = NULL;
+
SMB_VFS_HANDLE_GET_DATA(handle, data, struct dirsort_privates, return);
+ /* Find the entry holding dirp. */
+ while(data && (data->source_directory != dirp)) {
+ data = data->next;
+ }
+ if (data == NULL) {
+ return;
+ }
+ if (offset > data->number_of_entries) {
+ return;
+ }
data->pos = offset;
+
+ if (get_sorted_dir_mtime(handle, data, ¤t_mtime) == false) {
+ return;
+ }
+
+ if (timespec_compare(¤t_mtime, &data->mtime)) {
+ /* Directory changed. We must re-read the
+ cache and search for the name that was
+ previously stored at the offset being
+ requested, otherwise after the re-sort
+ we will point to the wrong entry. The
+ OS/2 incremental delete code relies on
+ this. */
+ unsigned int i;
+ char *wanted_name = talloc_strdup(handle->conn,
+ data->directory_list[offset].d_name);
+ if (wanted_name == NULL) {
+ return;
+ }
+ SMB_VFS_NEXT_REWINDDIR(handle, data->source_directory);
+ open_and_sort_dir(handle, data);
+ /* Now search for where we were. */
+ data->pos = 0;
+ for (i = 0; i < data->number_of_entries; i++) {
+ if(strcmp(wanted_name, data->directory_list[i].d_name)
== 0) {
+ data->pos = i;
+ break;
+ }
+ }
+ TALLOC_FREE(wanted_name);
+ }
}
static long dirsort_telldir(vfs_handle_struct *handle, DIR *dirp)
@@ -233,6 +299,13 @@ static long dirsort_telldir(vfs_handle_struct *handle, DIR
*dirp)
SMB_VFS_HANDLE_GET_DATA(handle, data, struct dirsort_privates,
return -1);
+ /* Find the entry holding dirp. */
+ while(data && (data->source_directory != dirp)) {
+ data = data->next;
+ }
+ if (data == NULL) {
+ return -1;
+ }
return data->pos;
}
@@ -241,9 +314,40 @@ static void dirsort_rewinddir(vfs_handle_struct *handle,
DIR *dirp)
struct dirsort_privates *data = NULL;
SMB_VFS_HANDLE_GET_DATA(handle, data, struct dirsort_privates, return);
+ /* Find the entry holding dirp. */
+ while(data && (data->source_directory != dirp)) {
+ data = data->next;
+ }
+ if (data == NULL) {
+ return;
+ }
data->pos = 0;
}
+static int dirsort_closedir(vfs_handle_struct *handle, DIR *dirp)
+{
+ struct dirsort_privates *list_head = NULL;
+ struct dirsort_privates *data = NULL;
+ int ret;
+
+ SMB_VFS_HANDLE_GET_DATA(handle, list_head, struct dirsort_privates,
return -1);
+ /* Find the entry holding dirp. */
+ for(data = list_head; data && (data->source_directory != dirp); data =
data->next) {
+ ;
+ }
+ if (data == NULL) {
+ return -1;
+ }
+ /* Remove from the list and re-store the list head. */
+ DLIST_REMOVE(list_head, data);
+ SMB_VFS_HANDLE_SET_DATA(handle, list_head, NULL,
+ struct dirsort_privates, return -1);
+
+ ret = SMB_VFS_NEXT_CLOSEDIR(handle, dirp);
+ TALLOC_FREE(data);
+ return ret;
+}
+
static struct vfs_fn_pointers vfs_dirsort_fns = {
.opendir_fn = dirsort_opendir,
.fdopendir_fn = dirsort_fdopendir,
@@ -251,6 +355,7 @@ static struct vfs_fn_pointers vfs_dirsort_fns = {
.seekdir_fn = dirsort_seekdir,
.telldir_fn = dirsort_telldir,
.rewind_dir_fn = dirsort_rewinddir,
+ .closedir_fn = dirsort_closedir,
};
NTSTATUS vfs_dirsort_init(void)
diff --git a/source3/modules/vfs_streams_depot.c
b/source3/modules/vfs_streams_depot.c
index 3ada92e..3ce7067 100644
--- a/source3/modules/vfs_streams_depot.c
+++ b/source3/modules/vfs_streams_depot.c
@@ -879,8 +879,19 @@ static NTSTATUS streams_depot_streaminfo(vfs_handle_struct
*handle,
state.handle = handle;
state.status = NT_STATUS_OK;
- status = walk_streams(handle, smb_fname_base, NULL, collect_one_stream,
+ if (S_ISLNK(smb_fname_base->st.st_ex_mode)) {
+ /*
+ * Currently we do't have SMB_VFS_LLISTXATTR
+ * inside the VFS which means there's no way
+ * to cope with a symlink when lp_posix_pathnames().
+ * returns true. For now ignore links.
+ * FIXME - by adding SMB_VFS_LLISTXATTR. JRA.
