The branch, v4-7-test has been updated via 214291f s3: docs: Add documentation for "smb2" and "smb2_credits" debug classes. via 2546926 s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically debug credit issues. via 465f3a3 lib: debug: Add DBGC_XXX versions of the macros to allow class-specific messages. via 8bfe55e s3: debug: smb2: Create a new DBGC_SMB2 debug class and mark all smbd/smb2_*.c files with it. via fe02c78 s3:smbd: map nterror on smb2_flush errorpath via 62388a0 s3: smbd: Fruit. Make the use of dom_sid_compare_domain() much clearer. via 8b9e15b s4: vfs: fruit tests: Add regression test for dealing with NFS ACE entries. via 8df51e5 selftest: vfs.fruit: add xattr_tdb where possible via bb8bbed selftest: run vfs.fruit_netatalk test against seperate share via 3893417 s3: smbd: vfs_fruit: Replace code in fruit_fget_nt_acl() with remove_virtual_nfs_aces(). via 85553b7 s3: smbd: vfs_fruit: Replace code in check_ms_nfs() with remove_virtual_nfs_aces(). via bf3e904 s3: smbd: vfs_fruit: Add remove_virtual_nfs_aces() a generic NFS ACE remover. via db293b8 s3: vfs_fruit. Change check_ms_nfs() to remove the virtual ACE's generated by fruit_fget_nt_acl(). via a37fad5 s3: vfs_fruit. If the security descriptor was modified, ensure we set the flags correctly to reflect the ACE's left. via 9b5d24d s3: vfs_fruit: Ensure we operate on a copy of the incoming security descriptor. via 15391e3 s3: vfs_fruit. Ensure we only return one set of the 'virtual' UNIX ACE entries. via ea6c0ae vfs_glusterfs: Fix the wrong pointer being sent in glfs_fsync_async via 6d4906c s3: smbd: Fix possible directory fd leak if the underlying OS doesn't support fdopendir() via 520672e s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we don't own it here. from 7a49112 s4:auth_sam: allow logons with an empty domain name
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test - Log ----------------------------------------------------------------- commit 214291f832510b2e0245c0703c7ee1ca5c41f0c6 Author: Jeremy Allison <j...@samba.org> Date: Wed Mar 21 12:56:12 2018 -0700 s3: docs: Add documentation for "smb2" and "smb2_credits" debug classes. https://bugzilla.samba.org/show_bug.cgi?id=13347 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Ralph Böhme <s...@samba.org> (cherry picked from commit fc922bd29b40a20450f16728fa7347f8f83d3bcd) Autobuild-User(v4-7-test): Karolin Seeger <ksee...@samba.org> Autobuild-Date(v4-7-test): Fri Mar 23 02:37:09 CET 2018 on sn-devel-144 commit 25469265883a0e63baee72ab3d1ff250ad122264 Author: Jeremy Allison <j...@samba.org> Date: Wed Mar 21 12:52:49 2018 -0700 s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically debug credit issues. https://bugzilla.samba.org/show_bug.cgi?id=13347 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Ralph Böhme <s...@samba.org> (cherry picked from commit ad973fddef00d6d92443be89e7f5404006a94d99) commit 465f3a39b11ce7caf28d36e4168f7a1eeb76ee0a Author: Jeremy Allison <j...@samba.org> Date: Wed Mar 21 12:40:50 2018 -0700 lib: debug: Add DBGC_XXX versions of the macros to allow class-specific messages. https://bugzilla.samba.org/show_bug.cgi?id=13347 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Ralph Böhme <s...@samba.org> (cherry picked from commit cdde6d93605d15a59e816a35e8e02ca193bf1403) commit 8bfe55e063fbb79048dcf715520265f3ac814434 Author: Jeremy Allison <j...