The branch, master has been updated
       via  9e75484 smbd: Remove unused "share_mode_data->id"
       via  698f7f2 smbd: Keep "the_lock"s file id separately
       via  ede6f44 smbd: Avoid checking the_lock->id for fresh locks
       via  c416b34 smbd: Explicitly pass "file_id" to rename_share_filename
       via  b27c5ca smbd: Use fsp->file_id in open_file_ntcreate
       via  a5cd8a5 smbd: Explicitly pass "file_id" to schedule_defer_open
       via  a699f0e smbd: Explicitly pass "file_id" to rename_open_files
       via  cfa6fe8 dfs_server: randomize the server redirect set
       via  6034ab5 s3: smbd: Ensure we always go via getgroups_unix_user() 
when creating an NT token.
      from  efad13a build: Exclude source4/selftest/provisions/release-4-1-0rc3 
from the tarball

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 9e754840deea6e098abc2b05589f73a37d042693
Author: Volker Lendecke <v...@samba.org>
Date:   Thu Mar 20 14:58:19 2014 +0100

    smbd: Remove unused "share_mode_data->id"
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Jeremy Allison <j...@samba.org>
    
    Autobuild-User(master): Jeremy Allison <j...@samba.org>
    Autobuild-Date(master): Fri Mar 21 21:22:24 CET 2014 on sn-devel-104

commit 698f7f21c2dd3a8eaaccee32bf8dd7d36e8c794e
Author: Volker Lendecke <v...@samba.org>
Date:   Thu Mar 20 14:57:19 2014 +0100

    smbd: Keep "the_lock"s file id separately
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Jeremy Allison <j...@samba.org>

commit ede6f448215a4ee81a1c7701c1cead2cc0a33198
Author: Volker Lendecke <v...@samba.org>
Date:   Thu Mar 20 14:53:14 2014 +0100

    smbd: Avoid checking the_lock->id for fresh locks
    
    If we just fetched the lock, this check will always be true.
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Jeremy Allison <j...@samba.org>

commit c416b34648b6734b7b612d51fa9e151a201768da
Author: Volker Lendecke <v...@samba.org>
Date:   Thu Mar 20 14:36:11 2014 +0100

    smbd: Explicitly pass "file_id" to rename_share_filename
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Jeremy Allison <j...@samba.org>

commit b27c5caae39c1724178830adf1df65afff8d46df
Author: Volker Lendecke <v...@samba.org>
Date:   Thu Mar 20 14:45:42 2014 +0100

    smbd: Use fsp->file_id in open_file_ntcreate
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Jeremy Allison <j...@samba.org>

commit a5cd8a513f18336c3ab84867806631628a656f49
Author: Volker Lendecke <v...@samba.org>
Date:   Thu Mar 20 14:36:11 2014 +0100

    smbd: Explicitly pass "file_id" to schedule_defer_open
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Jeremy Allison <j...@samba.org>

commit a699f0e0a6d1c3582a5d8f5361e5c32b46629451
Author: Volker Lendecke <v...@samba.org>
Date:   Thu Mar 20 14:36:11 2014 +0100

    smbd: Explicitly pass "file_id" to rename_open_files
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Jeremy Allison <j...@samba.org>

commit cfa6fe8d6974c35cc50aef2f6cdbbbd9b513e483
Author: Arvid Requate <requ...@univention.de>
Date:   Thu Mar 20 22:49:08 2014 +0100

    dfs_server: randomize the server redirect set
    
    comply with [MS-DFSC] section 3.2.1.1
    
    Signed-off-by: Arvid Requate <requ...@univention.de>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>
    Reviewed-by: Stefan Metzmacher <me...@samba.org>

commit 6034ab521c47fc5f4732398652c9c6847ff92035
Author: Jeremy Allison <j...@samba.org>
Date:   Thu Mar 20 12:39:10 2014 -0700

    s3: smbd: Ensure we always go via getgroups_unix_user() when creating an NT 
token.
    
