The branch, v4-4-test has been updated via 083ff22 s3: smbd: Restart reading the incoming SMB2 fd when the send queue is drained. via 3f71253 s3:winbindd: fix endless forest trust scan via 0915fd4 vfs_fruit: only veto AppleDouble files with fruit:resource=file from 38d0286 VERSION: Bump version up to 4.4.11...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-4-test - Log ----------------------------------------------------------------- commit 083ff22e0a89b6efb982c750c3ebb39130626516 Author: Jeremy Allison <j...@samba.org> Date: Thu Mar 2 09:13:23 2017 -0800 s3: smbd: Restart reading the incoming SMB2 fd when the send queue is drained. When the send queue grows greater than xconn->smb2.credits.max/16, smbd_smb2_request_next_incoming() doesn't allocate a new request in state->req. After smbd_smb2_io_handler() is called, it marks the fd not readable as state->req == NULL, and never marks it readable again. Fix by calling smbd_smb2_request_next_incoming() to restart reads inside smbd_smb2_flush_send_queue() which drains the send queue. Reported by <chen.ye...@h3c.com> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12608 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> Autobuild-User(master): Ralph Böhme <s...@samba.org> Autobuild-Date(master): Fri Mar 3 02:23:20 CET 2017 on sn-devel-144 (cherry picked from commit 1e0c79ddb34be9a2b9fa92d35387c443c4a381ae) Autobuild-User(v4-4-test): Karolin Seeger <ksee...@samba.org> Autobuild-Date(v4-4-test): Mon Mar 6 16:02:16 CET 2017 on sn-devel-144 commit 3f71253ae50d4d51d24956245b254fb8c9fa5f1d Author: Stefan Metzmacher <me...@samba.org> Date: Thu Mar 2 08:13:57 2017 +0100 s3:winbindd: fix endless forest trust scan Commit 0392ebcd1d48e9f472f2148b85316a77d9cc953b effectively disabled the enumeration of trusts in other forests. The fixes for https://bugzilla.samba.org/show_bug.cgi?id=11691 changed the way we fill domain->domain_flags for domains in other forests. Commit fffefe72fcc62d9688b45f53a5327667dc0b2fe6 readded the ability to enumerate trusts of other forests again, in order to fix https://bugzilla.samba.org/show_bug.cgi?id=11830 Now we have the problem that multiple domains (even outside of our forest) are considert to be our forest root, as they have the following flags: NETR_TRUST_FLAG_TREEROOT and NETR_TRUST_FLAG_IN_FOREST. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12605 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> Autobuild-User(master): Ralph Böhme <s...@samba.org> Autobuild-Date(master): Thu Mar 2 17:53:14 CET 2017 on sn-devel-144 (cherry picked from commit f9aaddcdd8f9ea648c9c5ea804f56ee3ff6c4c67) commit 0915fd4e840311ae45a71f71e14462314a27240a Author: Ralph Boehme <s...@samba.org> Date: Thu Jan 19 09:30:45 2017 +0100 vfs_fruit: only veto AppleDouble files with fruit:resource=file vfs_fruit only creates AppleDouble files itself when "fruit:resource" is set to "file" (the default). It is only then the these AppleDouble files should be treated as an internal representation and should be inaccessible from clients. Bug: https://bugzilla.samba.org/show_bug.cgi?id=12526> Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Uri Simchoni <u...@samba.org> (cherry picked from commit 708767da8c366c021d6d15a3ae71d009357c3320) ----------------------------------------------------------------------- Summary of changes: docs-xml/manpages/vfs_fruit.8.xml | 12 ++++++++---- source3/modules/vfs_fruit.c | 9 ++++++--- source3/smbd/smb2_server.c | 14 +++++++++++++- source3/winbindd/winbindd_ads.c | 8 ++++++++ source3/winbindd/winbindd_util.c | 22 ++++++++++++++++++++++ 5 files changed, 57 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/vfs_fruit.8.xml b/docs-xml/manpages/vfs_fruit.8.xml index 0f4d941..966bf10 100644 --- a/docs-xml/manpages/vfs_fruit.8.xml +++ b/docs-xml/manpages/vfs_fruit.8.xml @@ -223,10 +223,14 @@ <varlistentry> <term>fruit:veto_appledouble = yes | no</term> <listitem> - <para>Whether ._ AppleDouble files are vetoed which - prevents the client from seing and accessing internal - AppleDouble files created by vfs_fruit itself for the - purpose of storing a Mac resource fork.