@samba.org> Date: Wed Mar 21 12:01:05 2018 -0700 s3: debug: smb2: Create a new DBGC_SMB2 debug class and mark all smbd/smb2_*.c files with it. Will allow easier smb2-specific debugging. https://bugzilla.samba.org/show_bug.cgi?id=13347 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Ralph Böhme <s...@samba.org> (cherry picked from commit 8dabcf8948c2e514b489169c34673e093519b583) commit fe02c78becb2f0bed3fe876157f2ea2d52bb0a97 Author: Anton Nefedov via samba-technical <samba-techni...@lists.samba.org> Date: Thu Mar 15 14:38:41 2018 +0300 s3:smbd: map nterror on smb2_flush errorpath smbd_smb2_flush_recv() expects nterror in tevent_req, and otherwise aborts in tevent_req_is_nterror() BUG: https://bugzilla.samba.org/show_bug.cgi?id=13338 Signed-off-by: Anton Nefedov <anton.nefe...@virtuozzo.com> Reviewed-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> (cherry picked from commit 98623129446672521b7fa41d3457b8ce95db828c) commit 62388a06a548e83decd0e74d3003f6c03b742729 Author: Jeremy Allison <j...@samba.org> Date: Mon Mar 19 15:46:41 2018 -0700 s3: smbd: Fruit. Make the use of dom_sid_compare_domain() much clearer. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> (cherry picked from commit 5c909ea4530d4e7e4aa27046c45e3e48b094a411) commit 8b9e15bd2d71432525aef0012ba5529cb0df5330 Author: Jeremy Allison <j...@samba.org> Date: Thu Mar 15 14:45:06 2018 -0700 s4: vfs: fruit tests: Add regression test for dealing with NFS ACE entries. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Sat Mar 17 04:04:32 CET 2018 on sn-devel-144 (cherry picked from commit a6054c01c29c2507e0d5a6aa110fee4fd5c5eeb9) commit 8df51e5f384c2710cc5ca5f1bd6721f9907b8fdb Author: Ralph Boehme <s...@samba.org> Date: Fri Mar 16 21:57:31 2018 +0100 selftest: vfs.fruit: add xattr_tdb where possible This makes the tests indepent from fs xattr support. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> (cherry picked from commit 49996ca9324596b6cd72eb8051ca3676dab17191) commit bb8bbedcb7412520471c377bea2bd19e93c596b8 Author: Ralph Boehme <s...@samba.org> Date: Fri Mar 16 21:55:26 2018 +0100 selftest: run vfs.fruit_netatalk test against seperate share These tests require a fs with xattr support. This allows adding xattr_tdb to all other shares in the next commit. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> (cherry picked from commit 013aaffe7ff0ed4c30495761bb3208c29b3b5de2) commit 389341799c676cf8ee8a8416c4ee4212307d7796 Author: Jeremy Allison <j...@samba.org> Date: Thu Mar 15 09:57:09 2018 -0700 s3: smbd: vfs_fruit: Replace code in fruit_fget_nt_acl() with remove_virtual_nfs_aces(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> (cherry picked from commit 875ff2575feb96d06cf2290e5b6a226b32ef9758) commit 85553b7e6f5516108de61ba606f9b8267d14d540 Author: Jeremy Allison <j...@samba.org> Date: Thu Mar 15 09:54:41 2018 -0700 s3: smbd: vfs_fruit: Replace code in check_ms_nfs() with remove_virtual_nfs_aces(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> (cherry picked from commit a3c925d80433e3d4fe1b1b315edf6520cacf0a9e) commit bf3e90462b8c1172ada2a8346db376984dd54394 Author: Jeremy Allison <j...@samba.org> Date: Thu Mar 15 09:52:30 2018 -0700 s3: smbd: vfs_fruit: Add remove_virtual_nfs_aces() a generic NFS ACE remover. Not yet used, will be used to tidyup existing code. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> (cherry picked from commit ef091e2cf836793e2aa533990913609ccab5119a) commit db293b85069345ed4b4e637710b910ef80a72723 Author: Jeremy Allison <j...