+ */
+ status = NT_STATUS_OK;
+ } else {
+ status = walk_streams(handle, smb_fname_base, NULL,
collect_one_stream,
&state);
+ }
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(state.streams);
diff --git a/source3/modules/vfs_streams_xattr.c
b/source3/modules/vfs_streams_xattr.c
index 355c47c..5e9bd3e 100644
--- a/source3/modules/vfs_streams_xattr.c
+++ b/source3/modules/vfs_streams_xattr.c
@@ -793,8 +793,19 @@ static NTSTATUS streams_xattr_streaminfo(vfs_handle_struct
*handle,
state.handle = handle;
state.status = NT_STATUS_OK;
- status = walk_xattr_streams(handle->conn, fsp, fname,
+ if (S_ISLNK(sbuf.st_ex_mode)) {
+ /*
+ * Currently we do't have SMB_VFS_LLISTXATTR
+ * inside the VFS which means there's no way
+ * to cope with a symlink when lp_posix_pathnames().
+ * returns true. For now ignore links.
+ * FIXME - by adding SMB_VFS_LLISTXATTR. JRA.
+ */
+ status = NT_STATUS_OK;
+ } else {
+ status = walk_xattr_streams(handle->conn, fsp, fname,
collect_one_stream, &state);
+ }
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(state.streams);
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 31a1b67..85d67d6 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -353,6 +353,11 @@ for t in tests:
plansmbtorture4testsuite(t, "s3dc", '//$SERVER_IP/aio
-U$USERNAME%$PASSWORD', 'aio')
plansmbtorture4testsuite(t, "s3dc", '//$SERVER_IP/tmp
-U$USERNAME%$PASSWORD')
plansmbtorture4testsuite(t, "plugin_s4_dc", '//$SERVER/tmp
-U$USERNAME%$PASSWORD')
+ elif t == "raw.search":
+ plansmbtorture4testsuite(t, "s3dc", '//$SERVER_IP/tmp
-U$USERNAME%$PASSWORD')
+# test the dirsort module.
+ plansmbtorture4testsuite(t, "s3dc", '//$SERVER_IP/tmpsort
-U$USERNAME%$PASSWORD')
+ plansmbtorture4testsuite(t, "plugin_s4_dc", '//$SERVER/tmp
-U$USERNAME%$PASSWORD')
else:
plansmbtorture4testsuite(t, "s3dc", '//$SERVER_IP/tmp
-U$USERNAME%$PASSWORD')
plansmbtorture4testsuite(t, "plugin_s4_dc", '//$SERVER/tmp
-U$USERNAME%$PASSWORD')
diff --git a/source3/smbd/oplock.c b/source3/smbd/oplock.c
index 05b0d0b..f2d39b8 100644
--- a/source3/smbd/oplock.c
+++ b/source3/smbd/oplock.c
@@ -150,6 +150,8 @@ static void downgrade_file_oplock(files_struct *fsp)
sconn->oplocks.exclusive_open--;
sconn->oplocks.level_II_open++;
fsp->sent_oplock_break = NO_BREAK_SENT;
+
+ TALLOC_FREE(fsp->oplock_timeout);
}
/****************************************************************************
diff --git a/source3/smbd/smb2_ioctl_network_fs.c
b/source3/smbd/smb2_ioctl_network_fs.c
index 1e1e3e5..49c2715 100644
--- a/source3/smbd/smb2_ioctl_network_fs.c
+++ b/source3/smbd/smb2_ioctl_network_fs.c
@@ -46,16 +46,31 @@ static NTSTATUS copychunk_check_limits(struct
srv_copychunk_copy *cc_copy)
uint32_t i;
uint32_t total_len = 0;
+ /*
+ * [MS-SMB2] 3.3.5.15.6 Handling a Server-Side Data Copy Request
+ * Send and invalid parameter response if:
+ * - The ChunkCount value is greater than
+ * ServerSideCopyMaxNumberofChunks
+ */
if (cc_copy->chunk_count > COPYCHUNK_MAX_CHUNKS) {
return NT_STATUS_INVALID_PARAMETER;
}
for (i = 0; i < cc_copy->chunk_count; i++) {
- if (cc_copy->chunks[i].length > COPYCHUNK_MAX_CHUNK_LEN) {
+ /*
+ * - The Length value in a single chunk is greater than
+ * ServerSideCopyMaxChunkSize or equal to zero.
