The branch, master has been updated
via bf04ca5658d s3/locking: prime flags in a fresh sharemode data object
via 59f55aa083c smbd: fix for bug 14375
via 3f37008edaa smbd: make conflicting_access available to other
functions
via 2ace545a637 s4/torture: reproducer for bug 14375
via c83ef1d9057 selftest: split a knownfail entry
from 6b17dcfd263 winbind.service: drop quotes from $WINBINDOPTIONS
variable
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit bf04ca5658dcf7d7cdf5f718eec0e5e21f9a0d64
Author: Ralph Boehme <s...@samba.org>
Date: Mon May 11 11:35:04 2020 +0200
s3/locking: prime flags in a fresh sharemode data object
This is needed to prime the logic in share_mode_flags_restrict() for the
following scenario:
* (First) CREATE on a file with FILE_SHARE_NONE and
access_mask=FILE_READ_ATTRIBUTES (a stat-open).
* share_mode_flags_restrict() gets called with
share_mode_flags_restrict(flags=0,
access_mask=0x80,
share_mode=0,
lease_type=UINT32_MAX)
and returns a value where none of the FILE_SHARE_* flags is set.
As a result share_mode_data.flags doesn't reflect the share-modes in effect.
This doesn't change any current visible behaviour outside of
open_mode_check(),
but it avoids calling share_mode_forall_entries() in open_mode_check_fn().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14375
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Volker Lendecke <v...@samba.org>
Autobuild-User(master): Ralph Böhme <s...@samba.org>
Autobuild-Date(master): Tue May 12 19:52:48 UTC 2020 on sn-devel-184
commit 59f55aa083ce2d87ad6f43dc941f725c79c8ec59
Author: Ralph Boehme <s...@samba.org>
Date: Sat May 9 15:13:54 2020 +0200
smbd: fix for bug 14375
... with many thanks to an enthusiastic Samba user from Poland for helping
to
track this down.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14375
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Volker Lendecke <v...@samba.org>
commit 3f37008edaa31c3bc8c9b291dc1af00550ce4f9a
Author: Ralph Boehme <s...@samba.org>
Date: Mon May 11 13:42:39 2020 +0200
smbd: make conflicting_access available to other functions
The next commit adds more users of conflicting_access.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14375
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Volker Lendecke <v...@samba.org>
commit 2ace545a6378970ca3d8a1a30d4c7da66aaa9721
Author: Ralph Boehme <s...@samba.org>
Date: Sat May 9 15:29:15 2020 +0200
s4/torture: reproducer for bug 14375
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14375
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Volker Lendecke <v...@samba.org>
commit c83ef1d90573fdc9db3d0acbc1335a5b2325f5c5
Author: Ralph Boehme <s...@samba.org>
Date: Mon May 11 15:56:58 2020 +0200
selftest: split a knownfail entry
Lists the two existing subtests indidivually in preparation of adding a
third
that is going to pass against ad_dc_ntvfs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14375
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Volker Lendecke <v...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
selftest/knownfail | 3 +-
source3/locking/share_mode_lock.c | 3 +
source3/smbd/open.c | 22 +++++---
source4/torture/smb2/sharemode.c | 114 ++++++++++++++++++++++++++++++++++++++
4 files changed, 133 insertions(+), 9 deletions(-)
Changeset truncated at 500 lines:
diff --git a/selftest/knownfail b/selftest/knownfail
index 6394a2957c3..57a4d93a37d 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -175,7 +175,8 @@
^samba4.smb2.getinfo.qfs_buffercheck # S4 does not do the
INFO_LENGTH_MISMATCH/BUFFER_OVERFLOW thingy
^samba4.smb2.getinfo.qfile_buffercheck # S4 does not do the
INFO_LENGTH_MISMATCH/BUFFER_OVERFLOW thingy
^samba4.smb2.getinfo.qsec_buffercheck # S4 does not do the BUFFER_TOO_SMALL
thingy
-^samba4.smb2.sharemode
+^samba4.smb2.sharemode.sharemode-access
+^samba4.smb2.sharemode.access-sharemode
^samba4.ntvfs.cifs.krb5.base.createx_access.createx_access\(.*\)$
^samba4.rpc.lsa.forest.trust #Not fully provided by Samba4
^samba4.blackbox.upgradeprovision.alpha13.ldapcmp_sd\(none\) # Due to
something rewriting the NT ACL on DNS objects
diff --git a/source3/locking/share_mode_lock.c
b/source3/locking/share_mode_lock.c
index de59b8d2545..ff77f12d1f7 100644
--- a/source3/locking/share_mode_lock.c
+++ b/source3/locking/share_mode_lock.c
@@ -530,6 +530,9 @@ static struct share_mode_data *fresh_share_mode_lock(
goto fail;
}
d->old_write_time = full_timespec_to_nt_time(old_write_time);
+ d->flags = SHARE_MODE_SHARE_DELETE |
+ SHARE_MODE_SHARE_WRITE |
+ SHARE_MODE_SHARE_READ;
d->modified = false;
d->fresh = true;
return d;
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index b6a326531aa..cc71cce4df4 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -1493,17 +1493,18 @@ static bool mask_conflict(
Returns True if conflict, False if not.