@samba.org> Date: Fri Mar 2 13:53:55 2018 -0800 s3: vfs_fruit. Change check_ms_nfs() to remove the virtual ACE's generated by fruit_fget_nt_acl(). Ensures they don't get stored in the underlying ACL. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> Autobuild-User(master): Ralph Böhme <s...@samba.org> Autobuild-Date(master): Thu Mar 8 04:09:38 CET 2018 on sn-devel-144 (cherry picked from commit e0b147f650fe59f606d1faffe57059e6e9d7837b) commit a37fad5131cadbc3d2bee5107ed8fa0f254e9be4 Author: Jeremy Allison <j...@samba.org> Date: Fri Mar 2 13:51:54 2018 -0800 s3: vfs_fruit. If the security descriptor was modified, ensure we set the flags correctly to reflect the ACE's left. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> (cherry picked from commit 8edad37e476295e25932778721d8ef33713f6853) commit 9b5d24dc05b439eca46b4d9a2510419296a67e1e Author: Jeremy Allison <j...@samba.org> Date: Fri Mar 2 13:21:37 2018 -0800 s3: vfs_fruit: Ensure we operate on a copy of the incoming security descriptor. This will allow us to modify it in the next commit. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> (cherry picked from commit 019a1bc4caf3439adcaac48b384e86d84a1ad383) commit 15391e3202dff4aefd3afd6df487b587f4872848 Author: Jeremy Allison <j...@samba.org> Date: Fri Mar 2 13:07:48 2018 -0800 s3: vfs_fruit. Ensure we only return one set of the 'virtual' UNIX ACE entries. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> (cherry picked from commit e9059c7b40069cfb036bfb95958b78c6a2c800e4) commit ea6c0ae7a8575fa57f4d256e6a114cff55ff9471 Author: Poornima G <pguru...@redhat.com> Date: Thu Feb 22 16:21:35 2018 +0530 vfs_glusterfs: Fix the wrong pointer being sent in glfs_fsync_async BUG: https://bugzilla.samba.org/show_bug.cgi?id=13297 Pair-Programmed-With: Anoop C S <anoo...@redhat.com> Signed-off-by: Poornima G <pguru...@redhat.com> Reviewed-by: Guenther Deschner <g...@samba.org> Reviewed-by: Michael Adam <ob...@samba.org> Autobuild-User(master): Günther Deschner <g...@samba.org> Autobuild-Date(master): Mon Feb 26 20:17:50 CET 2018 on sn-devel-144 (cherry picked from commit 46e6626f73f42c84f254507c3ec2b591e2e732ba) commit 6d4906c0b0c153c649f9e6e62c470cd98e1bf024 Author: Jeremy Allison <j...@samba.org> Date: Wed Feb 14 13:23:12 2018 -0800 s3: smbd: Fix possible directory fd leak if the underlying OS doesn't support fdopendir() HPUX has this problem. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13270 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> Autobuild-User(master): Ralph Böhme <s...@samba.org> Autobuild-Date(master): Fri Feb 23 22:56:35 CET 2018 on sn-devel-144 (cherry picked from commit 5ad5e7966f555b1d2b39d276646934a2cd2535e6) commit 520672e685c8fc742b63ae2157e645b0362c34a8 Author: Jeremy Allison <j...@samba.org> Date: Wed Jan 24 14:09:43 2018 -0800 s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we don't own it here. Thanks to Isaac Boukris <ibouk...@gmail.com> for finding the issue and testing this fix. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13244 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Fri Jan 26 02:25:20 CET 2018 on sn-devel-144 (cherry picked from commit e7425bd5245ffea68b7e8f794c9b5f864d103769) ----------------------------------------------------------------------- Summary of changes: docs-xml/smbdotconf/logging/loglevel.xml | 2 + lib/util/debug.c | 2 + lib/util/debug.h | 32 ++++++ selftest/target/Samba3.pm | 18 +++- source3/libads/ldap_utils.c | 9 ++ source3/modules/vfs_fruit.c | 93 ++++++++++++++++- source3/modules/vfs_glusterfs.c | 2 +- source3/selftest/tests.py | 2 +- source3/smbd/smb2_break.c | 3 + source3/smbd/smb2_close.c | 3 + source3/smbd/smb2_create.c | 3 + source3/smbd/smb2_flush.c | 5 +- source3/smbd/smb2_getinfo.c | 3 + source3/smbd/smb2_glue.c | 3 + source3/smbd/smb2_ioctl.c | 3 + source3/smbd/smb2_ioctl_dfs.c | 3 + source3/smbd/smb2_ioctl_filesys.c | 3 + source3/smbd/smb2_ioctl_named_pipe.c | 3 + source3/smbd/smb2_ioctl_network_fs.c | 3 + source3/smbd/smb2_keepalive.c | 3 + source3/smbd/smb2_lock.c | 3 + source3/smbd/smb2_negprot.c | 3 + source3/smbd/smb2_notify.c | 3 + source3/smbd/smb2_query_directory.c | 12 ++- source3/smbd/smb2_read.c | 3 + source3/smbd/smb2_server.c | 51 +++++---- source3/smbd/smb2_sesssetup.c | 3 + source3/smbd/smb2_setinfo.c | 3 + source3/smbd/smb2_tcon.c | 3 + source3/smbd/smb2_write.c | 3 + source4/torture/vfs/fruit.c | 171 +++++++++++++++++++++++++++++++ 31 files changed, 425 insertions(+), 31 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/logging/loglevel.xml b/docs-xml/smbdotconf/logging/loglevel.xml index 1a3767d..d3b5c45 100644 --- a/docs-xml/smbdotconf/logging/loglevel.xml +++ b/docs-xml/smbdotconf/logging/loglevel.xml @@ -22,6 +22,8 @@ <listitem><para><parameter moreinfo="none">printdrivers</parameter></para></listitem> <listitem><para><parameter moreinfo="none">lanman</parameter></para></listitem> <listitem><para><parameter moreinfo="none">smb</parameter></para></listitem> + <listitem><para><parameter moreinfo="none">smb2</parameter></para></listitem> + <listitem><para><parameter moreinfo="none">smb2_credits</parameter></para></listitem> <listitem><para><parameter moreinfo="none">rpc_parse</parameter></para></listitem> <listitem><para><parameter moreinfo="none">rpc_srv</parameter></para></listitem> <listitem><para><parameter moreinfo="none">rpc_cli</parameter></para></listitem> diff --git a/lib/util/debug.c b/lib/util/debug.c index 8b28002..135cdb6 100644 --- a/lib/util/debug.c +++ b/lib/util/debug.c @@ -541,6 +541,8 @@ static const char *default_classname_table[] = { [DBGC_AUTH_AUDIT_JSON] = "auth_json_audit", [DBGC_KERBEROS] = "kerberos", [DBGC_DRS_REPL] = "drs_repl", + [DBGC_SMB2] = "smb2", + [DBGC_SMB2_CREDITS] = "smb2_credits", }; /* diff --git a/lib/util/debug.h b/lib/util/debug.h index e82553a..1e184b4 100644 --- a/lib/util/debug.h +++ b/lib/util/debug.h @@ -93,6 +93,8 @@ bool dbghdr( int level, const char *location, const char *func); #define DBGC_AUTH_AUDIT_JSON 25 #define DBGC_KERBEROS 26 #define DBGC_DRS_REPL 27 +#define DBGC_SMB2 28 +#define DBGC_SMB2_CREDITS 29 /* So you can define DBGC_CLASS before including debug.h */ #ifndef DBGC_CLASS @@ -216,6 +218,14 @@ extern int *DEBUGLEVEL_CLASS; && (dbgtext("%s: ", __func__)) \ && (dbgtext body) ) +/* Prefix messages with the function name - class specific */ +#define DBGC_PREFIX(dbgc_class, level, body ) \ + (void)( ((level) <= MAX_DEBUG_LEVEL) && \ + unlikely(DEBUGLEVEL_CLASS[ dbgc_class ] >= (level)) \ + && (dbghdrclass(level, dbgc_class, __location__, __func__ )) \ + && (dbgtext("%s: ", __func__)) \ + && (dbgtext body) ) + /* * Debug levels matching RFC 3164 */ @@ -231,12 +241,34 @@ extern int *DEBUGLEVEL_CLASS; #define DBG_INFO(...) DBG_PREFIX(DBGLVL_INFO, (__VA_ARGS__)) #define DBG_DEBUG(...) DBG_PREFIX(DBGLVL_DEBUG, (__VA_ARGS__)) +#define