    This has to be done in every code path that creates
    an NT token, as remote users may have been added to
    the local /etc/group database. Tokens created merely
    from the info3 structs (via the DC or via the krb5 PAC)
    won't have these local groups.
    
    https://bugzilla.samba.org/show_bug.cgi?id=10508
    
    Signed-off-by: Jeremy Allison <j...@samba.org>
    Reviewed-by: Simo Sorce <i...@samba.org>

-----------------------------------------------------------------------

Summary of changes:
 dfs_server/dfs_server_ad.c        |   20 ++++++++++++
 source3/auth/token_util.c         |   61 +++++++++++++++++++++++++++++++++++++
 source3/librpc/idl/open_files.idl |    1 -
 source3/locking/locking.c         |    5 ++-
 source3/locking/proto.h           |    1 +
 source3/locking/share_mode_lock.c |   13 +++++---
 source3/smbd/open.c               |    9 +++--
 source3/smbd/reply.c              |   10 ++++--
 8 files changed, 104 insertions(+), 16 deletions(-)


Changeset truncated at 500 lines:

diff --git a/dfs_server/dfs_server_ad.c b/dfs_server/dfs_server_ad.c
index 504ab79..5e2634f 100644
--- a/dfs_server/dfs_server_ad.c
+++ b/dfs_server/dfs_server_ad.c
@@ -38,6 +38,24 @@ struct dc_set {
        uint32_t count;
 };
 
+static void shuffle_dc_set(struct dc_set *list)
+{
+       uint32_t i;
+
+       srandom(time(NULL));
+
+       for (i = list->count; i > 1; i--) {
+               uint32_t r;
+               const char *tmp;
+
+               r = random() % i;
+
+               tmp = list->names[i - 1];
+               list->names[i - 1] = list->names[r];
+               list->names[r] = tmp;
+       }
+}
+
 /*
   fill a referral type structure
  */
@@ -265,6 +283,8 @@ static NTSTATUS get_dcs_insite(TALLOC_CTX *ctx, struct 
ldb_context *ldb,
                talloc_free(msg);
        }
 
+       shuffle_dc_set(list);
+
        talloc_free(r);
        return NT_STATUS_OK;
 }
diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c
index 936846c..bccf1db 100644
--- a/source3/auth/token_util.c
+++ b/source3/auth/token_util.c
@@ -394,8 +394,69 @@ static NTSTATUS finalize_local_nt_token(struct 
security_token *result,
 {
        struct dom_sid dom_sid;
        gid_t gid;
+       uid_t uid;
        NTSTATUS status;
 
+       /* result->sids[0] is always the user sid. */
+       if (sid_to_uid(&result->sids[0], &uid)) {
+               /*
+                * Now we must get any groups this user has been
+                * added to in /etc/group and merge them in.
+                * This has to be done in every code path
+                * that creates an NT token, as remote users
+                * may have been added to the local /etc/group
+                * database. Tokens created merely from the
+                * info3 structs (via the DC or via the krb5 PAC)
+                * won't have these local groups. Note the
+                * groups added here will only be UNIX groups
+                * (S-1-22-2-XXXX groups) as getgroups_unix_user()
+                * turns off winbindd before calling getgroups().
+                *
+                * NB. This is duplicating work already
+                * done in the 'unix_user:' case of
+                * create_token_from_sid() but won't
+                * do anything other than be inefficient
+                * in that case.
+                */
+               struct passwd *pass = NULL;
+               gid_t *gids = NULL;
+               uint32_t getgroups_num_group_sids = 0;
+               int i;
+               TALLOC_CTX *tmp_ctx = talloc_stackframe();
+
+               pass = getpwuid_alloc(tmp_ctx, uid);
+               if (pass == NULL) {
+                       DEBUG(1, ("getpwuid(%u) failed\n",
+                               (unsigned int)uid));
+                       TALLOC_FREE(tmp_ctx);
+                       return NT_STATUS_UNSUCCESSFUL;
+               }
+
+               if (!getgroups_unix_user(tmp_ctx, pass->pw_name, pass->pw_gid,
+                               &gids, &getgroups_num_group_sids)) {
+                       DEBUG(1, ("getgroups_unix_user for user %s failed\n",
+                               pass->pw_name));
+                       TALLOC_FREE(tmp_ctx);
+                       return NT_STATUS_UNSUCCESSFUL;
+               }
+
+               for (i=0; i<getgroups_num_group_sids; i++) {
+                       struct dom_sid grp_sid;
+                       gid_to_sid(&grp_sid, gids[i]);
+
+                       status = add_sid_to_array_unique(result,
+                                                &grp_sid,
+                                                &result->sids,
+                                                &result->num_sids);
+                       if (!NT_STATUS_IS_OK(status)) {
+                               DEBUG(3, ("Failed to add UNIX SID to nt 
token\n"));
+                               TALLOC_FREE(tmp_ctx);
+                               return status;
+                       }
+               }
+               TALLOC_FREE(tmp_ctx);
+       }
+
        /* Add in BUILTIN sids */
 