</para> + <para><emphasis>Note:</emphasis> this option only applies when + <parameter>fruit:resource</parameter> is set to + <parameter>file</parameter> (the default).</para> + + <para>When <parameter>fruit:resource</parameter> is set to + <parameter>file</parameter>, vfs_fruit may create ._ AppleDouble + files. This options controls whether these ._ AppleDouble files + are vetoed which prevents the client from accessing them.</para> <para>Vetoing ._ files may break some applications, eg extracting Mac ZIP archives from Mac clients failes, because they contain ._ files. Setting this option to diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c index ecd150e..10334ff 100644 --- a/source3/modules/vfs_fruit.c +++ b/source3/modules/vfs_fruit.c @@ -1343,9 +1343,12 @@ static int init_fruit_config(vfs_handle_struct *handle) } config->encoding = (enum fruit_encoding)enumval; - config->veto_appledouble = lp_parm_bool( - SNUM(handle->conn), FRUIT_PARAM_TYPE_NAME, - "veto_appledouble", true); + if (config->rsrc == FRUIT_RSRC_ADFILE) { + config->veto_appledouble = lp_parm_bool(SNUM(handle->conn), + FRUIT_PARAM_TYPE_NAME, + "veto_appledouble", + true); + } config->use_aapl = lp_parm_bool( -1, FRUIT_PARAM_TYPE_NAME, "aapl", true); diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index 8a4aa96..e1a24f6 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -3567,6 +3567,7 @@ static NTSTATUS smbd_smb2_flush_send_queue(struct smbXsrv_connection *xconn) int ret; int err; bool retry; + NTSTATUS status; if (xconn->smb2.send_queue == NULL) { TEVENT_FD_NOT_WRITEABLE(xconn->transport.fde); @@ -3578,11 +3579,12 @@ static NTSTATUS smbd_smb2_flush_send_queue(struct smbXsrv_connection *xconn) bool ok; if (e->sendfile_header != NULL) { - NTSTATUS status = NT_STATUS_INTERNAL_ERROR; size_t size = 0; size_t i = 0; uint8_t *buf; + status = NT_STATUS_INTERNAL_ERROR; + for (i=0; i < e->count; i++) { size += e->vector[i].iov_len; } @@ -3654,6 +3656,16 @@ static NTSTATUS smbd_smb2_flush_send_queue(struct smbXsrv_connection *xconn) talloc_free(e->mem_ctx); } + /* + * Restart reads if we were blocked on + * draining the send queue. + */ + + status = smbd_smb2_request_next_incoming(xconn); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + return NT_STATUS_OK; } diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c index 808986d..125534f 100644 --- a/source3/winbindd/winbindd_ads.c +++ b/source3/winbindd/winbindd_ads.c @@ -1697,6 +1697,14 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain, } TALLOC_FREE(parent); + /* + * We need to pass the modified properties + * to the caller. + */ + trust->trust_flags = d.domain_flags; + trust->trust_type = d.domain_type; + trust->trust_attributes = d.domain_trust_attribs; + wcache_tdc_add_domain( &d ); ret_count++; } diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c index bb8bce4..0d7e728 100644 --- a/source3/winbindd/winbindd_util.c +++ b/source3/winbindd/winbindd_util.c @@ -345,6 +345,20 @@ static void trustdom_list_done(struct tevent_req *req) char *p; struct winbindd_tdc_domain trust_params = {0}; ptrdiff_t extra_len; + bool within_forest = false; + + /* + * Only when we enumerate our primary domain + * or our forest root domain, we should keep + * the NETR_TRUST_FLAG_IN_FOREST flag, in + * all other cases we need to clear it as the domain + * is not part of our forest. + */ + if (state->domain->primary) { + within_forest = true; + } else if (domain_is_forest_root(state->domain)) { + within_forest = true; + } res = wb_domain_request_recv(req, state, &response, &err); if ((res == -1) || (response->result != WINBINDD_OK)) { @@ -429,6 +443,14 @@ static void trustdom_list_done(struct tevent_req *req) trust_params.trust_attribs = (uint32_t)strtoul(q, NULL, 10); + if (!within_forest) { + trust_params.trust_flags &= ~NETR_TRUST_FLAG_IN_FOREST; + } + + if (!state->domain->primary) { + trust_params.trust_flags &= ~NETR_TRUST_FLAG_PRIMARY; + } + /* * We always call add_trusted_domain() cause on an existing * domain structure, it will update the SID if necessary. -- Samba Shared Repository