DBGC_ERR(dbgc_class, ...) DBGC_PREFIX(dbgc_class, \ + DBGLVL_ERR, (__VA_ARGS__)) +#define DBGC_WARNING(dbgc_class, ...) DBGC_PREFIX(dbgc_class, \ + DBGLVL_WARNING, (__VA_ARGS__)) +#define DBGC_NOTICE(dbgc_class, ...) DBGC_PREFIX(dbgc_class, \ + DBGLVL_NOTICE, (__VA_ARGS__)) +#define DBGC_INFO(dbgc_class, ...) DBGC_PREFIX(dbgc_class, \ + DBGLVL_INFO, (__VA_ARGS__)) +#define DBGC_DEBUG(dbgc_class, ...) DBGC_PREFIX(dbgc_class, \ + DBGLVL_DEBUG, (__VA_ARGS__)) + #define D_ERR(...) DEBUG(DBGLVL_ERR, (__VA_ARGS__)) #define D_WARNING(...) DEBUG(DBGLVL_WARNING, (__VA_ARGS__)) #define D_NOTICE(...) DEBUG(DBGLVL_NOTICE, (__VA_ARGS__)) #define D_INFO(...) DEBUG(DBGLVL_INFO, (__VA_ARGS__)) #define D_DEBUG(...) DEBUG(DBGLVL_DEBUG, (__VA_ARGS__)) +#define DC_ERR(...) DEBUGC(dbgc_class, \ + DBGLVL_ERR, (__VA_ARGS__)) +#define DC_WARNING(...) DEBUGC(dbgc_class, \ + DBGLVL_WARNING, (__VA_ARGS__)) +#define DC_NOTICE(...) DEBUGC(dbgc_class, \ + DBGLVL_NOTICE, (__VA_ARGS__)) +#define DC_INFO(...) DEBUGC(dbgc_class, \ + DBGLVL_INFO, (__VA_ARGS__)) +#define DC_DEBUG(...) DEBUGC(dbgc_class, \ + DBGLVL_DEBUG, (__VA_ARGS__)) + /* The following definitions come from lib/debug.c */ /** Possible destinations for the debug log (in order of precedence - diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index 4178ed2..f1e29bf 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -1804,6 +1804,16 @@ sub provision($$$$$$$$$) [vfs_fruit] path = $shrdir + vfs objects = catia fruit streams_xattr acl_xattr xattr_tdb + fruit:resource = file + fruit:metadata = netatalk + fruit:locking = netatalk + fruit:encoding = native + fruit:veto_appledouble = no + +[vfs_fruit_xattr] + path = $shrdir + # This is used by vfs.fruit tests that require real fs xattr vfs objects = catia fruit streams_xattr acl_xattr fruit:resource = file fruit:metadata = netatalk @@ -1813,25 +1823,25 @@ sub provision($$$$$$$$$) [vfs_fruit_metadata_stream] path = $shrdir - vfs objects = fruit streams_xattr acl_xattr + vfs objects = fruit streams_xattr acl_xattr xattr_tdb fruit:resource = file fruit:metadata = stream fruit:veto_appledouble = no [vfs_fruit_stream_depot] path = $shrdir - vfs objects = fruit streams_depot acl_xattr + vfs objects = fruit streams_depot acl_xattr xattr_tdb fruit:resource = stream fruit:metadata = stream fruit:veto_appledouble = no [vfs_wo_fruit] path = $shrdir - vfs objects = streams_xattr acl_xattr + vfs objects = streams_xattr acl_xattr xattr_tdb [vfs_wo_fruit_stream_depot] path = $shrdir - vfs objects = streams_depot acl_xattr + vfs objects = streams_depot acl_xattr xattr_tdb [badname-tmp] path = $badnames_shrdir diff --git a/source3/libads/ldap_utils.c b/source3/libads/ldap_utils.c index a4adbc0..0c37b06 100644 --- a/source3/libads/ldap_utils.c +++ b/source3/libads/ldap_utils.c @@ -105,9 +105,18 @@ static ADS_STATUS ads_do_search_retry_internal(ADS_STRUCT *ads, const char *bind status = ads_connect(ads); if (!ADS_ERR_OK(status)) { + bool orig_is_mine = ads->is_mine; + DEBUG(1,("ads_search_retry: failed to reconnect (%s)\n", ads_errstr(status))); + /* + * We need to keep the ads pointer + * from being freed here as we don't own it and + * callers depend on it being around. + */ + ads->is_mine = false; ads_destroy(&ads); + ads->is_mine = orig_is_mine; SAFE_FREE(bp); return status; } diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c index 1e9ec58..857a4ca 100644 --- a/source3/modules/vfs_fruit.c +++ b/source3/modules/vfs_fruit.c @@ -2936,10 +2936,54 @@ static NTSTATUS readdir_attr_macmeta(struct vfs_handle_struct *handle, return status; } +static NTSTATUS remove_virtual_nfs_aces(struct security_descriptor *psd) +{ + NTSTATUS status; + uint32_t i; + + if (psd->dacl == NULL) { + return NT_STATUS_OK; + } + + for (i = 0; i < psd->dacl->num_aces; i++) { + /* MS NFS style mode/uid/gid */ + int cmp = dom_sid_compare_domain( + &global_sid_Unix_NFS, + &psd->dacl->aces[i].trustee); + if (cmp != 0) { + /* Normal ACE entry. */ + continue; + } + + /* + * security_descriptor_dacl_del() + * *must* return NT_STATUS_OK as we know + * we have something to remove. + */ + + status = security_descriptor_dacl_del(psd, + &psd->dacl->aces[i].trustee); + if (!NT_STATUS_IS_OK(status)) { + DBG_WARNING("failed to remove MS NFS style ACE: %s\n", + nt_errstr(status)); + return status; + } + + /* + * security_descriptor_dacl_del() may delete more + * then one entry subsequent to this one if the + * SID matches, but we only need to ensure that + * we stay looking at the same element in the array. + */ + i--; + } + return NT_STATUS_OK; +} + /* Search MS NFS style ACE with UNIX mode */ static NTSTATUS check_ms_nfs(vfs_handle_struct *handle, files_struct *fsp, - const struct security_descriptor *psd, + struct security_descriptor *psd, mode_t *pmode, bool *pdo_chmod) { @@ -2973,7 +3017,12 @@ static NTSTATUS check_ms_nfs(vfs_handle_struct *handle, } } - return NT_STATUS_OK; + /* + * Remove any incoming virtual ACE entries generated by + * fruit_fget_nt_acl(). + */ + + return remove_virtual_nfs_aces(psd); } /**************************************************************************** @@ -5677,6 +5726,13 @@ static NTSTATUS fruit_fget_nt_acl(vfs_handle_struct *handle, return NT_STATUS_OK; } + /* First remove any existing ACE's with NFS style mode/uid/gid SIDs. */ + status = remove_virtual_nfs_aces(*ppdesc); + if (!NT_STATUS_IS_OK(status)) { + DBG_WARNING("failed to remove MS NFS style ACEs\n"); + return status; + } + /* MS NFS style mode */ sid_compose(&sid, &global_sid_Unix_NFS_Mode, fsp->fsp_name->st.st_ex_mode); init_sec_ace(&ace, &sid, SEC_ACE_TYPE_ACCESS_DENIED, 0, 0); @@ -5710,24 +5766,53 @@ static NTSTATUS fruit_fget_nt_acl(vfs_handle_struct *handle, static NTSTATUS fruit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32_t security_info_sent, - const struct security_descriptor *psd) + const struct security_descriptor *orig_psd) { NTSTATUS status; bool do_chmod; mode_t ms_nfs_mode = 0; int result; + struct security_descriptor *psd = NULL; + uint32_t orig_num_aces = 0; + + if (orig_psd->dacl != NULL) { + orig_num_aces = orig_psd->dacl->num_aces; + } + + psd = security_descriptor_copy(talloc_tos(), orig_psd); + if (psd == NULL) { + return NT_STATUS_NO_MEMORY; + } DBG_DEBUG("fruit_fset_nt_acl: %s\n", fsp_str_dbg(fsp)); status = check_ms_nfs(handle, fsp, psd, &ms_nfs_mode, &do_chmod); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("fruit_fset_nt_acl: check_ms_nfs failed%s\n", fsp_str_dbg(fsp))); + TALLOC_FREE(psd); return status; } + /* + * If only ms_nfs ACE entries were sent, ensure we set the DACL + * sent/present flags correctly now we've removed them. + */ + + if (orig_num_aces != 0) { + /* + * Are there any ACE's left ? + */ + if (psd->dacl->num_aces == 0) { + /* No - clear the DACL sent/present flags. */ + security_info_sent &= ~SECINFO_DACL; + psd->type &= ~SEC_DESC_DACL_PRESENT; + } + } + status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("fruit_fset_nt_acl: SMB_VFS_NEXT_FSET_NT_ACL failed%s\n", fsp_str_dbg(fsp))); + TALLOC_FREE(psd); return status; } @@ -5745,10 +5830,12 @@ static NTSTATUS fruit_fset_nt_acl(vfs_handle_struct *handle, result, (unsigned)ms_nfs_mode, strerror(errno))); status = map_nt_error_from_unix(errno); + TALLOC_FREE(psd); return status; } } + TALLOC_FREE(psd); return NT_STATUS_OK; } diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c index 55a9467..b56b788 100644 --- a/source3/modules/vfs_glusterfs.c +++ b/source3/modules/vfs_glusterfs.c @@ -964,7 +964,7 @@ static struct tevent_req *vfs_gluster_fsync_send(struct vfs_handle_struct PROFILE_TIMESTAMP(&state->start); ret = glfs_fsync_async(*(glfs_fd_t **)VFS_FETCH_FSP_EXTENSION(handle, - fsp), aio_glusterfs_done, req); + fsp), aio_glusterfs_done, state); if (ret < 0) { tevent_req_error(req, -ret); return tevent_req_post(req, ev); diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index e40150b..1520990 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -486,7 +486,7 @@ for t in tests: plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/vfs_fruit_metadata_stream -U$USERNAME%$PASSWORD --option=torture:localdir=$SELFTEST_PREFIX/nt4_dc/share --option=torture:share2=vfs_wo_fruit', 'metadata_stream') plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/vfs_fruit_stream_depot -U$USERNAME%$PASSWORD --option=torture:localdir=$SELFTEST_PREFIX/nt4_dc/share --option=torture:share2=vfs_wo_fruit_stream_depot', 'streams_depot') elif t == "vfs.fruit_netatalk": - plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/vfs_fruit -U$USERNAME%$PASSWORD --option=torture:localdir=$SELFTEST_PREFIX/nt4_dc/share') + plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/vfs_fruit_xattr -U$USERNAME%$PASSWORD --option=torture:localdir=$SELFTEST_PREFIX/nt4_dc/share') elif t == "vfs.fruit_file_id": plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/vfs_fruit -U$USERNAME%$PASSWORD') elif t == "rpc.schannel_anon_setpw": diff --git a/source3/smbd/smb2_break.c b/source3/smbd/smb2_break.c index 4c5d62e..86529ed 100644 --- a/source3/smbd/smb2_break.c +++ b/source3/smbd/smb2_break.c @@ -26,6 +26,9 @@ #include "../lib/util/tevent_ntstatus.h" #include "locking/leases_db.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_SMB2 + static NTSTATUS smbd_smb2_request_process_lease_break( struct smbd_smb2_request *req); diff --git a/source3/smbd/smb2_close.c b/source3/smbd/smb2_close.c index 5830228..992b529 100644 --- a/source3/smbd/smb2_close.c +++ b/source3/smbd/smb2_close.c @@ -25,6 +25,9 @@ #include "../lib/util/tevent_ntstatus.h" #include "lib/tevent_wait.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_SMB2 + static struct tevent_req *smbd_smb2_close_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct smbd_smb2_request *smb2req, diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c index c4fe247..26df718 100644 --- a/source3/smbd/smb2_create.c +++ b/source3/smbd/smb2_create.c @@ -29,6 +29,9 @@ #include "../lib/util/tevent_ntstatus.h" #include "messages.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_SMB2 + int map_smb2_oplock_levels_to_samba(uint8_t in_oplock_level) { switch(in_oplock_level) { diff --git a/source3/smbd/smb2_flush.c b/source3/smbd/smb2_flush.c index d077c62..d1ab3a0 100644 --- a/source3/smbd/smb2_flush.c +++ b/source3/smbd/smb2_flush.c @@ -24,6 +24,9 @@ #include "../libcli/smb/smb_common.h" #include "../lib/util/tevent_ntstatus.