The branch, v4-4-test has been updated
via 083ff22 s3: smbd: Restart reading the incoming SMB2 fd when the
send queue is drained.
via 3f71253 s3:winbindd: fix endless forest trust scan
via 0915fd4 vfs_fruit: only veto AppleDouble files with
fruit:resource=file
from 38d0286 VERSION: Bump version up to 4.4.11...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-4-test
- Log -----------------------------------------------------------------
commit 083ff22e0a89b6efb982c750c3ebb39130626516
Author: Jeremy Allison <j...@samba.org>
Date: Thu Mar 2 09:13:23 2017 -0800
s3: smbd: Restart reading the incoming SMB2 fd when the send queue is
drained.
When the send queue grows greater than xconn->smb2.credits.max/16,
smbd_smb2_request_next_incoming() doesn't allocate a new request in
state->req.
After smbd_smb2_io_handler() is called, it marks the fd not readable as
state->req == NULL, and never marks it readable again.
Fix by calling smbd_smb2_request_next_incoming() to restart
reads inside smbd_smb2_flush_send_queue() which drains the
send queue.
Reported by <chen.ye...@h3c.com>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12608
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
Autobuild-User(master): Ralph Böhme <s...@samba.org>
Autobuild-Date(master): Fri Mar 3 02:23:20 CET 2017 on sn-devel-144
(cherry picked from commit 1e0c79ddb34be9a2b9fa92d35387c443c4a381ae)
Autobuild-User(v4-4-test): Karolin Seeger <ksee...@samba.org>
Autobuild-Date(v4-4-test): Mon Mar 6 16:02:16 CET 2017 on sn-devel-144
commit 3f71253ae50d4d51d24956245b254fb8c9fa5f1d
Author: Stefan Metzmacher <me...@samba.org>
Date: Thu Mar 2 08:13:57 2017 +0100
s3:winbindd: fix endless forest trust scan
Commit 0392ebcd1d48e9f472f2148b85316a77d9cc953b effectively
disabled the enumeration of trusts in other forests.
The fixes for https://bugzilla.samba.org/show_bug.cgi?id=11691
changed the way we fill domain->domain_flags for domains
in other forests.
Commit fffefe72fcc62d9688b45f53a5327667dc0b2fe6 readded the
ability to enumerate trusts of other forests again, in order to
fix https://bugzilla.samba.org/show_bug.cgi?id=11830
Now we have the problem that multiple domains
(even outside of our forest) are considert to be
our forest root, as they have the following flags:
NETR_TRUST_FLAG_TREEROOT and NETR_TRUST_FLAG_IN_FOREST.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12605
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
Autobuild-User(master): Ralph Böhme <s...@samba.org>
Autobuild-Date(master): Thu Mar 2 17:53:14 CET 2017 on sn-devel-144
(cherry picked from commit f9aaddcdd8f9ea648c9c5ea804f56ee3ff6c4c67)
commit 0915fd4e840311ae45a71f71e14462314a27240a
Author: Ralph Boehme <s...@samba.org>
Date: Thu Jan 19 09:30:45 2017 +0100
vfs_fruit: only veto AppleDouble files with fruit:resource=file
vfs_fruit only creates AppleDouble files itself when "fruit:resource" is
set to "file" (the default). It is only then the these AppleDouble files
should be treated as an internal representation and should be
inaccessible from clients.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12526>
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Uri Simchoni <u...@samba.org>
(cherry picked from commit 708767da8c366c021d6d15a3ae71d009357c3320)
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages/vfs_fruit.8.xml | 12 ++++++++----
source3/modules/vfs_fruit.c | 9 ++++++---
source3/smbd/smb2_server.c | 14 +++++++++++++-
source3/winbindd/winbindd_ads.c | 8 ++++++++
source3/winbindd/winbindd_util.c | 22 ++++++++++++++++++++++
5 files changed, 57 insertions(+), 8 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages/vfs_fruit.8.xml
b/docs-xml/manpages/vfs_fruit.8.xml
index 0f4d941..966bf10 100644
--- a/docs-xml/manpages/vfs_fruit.8.xml
+++ b/docs-xml/manpages/vfs_fruit.8.xml
@@ -223,10 +223,14 @@
<varlistentry>
<term>fruit:veto_appledouble = yes | no</term>
<listitem>
- <para>Whether ._ AppleDouble files are vetoed which
- prevents the client from seing and accessing internal
- AppleDouble files created by vfs_fruit itself for the