+ */
+ if ((cc_copy->chunks[i].length == 0)
+ || (cc_copy->chunks[i].length > COPYCHUNK_MAX_CHUNK_LEN)) {
return NT_STATUS_INVALID_PARAMETER;
}
total_len += cc_copy->chunks[i].length;
}
+ /*
+ * - Sum of Lengths in all chunks is greater than
+ * ServerSideCopyMaxDataSize
+ */
if (total_len > COPYCHUNK_MAX_TOTAL_LEN) {
return NT_STATUS_INVALID_PARAMETER;
}
@@ -394,8 +409,8 @@ static NTSTATUS fsctl_validate_neg_info(TALLOC_CTX *mem_ctx,
SIVAL(out_output->data, 0x00, conn->smb2.server.capabilities);
memcpy(out_output->data+0x04, out_guid_blob.data, 16);
- SIVAL(out_output->data, 0x14, conn->smb2.server.security_mode);
- SIVAL(out_output->data, 0x16, conn->smb2.server.dialect);
+ SSVAL(out_output->data, 0x14, conn->smb2.server.security_mode);
+ SSVAL(out_output->data, 0x16, conn->smb2.server.dialect);
return NT_STATUS_OK;
}
diff --git a/source4/kdc/hdb-samba4-plugin.c b/source4/kdc/hdb-samba4-plugin.c
index 568386d..6f76124 100644
--- a/source4/kdc/hdb-samba4-plugin.c
+++ b/source4/kdc/hdb-samba4-plugin.c
@@ -60,6 +60,8 @@ static krb5_error_code hdb_samba4_create(krb5_context
context, struct HDB **db,
if (NT_STATUS_IS_OK(nt_status)) {
return 0;
+ } else if (NT_STATUS_EQUAL(nt_status,
NT_STATUS_ERROR_DS_INCOMPATIBLE_VERSION)) {
+ return EINVAL;
} else if (NT_STATUS_EQUAL(nt_status,
NT_STATUS_CANT_ACCESS_DOMAIN_INFO)) {
krb5_set_error_message(context, EINVAL, "Failed to open Samba4
LDB at %s", lpcfg_private_path(base_ctx, base_ctx->lp_ctx, "sam.ldb"));
@@ -70,6 +72,22 @@ static krb5_error_code hdb_samba4_create(krb5_context
context, struct HDB **db,
return EINVAL;
}
+#if (HDB_INTERFACE_VERSION != 8 && HDB_INTERFACE_VERSION != 7)
+#error "Unsupported Heimdal HDB version"
+#endif
+
+#if HDB_INTERFACE_VERSION >= 8
+static krb5_error_code hdb_samba4_init(krb5_context context, void **ctx)
+{
+ *ctx = NULL;
+ return 0;
+}
+
+static void hdb_samba4_fini(void *ctx)
+{
+}
+#endif
+
/* Only used in the hdb-backed keytab code
* for a keytab of 'samba4&<address>' or samba4, to find
* kpasswd's key in the main DB, and to
@@ -78,7 +96,11 @@ static krb5_error_code hdb_samba4_create(krb5_context
context, struct HDB **db,
* The <address> is the string form of a pointer to a talloced struct
hdb_samba_context
*/
struct hdb_method hdb_samba4_interface = {
- .interface_version = HDB_INTERFACE_VERSION,
+ HDB_INTERFACE_VERSION,
+#if HDB_INTERFACE_VERSION >= 8
+ .init = hdb_samba4_init,
+ .fini = hdb_samba4_fini,
+#endif
.prefix = "samba4",
.create = hdb_samba4_create
};
diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c
index 6a9e558..4519fb9 100644
--- a/source4/kdc/hdb-samba4.c
+++ b/source4/kdc/hdb-samba4.c
@@ -176,6 +176,11 @@ NTSTATUS hdb_samba4_create_kdc(struct
samba_kdc_base_context *base_ctx,
struct samba_kdc_db_context *kdc_db_ctx;
NTSTATUS nt_status;
+ if (hdb_interface_version != HDB_INTERFACE_VERSION) {
+ krb5_set_error_message(context, EINVAL, "Heimdal HDB interface
version mismatch between build-time and run-time libraries!");
+ return NT_STATUS_ERROR_DS_INCOMPATIBLE_VERSION;
+ }
+
*db = talloc(base_ctx, HDB);
if (!*db) {
krb5_set_error_message(context, ENOMEM, "malloc: out of
memory");
diff --git a/source4/torture/smb2/ioctl.c b/source4/torture/smb2/ioctl.c
index 501b233..561f45a 100644
--- a/source4/torture/smb2/ioctl.c
+++ b/source4/torture/smb2/ioctl.c
@@ -1543,6 +1543,68 @@ static bool test_ioctl_copy_chunk_max_output_sz(struct
torture_context *torture,
return true;
}
+static bool test_ioctl_copy_chunk_zero_length(struct torture_context *torture,
+ struct smb2_tree *tree)
+{
+ struct smb2_handle src_h;
+ struct smb2_handle dest_h;
+ NTSTATUS status;
+ union smb_ioctl ioctl;
+ union smb_fileinfo q;
+ TALLOC_CTX *tmp_ctx = talloc_new(tree);
+ struct srv_copychunk_copy cc_copy;
+ struct srv_copychunk_rsp cc_rsp;
+ enum ndr_err_code ndr_ret;
+ bool ok;
+
+ ok = test_setup_copy_chunk(torture, tree, tmp_ctx,
+ 1, /* 1 chunk */
+ &src_h, 4096, /* fill 4096 byte src file */
+ SEC_RIGHTS_FILE_ALL,
+ &dest_h, 0, /* 0 byte dest file */
+ SEC_RIGHTS_FILE_ALL,
+ &cc_copy,
+ &ioctl);
+ if (!ok) {
+ torture_fail(torture, "setup copy chunk error");
+ }
+
+ /* zero length server-side copy (via a single chunk desc) */
+ cc_copy.chunks[0].source_off = 0;
+ cc_copy.chunks[0].target_off = 0;
--
Samba Shared Repository