****************************************************************************/
+static const uint32_t conflicting_access =
+ FILE_WRITE_DATA|
+ FILE_APPEND_DATA|
+ FILE_READ_DATA|
+ FILE_EXECUTE|
+ DELETE_ACCESS;
+
static bool share_conflict(uint32_t e_access_mask,
uint32_t e_share_access,
uint32_t access_mask,
uint32_t share_access)
{
- const uint32_t conflicting_access =
- FILE_WRITE_DATA|
- FILE_APPEND_DATA|
- FILE_READ_DATA|
- FILE_EXECUTE|
- DELETE_ACCESS;
bool conflict;
DBG_DEBUG("existing access_mask = 0x%"PRIx32", "
@@ -1754,7 +1755,9 @@ static uint16_t share_mode_flags_restrict(
&existing_lease_type);
existing_access_mask |= access_mask;
- existing_share_mode &= share_mode;
+ if (access_mask & conflicting_access) {
+ existing_share_mode &= share_mode;
+ }
existing_lease_type |= lease_type;
ret = share_mode_flags_set(
@@ -1793,7 +1796,10 @@ static bool open_mode_check_fn(
}
access_mask = state->access_mask | e->access_mask;
- share_access = state->share_access & e->share_access;
+ share_access = state->share_access;
+ if (e->access_mask & conflicting_access) {
+ share_access &= e->share_access;
+ }
lease_type = state->lease_type | get_lease_type(e, state->fid);
if ((access_mask == state->access_mask) &&
diff --git a/source4/torture/smb2/sharemode.c b/source4/torture/smb2/sharemode.c
index 6a581cd60ab..87f2f852c1c 100644
--- a/source4/torture/smb2/sharemode.c
+++ b/source4/torture/smb2/sharemode.c
@@ -625,6 +625,118 @@ done:
return ret;
}
+/*
+ * Test initial stat open with share nothing doesn't trigger SHARING_VIOLTION
+ * errors.
+ */
+static bool test_smb2_bug14375(struct torture_context *tctx,
+ struct smb2_tree *tree)
+{
+ const char *fname = "test_bug14375";
+ struct smb2_create cr1;
+ struct smb2_create cr2;
+ struct smb2_create cr3;
+ NTSTATUS status;
+ bool ret = true;
+
+ smb2_util_unlink(tree, fname);
+
+ cr1 = (struct smb2_create) {
+ .in.desired_access = SEC_FILE_READ_ATTRIBUTE,
+ .in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+ .in.share_access = NTCREATEX_SHARE_ACCESS_NONE,
+ .in.create_disposition = NTCREATEX_DISP_CREATE,
+ .in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS,
+ .in.fname = fname,
+ };
+
+ status = smb2_create(tree, tctx, &cr1);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "CREATE file failed\n");
+
+ cr2 = (struct smb2_create) {
+ .in.desired_access = SEC_FILE_READ_DATA,
+ .in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+ .in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+ .in.create_disposition = NTCREATEX_DISP_OPEN,
+ .in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS,
+ .in.fname = fname,
+ };
+
+ status = smb2_create(tree, tctx, &cr2);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "CREATE file failed\n");
+
+ cr3 = (struct smb2_create) {
+ .in.desired_access = SEC_FILE_READ_DATA,
+ .in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+ .in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+ .in.create_disposition = NTCREATEX_DISP_OPEN,
+ .in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS,
+ .in.fname = fname,
+ };
+
+ status = smb2_create(tree, tctx, &cr3);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "CREATE file failed\n");
+
+ status = smb2_util_close(tree, cr1.out.file.handle);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "CLOSE file failed\n");
+ status = smb2_util_close(tree, cr2.out.file.handle);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "CLOSE file failed\n");
+ status = smb2_util_close(tree, cr3.out.file.handle);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "CLOSE file failed\n");
+
+ cr1 = (struct smb2_create) {
+ .in.desired_access = SEC_FILE_READ_DATA,
+ .in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+ .in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+ .in.create_disposition = NTCREATEX_DISP_OPEN,
+ .in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS,
+ .in.fname = fname,
+ };
+
+ status = smb2_create(tree, tctx, &cr1);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "CREATE file failed\n");
+
+ cr2 = (struct smb2_create) {
+ .in.desired_access = SEC_FILE_READ_ATTRIBUTE,
+ .in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+ .in.share_access = NTCREATEX_SHARE_ACCESS_NONE,
+ .in.create_disposition = NTCREATEX_DISP_OPEN,
+ .in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS,
+ .in.fname = fname,
+ };
+
+ status = smb2_create(tree, tctx, &cr2);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "CREATE file failed\n");
+
+ cr3 = (struct smb2_create) {
+ .in.desired_access = SEC_FILE_READ_DATA,
+ .in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+ .in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+ .in.create_disposition = NTCREATEX_DISP_OPEN,
+ .in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS,
+ .in.fname = fname,
+ };
+
+ status = smb2_create(tree, tctx, &cr3);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "CREATE file failed\n");
+
+done:
+ smb2_util_close(tree, cr1.out.file.handle);
+ smb2_util_close(tree, cr2.out.file.handle);
+ smb2_util_close(tree, cr3.out.file.handle);
+ smb2_util_unlink(tree, fname);
+ return ret;
+}
+
struct torture_suite *torture_smb2_sharemode_init(TALLOC_CTX *ctx)
{
struct torture_suite *suite = torture_suite_create(ctx, "sharemode");
@@ -633,6 +745,8 @@ struct torture_suite
*torture_smb2_sharemode_init(TALLOC_CTX *ctx)
test_smb2_sharemode_access);
torture_suite_add_2smb2_test(suite, "access-sharemode",
test_smb2_access_sharemode);
+ torture_suite_add_1smb2_test(suite, "bug14375",
+ test_smb2_bug14375);
suite->description = talloc_strdup(suite, "SMB2-SHAREMODE tests");
--
Samba Shared Repository
