The branch, master has been updated via bf04ca5658d s3/locking: prime flags in a fresh sharemode data object via 59f55aa083c smbd: fix for bug 14375 via 3f37008edaa smbd: make conflicting_access available to other functions via 2ace545a637 s4/torture: reproducer for bug 14375 via c83ef1d9057 selftest: split a knownfail entry from 6b17dcfd263 winbind.service: drop quotes from $WINBINDOPTIONS variable
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit bf04ca5658dcf7d7cdf5f718eec0e5e21f9a0d64 Author: Ralph Boehme <s...@samba.org> Date: Mon May 11 11:35:04 2020 +0200 s3/locking: prime flags in a fresh sharemode data object This is needed to prime the logic in share_mode_flags_restrict() for the following scenario: * (First) CREATE on a file with FILE_SHARE_NONE and access_mask=FILE_READ_ATTRIBUTES (a stat-open). * share_mode_flags_restrict() gets called with share_mode_flags_restrict(flags=0, access_mask=0x80, share_mode=0, lease_type=UINT32_MAX) and returns a value where none of the FILE_SHARE_* flags is set. As a result share_mode_data.flags doesn't reflect the share-modes in effect. This doesn't change any current visible behaviour outside of open_mode_check(), but it avoids calling share_mode_forall_entries() in open_mode_check_fn(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14375 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> Autobuild-User(master): Ralph Böhme <s...@samba.org> Autobuild-Date(master): Tue May 12 19:52:48 UTC 2020 on sn-devel-184 commit 59f55aa083ce2d87ad6f43dc941f725c79c8ec59 Author: Ralph Boehme <s...@samba.org> Date: Sat May 9 15:13:54 2020 +0200 smbd: fix for bug 14375 ... with many thanks to an enthusiastic Samba user from Poland for helping to track this down. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14375 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> commit 3f37008edaa31c3bc8c9b291dc1af00550ce4f9a Author: Ralph Boehme <s...@samba.org> Date: Mon May 11 13:42:39 2020 +0200 smbd: make conflicting_access available to other functions The next commit adds more users of conflicting_access. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14375 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> commit 2ace545a6378970ca3d8a1a30d4c7da66aaa9721 Author: Ralph Boehme <s...@samba.org> Date: Sat May 9 15:29:15 2020 +0200 s4/torture: reproducer for bug 14375 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14375 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> commit c83ef1d90573fdc9db3d0acbc1335a5b2325f5c5 Author: Ralph Boehme <s...@samba.org> Date: Mon May 11 15:56:58 2020 +0200 selftest: split a knownfail entry Lists the two existing subtests indidivually in preparation of adding a third that is going to pass against ad_dc_ntvfs. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14375 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> ----------------------------------------------------------------------- Summary of changes: selftest/knownfail | 3 +- source3/locking/share_mode_lock.c | 3 + source3/smbd/open.c | 22 +++++--- source4/torture/smb2/sharemode.c | 114 ++++++++++++++++++++++++++++++++++++++ 4 files changed, 133 insertions(+), 9 deletions(-) Changeset truncated at 500 lines: diff --git a/selftest/knownfail b/selftest/knownfail index 6394a2957c3..57a4d93a37d 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -175,7 +175,8 @@ ^samba4.smb2.getinfo.qfs_buffercheck # S4 does not do the INFO_LENGTH_MISMATCH/BUFFER_OVERFLOW thingy ^samba4.smb2.getinfo.qfile_buffercheck # S4 does not do the INFO_LENGTH_MISMATCH/BUFFER_OVERFLOW thingy ^samba4.smb2.getinfo.qsec_buffercheck # S4 does not do the BUFFER_TOO_SMALL thingy -^samba4.smb2.sharemode +^samba4.smb2.sharemode.sharemode-access +^samba4.smb2.sharemode.access-sharemode ^samba4.ntvfs.cifs.krb5.base.createx_access.createx_access\(.*\)$ ^samba4.rpc.lsa.forest.trust #Not fully provided by Samba4 ^samba4.blackbox.upgradeprovision.alpha13.ldapcmp_sd\(none\) # Due to something rewriting the NT ACL on DNS objects diff --git a/source3/locking/share_mode_lock.c b/source3/locking/share_mode_lock.c index de59b8d2545..ff77f12d1f7 100644 --- a/source3/locking/share_mode_lock.c +++ b/source3/locking/share_mode_lock.c @@ -530,6 +530,9 @@ static struct share_mode_data *fresh_share_mode_lock( goto fail; } d->old_write_time = full_timespec_to_nt_time(old_write_time); + d->flags = SHARE_MODE_SHARE_DELETE | + SHARE_MODE_SHARE_WRITE | + SHARE_MODE_SHARE_READ; d->modified = false; d->fresh = true; return d; diff --git a/source3/smbd/open.c b/source3/smbd/open.c index b6a326531aa..cc71cce4df4 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -1493,17 +1493,18 @@ static bool mask_conflict( Returns True if conflict, False if not. ****************************************************************************/ +static const uint32_t conflicting_access = + FILE_WRITE_DATA| + FILE_APPEND_DATA| + FILE_READ_DATA| + FILE_EXECUTE| + DELETE_ACCESS; + static bool share_conflict(uint32_t e_access_mask, uint32_t e_share_access, uint32_t access_mask, uint32_t share_access) { - const uint32_t conflicting_access = - FILE_WRITE_DATA| - FILE_APPEND_DATA| - FILE_READ_DATA| - FILE_EXECUTE| - DELETE_ACCESS; bool conflict; DBG_DEBUG("existing access_mask = 0x%"PRIx32", " @@ -1754,7 +1755,9 @@ static uint16_t share_mode_flags_restrict( &existing_lease_type); existing_access_mask |= access_mask; - existing_share_mode &= share_mode; + if (access_mask & conflicting_access) { + existing_share_mode &= share_mode; + } existing_lease_type |= lease_type; ret = share_mode_flags_set( @@ -1793,7 +1796,10 @@ static bool open_mode_check_fn( } access_mask = state->access_mask | e->access_mask; - share_access = state->share_access & e->share_access; + share_access = state->share_access; + if (e->access_mask & conflicting_access) { + share_access &= e->share_access; + } lease_type = state->lease_type | get_lease_type(e, state->fid); if ((access_mask == state->access_mask) && diff --git a/source4/torture/smb2/sharemode.c b/source4/torture/smb2/sharemode.c index 6a581cd60ab..87f2f852c1c 100644 --- a/source4/torture/smb2/sharemode.c +++ b/source4/torture/smb2/sharemode.c @@ -625,6 +625,118 @@ done: return ret; } +/* + * Test initial stat open with share nothing doesn't trigger SHARING_VIOLTION + * errors. + */ +static bool test_smb2_bug14375(struct torture_context *tctx, + struct smb2_tree *tree) +{ + const char *fname = "test_bug14375"; + struct smb2_create cr1; + struct smb2_create cr2; + struct smb2_create cr3; + NTSTATUS status; + bool ret = true; + + smb2_util_unlink(tree, fname); + + cr1 = (struct smb2_create) { + .in.desired_access = SEC_FILE_READ_ATTRIBUTE, + .in.file_attributes = FILE_ATTRIBUTE_NORMAL, + .in.share_access = NTCREATEX_SHARE_ACCESS_NONE, + .in.create_disposition = NTCREATEX_DISP_CREATE, + .in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS, + .in.fname = fname, + }; + + status = smb2_create(tree, tctx, &cr1); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "CREATE file failed\n"); + + cr2 = (struct smb2_create) { + .in.desired_access = SEC_FILE_READ_DATA, + .in.file_attributes = FILE_ATTRIBUTE_NORMAL, + .in.share_access = NTCREATEX_SHARE_ACCESS_MASK, + .in.create_disposition = NTCREATEX_DISP_OPEN, + .in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS, + .in.fname = fname, + }; + + status = smb2_create(tree, tctx, &cr2); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "CREATE file failed\n"); + + cr3 = (struct smb2_create) { + .in.desired_access = SEC_FILE_READ_DATA, + .in.file_attributes = FILE_ATTRIBUTE_NORMAL, + .in.share_access = NTCREATEX_SHARE_ACCESS_MASK, + .in.create_disposition = NTCREATEX_DISP_OPEN, + .in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS, + .in.fname = fname, + }; + + status = smb2_create(tree, tctx, &cr3); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "CREATE file failed\n"); + + status = smb2_util_close(tree, cr1.out.file.handle); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "CLOSE file failed\n"); + status = smb2_util_close(tree, cr2.out.file.handle); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "CLOSE file failed\n"); + status = smb2_util_close(tree, cr3.out.file.handle); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "CLOSE file failed\n"); + + cr1 = (struct smb2_create) { + .in.desired_access = SEC_FILE_READ_DATA, + .in.file_attributes = FILE_ATTRIBUTE_NORMAL, + .in.share_access = NTCREATEX_SHARE_ACCESS_MASK, + .in.create_disposition = NTCREATEX_DISP_OPEN, + .in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS, + .in.fname = fname, + }; + + status = smb2_create(tree, tctx, &cr1); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "CREATE file failed\n"); + + cr2 = (struct smb2_create) { + .in.desired_access = SEC_FILE_READ_ATTRIBUTE, + .in.file_attributes = FILE_ATTRIBUTE_NORMAL, + .in.share_access = NTCREATEX_SHARE_ACCESS_NONE, + .in.create_disposition = NTCREATEX_DISP_OPEN, + .in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS, + .in.fname = fname, + }; + + status = smb2_create(tree, tctx, &cr2); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "CREATE file failed\n"); + + cr3 = (struct smb2_create) { + .in.desired_access = SEC_FILE_READ_DATA, + .in.file_attributes = FILE_ATTRIBUTE_NORMAL, + .in.share_access = NTCREATEX_SHARE_ACCESS_MASK, + .in.create_disposition = NTCREATEX_DISP_OPEN, + .in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS, + .in.fname = fname, + }; + + status = smb2_create(tree, tctx, &cr3); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "CREATE file failed\n"); + +done: + smb2_util_close(tree, cr1.out.file.handle); + smb2_util_close(tree, cr2.out.file.handle); + smb2_util_close(tree, cr3.out.file.handle); + smb2_util_unlink(tree, fname); + return ret; +} + struct torture_suite *torture_smb2_sharemode_init(TALLOC_CTX *ctx) { struct torture_suite *suite = torture_suite_create(ctx, "sharemode"); @@ -633,6 +745,8 @@ struct torture_suite *torture_smb2_sharemode_init(TALLOC_CTX *ctx) test_smb2_sharemode_access); torture_suite_add_2smb2_test(suite, "access-sharemode", test_smb2_access_sharemode); + torture_suite_add_1smb2_test(suite, "bug14375", + test_smb2_bug14375); suite->description = talloc_strdup(suite, "SMB2-SHAREMODE tests"); -- Samba Shared Repository