        status = add_sid_to_array(result, &global_sid_World,
diff --git a/source3/librpc/idl/open_files.idl 
b/source3/librpc/idl/open_files.idl
index 686bc02..0ebc819 100644
--- a/source3/librpc/idl/open_files.idl
+++ b/source3/librpc/idl/open_files.idl
@@ -41,7 +41,6 @@ interface open_files
                [string,charset(UTF8)] char *servicepath;
                [string,charset(UTF8)] char *base_name;
                [string,charset(UTF8)] char *stream_name;
-               file_id id;
                uint32 num_share_modes;
                [size_is(num_share_modes)] share_mode_entry share_modes[];
                uint32 num_delete_tokens;
diff --git a/source3/locking/locking.c b/source3/locking/locking.c
index 54c92b1..4ef6b89 100644
--- a/source3/locking/locking.c
+++ b/source3/locking/locking.c
@@ -468,6 +468,7 @@ struct share_mode_lock 
*get_existing_share_mode_lock(TALLOC_CTX *mem_ctx,
 
 bool rename_share_filename(struct messaging_context *msg_ctx,
                        struct share_mode_lock *lck,
+                       struct file_id id,
                        const char *servicepath,
                        uint32_t orig_name_hash,
                        uint32_t new_name_hash,
@@ -523,7 +524,7 @@ bool rename_share_filename(struct messaging_context 
*msg_ctx,
                return False;
        }
 
-       push_file_id_24(frm, &d->id);
+       push_file_id_24(frm, &id);
 
        DEBUG(10,("rename_share_filename: msg_len = %u\n", (unsigned 
int)msg_len ));
 
@@ -565,7 +566,7 @@ bool rename_share_filename(struct messaging_context 
*msg_ctx,
                          "pid %s file_id %s sharepath %s base_name %s "
                          "stream_name %s\n",
                          procid_str_static(&se->pid),
-                         file_id_string_tos(&d->id),
+                         file_id_string_tos(&id),
                          d->servicepath, d->base_name,
                        has_stream ? d->stream_name : ""));
 
diff --git a/source3/locking/proto.h b/source3/locking/proto.h
index a897fea..dc115e1 100644
--- a/source3/locking/proto.h
+++ b/source3/locking/proto.h
@@ -164,6 +164,7 @@ struct share_mode_lock 
*fetch_share_mode_unlocked(TALLOC_CTX *mem_ctx,
                                                  struct file_id id);
 bool rename_share_filename(struct messaging_context *msg_ctx,
                        struct share_mode_lock *lck,
+                       struct file_id id,
                        const char *servicepath,
                        uint32_t orig_name_hash,
                        uint32_t new_name_hash,
diff --git a/source3/locking/share_mode_lock.c 
b/source3/locking/share_mode_lock.c
index 5d0874c..5e25404 100644
--- a/source3/locking/share_mode_lock.c
+++ b/source3/locking/share_mode_lock.c
@@ -331,7 +331,6 @@ static struct share_mode_lock *get_share_mode_lock_internal(
                TALLOC_FREE(rec);
                return NULL;
        }
-       d->id = id;
        d->record = talloc_move(d, &rec);
        talloc_set_destructor(d, share_mode_data_destructor);
 
@@ -351,10 +350,12 @@ static struct share_mode_lock 
*get_share_mode_lock_internal(
  * talloc_reference.
  */
 static struct share_mode_lock *the_lock;
+static struct file_id the_lock_id;
 
 static int the_lock_destructor(struct share_mode_lock *l)
 {
        the_lock = NULL;
+       ZERO_STRUCT(the_lock_id);
        return 0;
 }
 
@@ -384,16 +385,18 @@ struct share_mode_lock *get_share_mode_lock(
                        goto fail;
                }
                talloc_set_destructor(the_lock, the_lock_destructor);
+               the_lock_id = id;
        } else {
+               if (!file_id_equal(&the_lock_id, &id)) {
+                       DEBUG(1, ("Can not lock two share modes "
+                                 "simultaneously\n"));
+                       goto fail;
+               }
                if (talloc_reference(lck, the_lock) == NULL) {
                        DEBUG(1, ("talloc_reference failed\n"));
                        goto fail;
                }
        }
-       if (!file_id_equal(&the_lock->data->id, &id)) {
-               DEBUG(1, ("Can not lock two share modes simultaneously\n"));
-               goto fail;
-       }
        lck->data = the_lock->data;
        return lck;
 fail:
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index f995c0b..d05c9ec 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -1738,6 +1738,7 @@ static NTSTATUS fcb_or_dos_open(struct smb_request *req,
 }
 
