The branch, v4-2-test has been updated via cb0d8e1 ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..." via d0ba284 lib/tsocket: workaround sockets not supporting FIONREAD via 7f8cbd8 param: Fix str_list_v3 to accept ; again via 6ff4dd7 loadparm: Fix memory leak issue. via bf29f7d s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem with no ACL support. via bd140e6 s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file. from 3435f30 docs-xml: fix typo in smbspool_krb5_wrapper manpage.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-2-test - Log ----------------------------------------------------------------- commit cb0d8e16c48e036a32944bd4b64069b91b607a47 Author: Martin Schwenke <mar...@meltin.net> Date: Mon Feb 8 15:55:17 2016 +1100 ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..." This is unnecessary in Samba >= 4.0 because winbindd monitors IP address itself and no longer needs to be told when they are dropped. The smbcontrol commands can hang if a node has recovery mode active because smbcontrol is unable to connect to the registry. Therefore, the smbcontrol commands should be removed. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11719 Signed-off-by: Martin Schwenke <mar...@meltin.net> Reviewed-by: Ralph Boehme <s...@samba.org> Autobuild-User(master): Ralph Böhme <s...@samba.org> Autobuild-Date(master): Wed Feb 10 14:08:17 CET 2016 on sn-devel-144 (cherry picked from commit 519564bb35a0f840bc4d7c8c5a92441c97b49791) Autobuild-User(v4-2-test): Karolin Seeger <ksee...@samba.org> Autobuild-Date(v4-2-test): Tue Feb 16 11:32:47 CET 2016 on sn-devel-104 commit d0ba284ccbfd054108e9ea8d64a65f467619c6d7 Author: Ralph Boehme <s...@samba.org> Date: Thu Feb 4 15:35:06 2016 +0100 lib/tsocket: workaround sockets not supporting FIONREAD Netlink sockets don't support querying pending bytes with ioctl(fd, FIONREAD, ...) and would return EOPNOTSUPP, so use recvmsg() with MSG_PEEK|MSG_TRUNC as a fallback. The MSG_TRUNC flag to recvmsg() is Linux only, but netlink is as well, so we're safe for now. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11714 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Amitay Isaacs <ami...@gmail.com> Reviewed-by: Martin Schwenke <mar...@meltin.net> Autobuild-User(master): Ralph Böhme <s...@samba.org> Autobuild-Date(master): Wed Feb 10 10:30:24 CET 2016 on sn-devel-144 (cherry picked from commit 574313a1e11d521ba3f7232ff0b4186b49658199) commit 7f8cbd8fe42b0785355cfaef4069ad469b02dd77 Author: Volker Lendecke <v...@samba.org> Date: Thu Feb 11 13:11:46 2016 +0100 param: Fix str_list_v3 to accept ; again Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> Autobuild-User(master): Volker Lendecke <v...@samba.org> Autobuild-Date(master): Thu Feb 11 19:19:55 CET 2016 on sn-devel-144 https://bugzilla.samba.org/show_bug.cgi?id=11732 commit 6ff4dd74452da86ff230dd9b41bcb6b6e55318b2 Author: Hemanth Thummala <hemanth.thumm...@nutanix.com> Date: Tue Feb 2 10:33:20 2016 -0800 loadparm: Fix memory leak issue. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11708 Signed-off-by: Hemanth Thummala <hemanth.thumm...@nutanix.com> Reviewed-by: Alexander Bokovoy <a...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org> Autobuild-Date(master): Thu Feb 4 12:39:14 CET 2016 on sn-devel-144 (cherry picked from commit 8247d93701ed838190fe74044a63a56d63d37bf5) commit bf29f7d67a47e64d9c9212135e59081c748a8f4e Author: Jeremy Allison <j...@samba.org> Date: Tue Feb 9 12:47:43 2016 -0800 s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem with no ACL support. Since 4.0.x we add 2 additional ACE entries, one SMB_ACL_USER and SMB_ACL_GROUP to match the existing SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ entries. The two additional entries break the simple "must have 3 entries" check done inside convert_canon_ace_to_posix_perms(). Replace this with a more complete test. Problem and initial fix provided by <tcle...@ucdavis.edu> BUG: https://bugzilla.samba.org/show_bug.cgi?id=10489 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Uri Simchoni <u...