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_SMB2 + static struct tevent_req *smbd_smb2_flush_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct smbd_smb2_request *smb2req, @@ -198,7 +201,7 @@ static void smbd_smb2_flush_done(struct tevent_req *subreq) ret = SMB_VFS_FSYNC_RECV(subreq, &vfs_aio_state); TALLOC_FREE(subreq); if (ret == -1) { - tevent_req_error(req, vfs_aio_state.error); + tevent_req_nterror(req, map_nt_error_from_unix(vfs_aio_state.error)); return; } tevent_req_done(req); diff --git a/source3/smbd/smb2_getinfo.c b/source3/smbd/smb2_getinfo.c index 7f44868..694e9f8 100644 --- a/source3/smbd/smb2_getinfo.c +++ b/source3/smbd/smb2_getinfo.c @@ -26,6 +26,9 @@ #include "trans2.h" #include "../lib/util/tevent_ntstatus.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_SMB2 + static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct smbd_smb2_request *smb2req, diff --git a/source3/smbd/smb2_glue.c b/source3/smbd/smb2_glue.c index bf2ea5a..6a73ec0 100644 --- a/source3/smbd/smb2_glue.c +++ b/source3/smbd/smb2_glue.c @@ -23,6 +23,9 @@ #include "smbd/globals.h" #include "../libcli/smb/smb_common.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_SMB2 + struct smb_request *smbd_smb2_fake_smb_request(struct smbd_smb2_request *req) { struct smb_request *smbreq; diff --git a/source3/smbd/smb2_ioctl.c b/source3/smbd/smb2_ioctl.c index 993682f..be70e3a 100644 --- a/source3/smbd/smb2_ioctl.c +++ b/source3/smbd/smb2_ioctl.c @@ -27,6 +27,9 @@ #include "smb2_ioctl_private.h" #include "librpc/gen_ndr/ioctl.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_SMB2 + static struct tevent_req *smbd_smb2_ioctl_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct smbd_smb2_request *smb2req, diff --git a/source3/smbd/smb2_ioctl_dfs.c b/source3/smbd/smb2_ioctl_dfs.c index f4dd189..72893ca 100644 --- a/source3/smbd/smb2_ioctl_dfs.c +++ b/source3/smbd/smb2_ioctl_dfs.c @@ -26,6 +26,9 @@ #include "include/ntioctl.h" #include "smb2_ioctl_private.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_SMB2 + static NTSTATUS fsctl_dfs_get_refers(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct connection_struct *conn, diff --git a/source3/smbd/smb2_ioctl_filesys.c b/source3/smbd/smb2_ioctl_filesys.c index 79c5021..8a9c8c6 100644 --- a/source3/smbd/smb2_ioctl_filesys.c +++ b/source3/smbd/smb2_ioctl_filesys.c @@ -31,6 +31,9 @@ #include "librpc/gen_ndr/ndr_ioctl.h" #include "smb2_ioctl_private.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_SMB2 + /* * XXX this may reduce dup_extents->byte_count so that it's less than the * target file size. diff --git a/source3/smbd/smb2_ioctl_named_pipe.c b/source3/smbd/smb2_ioctl_named_pipe.c index 13c4982..f9e3dec 100644 --- a/source3/smbd/smb2_ioctl_named_pipe.c +++ b/source3/smbd/smb2_ioctl_named_pipe.c @@ -27,6 +27,9 @@ #include "include/ntioctl.h" #include "smb2_ioctl_private.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_SMB2 + static void smbd_smb2_ioctl_pipe_write_done(struct tevent_req *subreq); static void smbd_smb2_ioctl_pipe_read_done(struct tevent_req *subreq); diff --git a/source3/smbd/smb2_ioctl_network_fs.c b/source3/smbd/smb2_ioctl_network_fs.c index 4006ccf..c0d1756 100644 --- a/source3/smbd/smb2_ioctl_network_fs.c +++ b/source3/smbd/smb2_ioctl_network_fs.c @@ -31,6 +31,9 @@ #include "smb2_ioctl_private.h" -- Samba Shared Repository