 static void schedule_defer_open(struct share_mode_lock *lck,
+                               struct file_id id,
                                struct timeval request_time,
                                struct smb_request *req)
 {
@@ -1768,7 +1769,7 @@ static void schedule_defer_open(struct share_mode_lock 
*lck,
 
        state.delayed_for_oplocks = True;
        state.async_open = false;
-       state.id = lck->data->id;
+       state.id = id;
 
        if (!request_timed_out(request_time, timeout)) {
                defer_open(lck, request_time, timeout, req, &state);
@@ -2412,7 +2413,7 @@ static NTSTATUS open_file_ntcreate(connection_struct 
*conn,
                }
 
                if (delay_for_oplock(fsp, 0, lck, false, create_disposition)) {
-                       schedule_defer_open(lck, request_time, req);
+                       schedule_defer_open(lck, fsp->file_id, request_time, 
req);
                        TALLOC_FREE(lck);
                        DEBUG(10, ("Sent oplock break request to kernel "
                                   "oplock holder\n"));
@@ -2425,7 +2426,7 @@ static NTSTATUS open_file_ntcreate(connection_struct 
*conn,
                 */
                state.delayed_for_oplocks = false;
                state.async_open = false;
-               state.id = lck->data->id;
+               state.id = fsp->file_id;
                defer_open(lck, request_time, timeval_set(0, 0), req, &state);
                TALLOC_FREE(lck);
                DEBUG(10, ("No Samba oplock around after EWOULDBLOCK. "
@@ -2525,7 +2526,7 @@ static NTSTATUS open_file_ntcreate(connection_struct 
*conn,
                    fsp, oplock_request, lck,
                    NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION),
                    create_disposition)) {
-               schedule_defer_open(lck, request_time, req);
+               schedule_defer_open(lck, fsp->file_id, request_time, req);
                TALLOC_FREE(lck);
                fd_close(fsp);
                return NT_STATUS_SHARING_VIOLATION;
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index b189d66..9603975 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -6101,6 +6101,7 @@ static bool resolve_wildcards(TALLOC_CTX *ctx,
 
 static void rename_open_files(connection_struct *conn,
                              struct share_mode_lock *lck,
+                             struct file_id id,
                              uint32_t orig_name_hash,
                              const struct smb_filename *smb_fname_dst)
 {
@@ -6109,7 +6110,7 @@ static void rename_open_files(connection_struct *conn,
        NTSTATUS status;
        uint32_t new_name_hash = 0;
 
-       for(fsp = file_find_di_first(conn->sconn, lck->data->id); fsp;
+       for(fsp = file_find_di_first(conn->sconn, id); fsp;
            fsp = file_find_di_next(fsp)) {
                /* fsp_name is a relative path under the fsp. To change this 
for other
                   sharepaths we need to manipulate relative paths. */
@@ -6135,12 +6136,12 @@ static void rename_open_files(connection_struct *conn,
 
        if (!did_rename) {
                DEBUG(10, ("rename_open_files: no open files on file_id %s "
-                          "for %s\n", file_id_string_tos(&lck->data->id),
+                          "for %s\n", file_id_string_tos(&id),
                           smb_fname_str_dbg(smb_fname_dst)));
        }
 
        /* Send messages to all smbd's (not ourself) that the name has changed. 
*/
-       rename_share_filename(conn->sconn->msg_ctx, lck, conn->connectpath,
+       rename_share_filename(conn->sconn->msg_ctx, lck, id, conn->connectpath,
                              orig_name_hash, new_name_hash,
                              smb_fname_dst);
 
@@ -6498,7 +6499,8 @@ NTSTATUS rename_internals_fsp(connection_struct *conn,
                notify_rename(conn, fsp->is_directory, fsp->fsp_name,
                              smb_fname_dst);
 
-               rename_open_files(conn, lck, fsp->name_hash, smb_fname_dst);
+               rename_open_files(conn, lck, fsp->file_id, fsp->name_hash,
+                                 smb_fname_dst);
 
                /*
                 * A rename acts as a new file create w.r.t. allowing an 
initial delete


-- 
Samba Shared Repository

Reply via email to