- purpose of storing a Mac resource fork.</para>
+ <para><emphasis>Note:</emphasis> this option only applies when
+ <parameter>fruit:resource</parameter> is set to
+ <parameter>file</parameter> (the default).</para>
+
+ <para>When <parameter>fruit:resource</parameter> is set to
+ <parameter>file</parameter>, vfs_fruit may create ._ AppleDouble
+ files. This options controls whether these ._ AppleDouble files
+ are vetoed which prevents the client from accessing them.</para>
<para>Vetoing ._ files may break some applications, eg
extracting Mac ZIP archives from Mac clients failes,
because they contain ._ files. Setting this option to
diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
index ecd150e..10334ff 100644
--- a/source3/modules/vfs_fruit.c
+++ b/source3/modules/vfs_fruit.c
@@ -1343,9 +1343,12 @@ static int init_fruit_config(vfs_handle_struct *handle)
}
config->encoding = (enum fruit_encoding)enumval;
- config->veto_appledouble = lp_parm_bool(
- SNUM(handle->conn), FRUIT_PARAM_TYPE_NAME,
- "veto_appledouble", true);
+ if (config->rsrc == FRUIT_RSRC_ADFILE) {
+ config->veto_appledouble = lp_parm_bool(SNUM(handle->conn),
+ FRUIT_PARAM_TYPE_NAME,
+ "veto_appledouble",
+ true);
+ }
config->use_aapl = lp_parm_bool(
-1, FRUIT_PARAM_TYPE_NAME, "aapl", true);
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 8a4aa96..e1a24f6 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -3567,6 +3567,7 @@ static NTSTATUS smbd_smb2_flush_send_queue(struct
smbXsrv_connection *xconn)
int ret;
int err;
bool retry;
+ NTSTATUS status;
if (xconn->smb2.send_queue == NULL) {
TEVENT_FD_NOT_WRITEABLE(xconn->transport.fde);
@@ -3578,11 +3579,12 @@ static NTSTATUS smbd_smb2_flush_send_queue(struct
smbXsrv_connection *xconn)
bool ok;
if (e->sendfile_header != NULL) {
- NTSTATUS status = NT_STATUS_INTERNAL_ERROR;
size_t size = 0;
size_t i = 0;
uint8_t *buf;
+ status = NT_STATUS_INTERNAL_ERROR;
+
for (i=0; i < e->count; i++) {
size += e->vector[i].iov_len;
}
@@ -3654,6 +3656,16 @@ static NTSTATUS smbd_smb2_flush_send_queue(struct
smbXsrv_connection *xconn)
talloc_free(e->mem_ctx);
}
+ /*
+ * Restart reads if we were blocked on
+ * draining the send queue.
+ */
+
+ status = smbd_smb2_request_next_incoming(xconn);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
return NT_STATUS_OK;
}
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index 808986d..125534f 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -1697,6 +1697,14 @@ static NTSTATUS trusted_domains(struct winbindd_domain
*domain,
}
TALLOC_FREE(parent);
+ /*
+ * We need to pass the modified properties
+ * to the caller.
+ */
+ trust->trust_flags = d.domain_flags;
+ trust->trust_type = d.domain_type;
+ trust->trust_attributes = d.domain_trust_attribs;
+
wcache_tdc_add_domain( &d );
ret_count++;
}
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index bb8bce4..0d7e728 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -345,6 +345,20 @@ static void trustdom_list_done(struct tevent_req *req)
char *p;
struct winbindd_tdc_domain trust_params = {0};
ptrdiff_t extra_len;
+ bool within_forest = false;
+
+ /*
+ * Only when we enumerate our primary domain
+ * or our forest root domain, we should keep
+ * the NETR_TRUST_FLAG_IN_FOREST flag, in
+ * all other cases we need to clear it as the domain
+ * is not part of our forest.
+ */
+ if (state->domain->primary) {
+ within_forest = true;
+ } else if (domain_is_forest_root(state->domain)) {
+ within_forest = true;
+ }
res = wb_domain_request_recv(req, state, &response, &err);
if ((res == -1) || (response->result != WINBINDD_OK)) {
@@ -429,6 +443,14 @@ static void trustdom_list_done(struct tevent_req *req)
trust_params.trust_attribs = (uint32_t)strtoul(q, NULL, 10);
+ if (!within_forest) {
+ trust_params.trust_flags &= ~NETR_TRUST_FLAG_IN_FOREST;
+ }
+
+ if (!state->domain->primary) {
+ trust_params.trust_flags &= ~NETR_TRUST_FLAG_PRIMARY;
+ }
+
/*
* We always call add_trusted_domain() cause on an existing
* domain structure, it will update the SID if necessary.
--
Samba Shared Repository