@samba.org> Autobuild-User(master): Uri Simchoni <u...@samba.org> Autobuild-Date(master): Thu Feb 11 11:14:53 CET 2016 on sn-devel-144 (cherry picked from commit 5172bf0c5b0672c1479c2ad776460956aa469bca) commit bd140e69e4990858842df76b0ca42dc87a602666 Author: Jose A. Rivera <jar...@samba.org> Date: Wed Feb 3 20:58:19 2016 -0600 s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11727 Signed-off-by: Jose A. Rivera <jar...@samba.org> Pair-programmed-with: Ira Cooper <i...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Fri Feb 5 04:37:43 CET 2016 on sn-devel-144 (cherry picked from commit aec07b8b60ff9589a3c84eef6adeca464e6c01f6) ----------------------------------------------------------------------- Summary of changes: ctdb/config/events.d/11.natgw | 4 --- ctdb/config/events.d/49.winbind | 7 ----- lib/tsocket/tsocket_bsd.c | 62 ++++++++++++++++++++++++++++++++++++++++- lib/util/util_strlist.c | 18 +++++++++++- source3/param/loadparm.c | 2 +- source3/smbd/open.c | 4 +-- source3/smbd/posix_acls.c | 39 +++++++++++++++++++++++++- 7 files changed, 119 insertions(+), 17 deletions(-) Changeset truncated at 500 lines: diff --git a/ctdb/config/events.d/11.natgw b/ctdb/config/events.d/11.natgw index aef302c..5e10d1d 100755 --- a/ctdb/config/events.d/11.natgw +++ b/ctdb/config/events.d/11.natgw @@ -98,10 +98,6 @@ natgw_set_slave () _net="${_net_gw%@*}" ip route add "$_net" via "$_natgwip" metric 10 done - - # Make sure winbindd does not stay bound to this address if we are - # no longer NATGW master - smbcontrol winbindd ip-dropped $CTDB_NATGW_PUBLIC_IP >/dev/null 2>&1 } natgw_ensure_master () diff --git a/ctdb/config/events.d/49.winbind b/ctdb/config/events.d/49.winbind index dee3c90..a1ea787 100755 --- a/ctdb/config/events.d/49.winbind +++ b/ctdb/config/events.d/49.winbind @@ -55,13 +55,6 @@ case "$1" in ctdb_check_command wbinfo -p ;; - takeip|releaseip) - iface=$2 - ip=$3 - maskbits=$4 - - smbcontrol winbindd ip-dropped $ip >/dev/null 2>/dev/null - ;; *) ctdb_standard_event_handler "$@" ;; diff --git a/lib/tsocket/tsocket_bsd.c b/lib/tsocket/tsocket_bsd.c index 067d658..e2dfe9d 100644 --- a/lib/tsocket/tsocket_bsd.c +++ b/lib/tsocket/tsocket_bsd.c @@ -153,6 +153,43 @@ static int tsocket_bsd_common_prepare_fd(int fd, bool high_fd) return -1; } +#ifdef HAVE_LINUX_RTNETLINK_H +/** + * Get the amount of pending bytes from a netlink socket + * + * For some reason netlink sockets don't support querying the amount of pending + * data via ioctl with FIONREAD, which is what we use in tsocket_bsd_pending() + * below. + * + * We know we are on Linux as we're using netlink, which means we have a working + * MSG_TRUNC flag to recvmsg() as well, so we use that together with MSG_PEEK. + **/ +static ssize_t tsocket_bsd_netlink_pending(int fd) +{ + struct iovec iov; + struct msghdr msg; + char buf[1]; + + iov = (struct iovec) { + .iov_base = buf, + .iov_len = sizeof(buf) + }; + + msg = (struct msghdr) { + .msg_iov = &iov, + .msg_iovlen = 1 + }; + + return recvmsg(fd, &msg, MSG_PEEK | MSG_TRUNC); +} +#else +static ssize_t tsocket_bsd_netlink_pending(int fd) +{ + errno = ENOSYS; + return -1; +} +#endif + static ssize_t tsocket_bsd_pending(int fd) { int ret, error; @@ -661,6 +698,7 @@ struct tdgram_bsd { void *event_ptr; struct tevent_fd *fde; bool optimize_recvfrom; + bool netlink; void *readable_private; void (*readable_handler)(void *private_data); @@ -913,7 +951,12 @@ static void tdgram_bsd_recvfrom_handler(void *private_data) int err; bool retry; - ret = tsocket_bsd_pending(bsds->fd); + if (bsds->netlink) { + ret = tsocket_bsd_netlink_pending(bsds->fd); + } else { + ret = tsocket_bsd_pending(bsds->fd); + } + if (state->first_try && ret == 0) { state->first_try = false; /* retry later */ @@ -1416,6 +1459,11 @@ int _tdgram_bsd_existing_socket(TALLOC_CTX *mem_ctx, { struct tdgram_context *dgram; struct tdgram_bsd *bsds; +#ifdef HAVE_LINUX_RTNETLINK_H + int result; + struct sockaddr sa; + socklen_t sa_len = sizeof(struct sockaddr); +#endif dgram = tdgram_context_create(mem_ctx, &tdgram_bsd_ops, @@ -1430,6 +1478,18 @@ int _tdgram_bsd_existing_socket(TALLOC_CTX *mem_ctx, talloc_set_destructor(bsds, tdgram_bsd_destructor); *_dgram = dgram; + +#ifdef HAVE_LINUX_RTNETLINK_H + /* + * Try to determine the protocol family and remember if it's + * AF_NETLINK. We don't care if this fails. + */ + result = getsockname(fd, &sa, &sa_len); + if (result == 0 && sa.sa_family == AF_NETLINK) { + bsds->netlink = true; + } +#endif + return 0; } diff --git a/lib/util/util_strlist.c b/lib/util/util_strlist.c index ea6c8a3..46d37f2 100644 --- a/lib/util/util_strlist.c +++ b/lib/util/util_strlist.c @@ -552,7 +552,23 @@ char **str_list_make_v3(TALLOC_CTX *mem_ctx, const char *string, TALLOC_FREE(list); return NULL; } - if (!sep) sep = LIST_SEP; + + /* + * DON'T REPLACE THIS BY "LIST_SEP". The common version of + * LIST_SEP does not contain the ;, which used to be accepted + * by Samba 4.0 before param merges. It would be the far + * better solution to split the _v3 version again to source3/ + * where it belongs, see the _v3 in its name. + * + * Unfortunately it is referenced in /lib/param/loadparm.c, + * which depends on the version that the AD-DC mandates, + * namely without the ; as part of the list separator. I am + * missing the waf fu to properly work around the wrong + * include paths here for this defect. + */ + if (sep == NULL) { + sep = " \t,;\n\r"; + } num = 0; str = s; diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 94de252..5596234 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -1289,7 +1289,7 @@ static int add_a_service(const struct loadparm_service *pservice, const char *na return (-1); } ServicePtrs = tsp; - ServicePtrs[iNumServices] = talloc_zero(NULL, struct loadparm_service); + ServicePtrs[iNumServices] = talloc_zero(ServicePtrs, struct loadparm_service); if (!ServicePtrs[iNumServices]) { DEBUG(0,("add_a_service: out of memory!\n")); return (-1); diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 5dbb0a5..eb4323a 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -3166,8 +3166,8 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn, } if (info != FILE_WAS_OPENED) { - /* Files should be initially set as archive */ - if (lp_map_archive(SNUM(conn)) || + /* Overwritten files should be initially set as archive */ + if ((info == FILE_WAS_OVERWRITTEN && lp_map_archive(SNUM(conn))) || lp_store_dos_attributes(SNUM(conn))) { if (!posix_open) { if (file_set_dosmode(conn, smb_fname, diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 8b4c7b1..6d08e53 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -3085,7 +3085,7 @@ static bool convert_canon_ace_to_posix_perms( files_struct *fsp, canon_ace *file canon_ace *group_ace = NULL; canon_ace *other_ace = NULL; - if (ace_count != 3) { + if (ace_count > 5) { DEBUG(3,("convert_canon_ace_to_posix_perms: Too many ACE " "entries for file %s to convert to posix perms.\n", fsp_str_dbg(fsp))); @@ -3107,6 +3107,43 @@ static bool convert_canon_ace_to_posix_perms( files_struct *fsp, canon_ace *file return False; } + /* + * Ensure all ACE entries are owner, group or other. + * We can't set if there are any other SIDs. + */ + for (ace_p = file_ace_list; ace_p; ace_p = ace_p->next) { + if (ace_p == owner_ace || ace_p == group_ace || + ace_p == other_ace) { + continue; + } + if (ace_p->owner_type == UID_ACE) { + if (ace_p->unix_ug.id != owner_ace->unix_ug.id) { + DEBUG(3,("Invalid uid %u in ACE for file %s.\n", + (unsigned int)ace_p->unix_ug.id, + fsp_str_dbg(fsp))); + return false; + } + } else if (ace_p->owner_type == GID_ACE) { + if (ace_p->unix_ug.id != group_ace->unix_ug.id) { + DEBUG(3,("Invalid gid %u in ACE for file %s.\n", + (unsigned int)ace_p->unix_ug.id, + fsp_str_dbg(fsp))); + return false; + } + } else { + /* + * There should be no duplicate WORLD_ACE entries. + */ + + DEBUG(3,("Invalid type %u, uid %u in " + "ACE for file %s.\n", + (unsigned int)ace_p->owner_type, + (unsigned int)ace_p->unix_ug.id, + fsp_str_dbg(fsp))); + return false; + } + } + *posix_perms = (mode_t)0; *posix_perms |= owner_ace->perms; -- Samba Shared Repository