The branch, v4-13-stable has been updated via 916472aebc9 VERSION: Disable GIT_SNAPSHOT for the 4.13.3 release. via 1648eed2470 WHATSNEW: Add release notes for Samba 4.13.3. via 670c33fe9cb vfs_zfsacl: add missing inherited flag on hidden "magic" everyone@ ACE via 67d42392a31 vfs_zfsacl: reformatting via e3d6d452118 s4/samba: call force_check_log_size() in standard_new_task() via db202fc3efc s4/samba: call force_check_log_size() in standard_accept_connection() via f89daf8d255 s4/samba: call force_check_log_size() in prefork_reload_after_fork() via 7258fc076ad s4: call reopen_logs_internal() in the SIGHUP handler of the prefork process model via fa2ea13ec04 s4: replace low-level SIGUP handler with a tevent handler via 504c6e03018 s4: install tevent tracing hooks to trigger logfile rotation via 69a8fb4f971 s4: add samba server tevent trace helper stuff via 80401025504 debug: detect logrotation by checking inode number via e7df21ac640 debug: pass struct debug_class *config to do_one_check_log_size() via 39efb02c6b4 debug: pass struct debug_class *config to reopen_one_log() via 99ea8cd6dfa loadparm: setup debug subsystem setting max_log_size from config via 54d3d3cbf49 s3: smbd: Quiet log messages from usershares for an unknown share. via f7490ec9d94 s3-libads: Pass timeout to open_socket_out in ms via 585c49f21f7 vfs_glusterfs: print exact cmdline for disabling write-behind translator via 587fa331f62 manpages/vfs_glusterfs: Mention silent skipping of write-behind translator via 2ea7b5c43e8 selftest: Remove samba3.blackbox.smbclient_tar from flapping tests via 8cec2732890 clitar: Use do_list()'s recursion in clitar.c via 2954051aa6d s3/script/tests: Ensure all remote test files are removed via 5f1772d94a3 s3/script/tests: call smbclient deltree to remove remote files via 257ce5ed541 s3/script/tests: Make smb_client 'die' behaviour configurable via a0ab7adfd78 s3/script/tests: Remove make_path (for remote dir) via c19198e8732 selftest: make samba3.blackbox.smbclient_tar runnable (even manually) via 53a91d6cdc0 s3/script/tests: Fix samba3.blackbox.smbclient_tarmode cleanup via 896d93091ab s3/script: Use smbclient deltree to clean up smbclient_tarmode subdir via 5908aebf364 s3/script/tests: Use tarmode share for samba3.blackbox.smbclient_tar* via 5143b487532 s3/script/test: Use different testdir for samba3.blackbox.smbclient_tarmode via 7fb13330380 selftest: Add a new tarmode shares via d67c3ea864b s3/script/tests: Fix 'Unrecognized option(s) passed to mkpath()' error via e9b2be96ebc Revert "vfs_ceph: drop fdopendir handler" via 441bf80265f smbclient: Fix recursive mget via 67364d982d9 test3: Add a test showing that smbclient recursive mget is broken via b4be2f994d1 smbclient: Slightly simplify do_mget() via ddb0d43f0ae smbclient: Remove the "abort_mget" variable via 8c82d0fd49b vfs_shadow_copy2: Preserve all open flags assuming ROFS via 7e9d27271db s3: spoolss: Make parameters in call to user_ok_token() match all other uses. via 61c8a44895e s3: smbd: Don't overwrite contents of fsp->aio_requests[0] with NULL via TALLOC_FREE(). via 68f19debb74 interface: fix if_index is not parsed correctly via 76f07c13cd6 s3: modules: gluster. Fix the error I made in preventing talloc leaks from a function. via c58689c9aad libcli: smb2: Never print length if smb2_signing_key_valid() fails for crypto blob. via 4337a6378db s3-vfs_glusterfs: always disable write-behind translator via 87b220530b2 VERSION: Bump version up to 4.13.3... from ffef4e947a6 VERSION: Disable GIT_SNAPSHOT for the 4.13.2 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-stable - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 75 +++++++++- docs-xml/manpages/vfs_glusterfs.8.xml | 9 ++ lib/param/loadparm.c | 1 + lib/util/debug.c | 63 ++++++--- libcli/smb/smb2_signing.c | 9 +- selftest/flapping | 1 - selftest/target/Samba3.pm | 11 ++ source3/client/client.c | 152 ++++++--------------- source3/client/clitar.c | 41 ++---- source3/lib/interface.c | 2 +- source3/libads/ldap.c | 4 +- source3/modules/vfs_ceph.c | 15 +- source3/modules/vfs_glusterfs.c | 47 +++++-- source3/modules/vfs_shadow_copy2.c | 4 +- source3/modules/vfs_zfsacl.c | 6 +- source3/param/loadparm.c | 10 ++ source3/rpc_server/spoolss/srv_spoolss_nt.c | 3 +- source3/script/tests/test_smbclient_mget.sh | 39 ++++++ source3/script/tests/test_smbclient_tarmode.pl | 62 +++++++-- source3/script/tests/test_smbclient_tarmode.sh | 29 ++-- source3/selftest/tests.py | 22 ++- source3/smbd/close.c | 14 +- source3/wscript | 3 + source4/smbd/process_prefork.c | 16 ++- source4/smbd/process_standard.c | 4 + source4/smbd/server.c | 46 +++++++ source4/smbd/server_util.c | 94 +++++++++++++ .../winbindd_ads.h => source4/smbd/server_util.h | 18 +-- source4/smbd/wscript_build | 9 +- 30 files changed, 580 insertions(+), 231 deletions(-) create mode 100755 source3/script/tests/test_smbclient_mget.sh create mode 100644 source4/smbd/server_util.c copy source3/winbindd/winbindd_ads.h => source4/smbd/server_util.h (67%) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 17232cb0574..3ffbca609ac 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ ######################################################## SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=13 -SAMBA_VERSION_RELEASE=2 +SAMBA_VERSION_RELEASE=3 ######################################################## # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index a3ce5cc3dd5..947fd89e3c3 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,74 @@ + ============================== + Release Notes for Samba 4.13.3 + December 15, 2020 + ============================== + + +This is the latest stable release of the Samba 4.13 release series. + + +Changes since 4.13.2 +-------------------- + +o Jeremy Allison <j...@samba.org> + * BUG 14210: libcli: smb2: Never print length if smb2_signing_key_valid() + fails for crypto blob. + * BUG 14486: s3: modules: gluster. Fix the error I made in preventing talloc + leaks from a function. + * BUG 14515: s3: smbd: Don't overwrite contents of fsp->aio_requests[0] with + NULL via TALLOC_FREE(). + * BUG 14568: s3: spoolss: Make parameters in call to user_ok_token() match + all other uses. + * BUG 14590: s3: smbd: Quiet log messages from usershares for an unknown + share. + +o Ralph Boehme <s...@samba.org> + * BUG 14248: samba process does not honor max log size. + * BUG 14587: vfs_zfsacl: Add missing inherited flag on hidden "magic" + everyone@ ACE. + +o Isaac Boukris <ibouk...@gmail.com> + * BUG 13124: s3-libads: Pass timeout to open_socket_out in ms. + +o Günther Deschner <g...@samba.org> + * BUG 14486: s3-vfs_glusterfs: Always disable write-behind translator. + +o Volker Lendecke <v...@samba.org> + * BUG 14517: smbclient: Fix recursive mget. + * BUG 14581: clitar: Use do_list()'s recursion in clitar.c. + +o Anoop C S <anoo...@samba.org> + * BUG 14486: manpages/vfs_glusterfs: Mention silent skipping of write-behind + translator. + * BUG 14573: vfs_shadow_copy2: Preserve all open flags assuming ROFS. + +o Jones Syue <joness...@qnap.com> + * BUG 14514: interface: Fix if_index is not parsed correctly. + + +####################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +Release notes for older releases follow: +---------------------------------------- + ============================== Release Notes for Samba 4.13.2 November 03, 2020 @@ -104,8 +175,8 @@ database (https://bugzilla.samba.org/). ====================================================================== -Release notes for older releases follow: ----------------------------------------- +---------------------------------------------------------------------- + ============================== Release Notes for Samba 4.13.1 diff --git a/docs-xml/manpages/vfs_glusterfs.8.xml b/docs-xml/manpages/vfs_glusterfs.8.xml index 7a4da1af919..d25135e14ac 100644 --- a/docs-xml/manpages/vfs_glusterfs.8.xml +++ b/docs-xml/manpages/vfs_glusterfs.8.xml @@ -179,7 +179,16 @@ translator and refuse to connect if detected. Please disable the write-behind translator for the GlusterFS volume to allow the plugin to connect to the volume. + The write-behind translator can easily be disabled via calling + <programlisting> + gluster volume set <volumename> performance.write-behind off + </programlisting> on the commandline. </para> + <para> + With GlusterFS versions >= 9, we silently bypass write-behind + translator during initial connect and failure is avoided. + </para> + </refsect1> diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c index e041f4fb01b..006caabc092 100644 --- a/lib/param/loadparm.c +++ b/lib/param/loadparm.c @@ -3190,6 +3190,7 @@ static bool lpcfg_update(struct loadparm_context *lp_ctx) settings.debug_pid = lp_ctx->globals->debug_pid; settings.debug_uid = lp_ctx->globals->debug_uid; settings.debug_class = lp_ctx->globals->debug_class; + settings.max_log_size = lp_ctx->globals->max_log_size; debug_set_settings(&settings, lp_ctx->globals->logging, lp_ctx->globals->syslog, lp_ctx->globals->syslog_only); diff --git a/lib/util/debug.c b/lib/util/debug.c index 08ffee35a1f..b19c739d4cd 100644 --- a/lib/util/debug.c +++ b/lib/util/debug.c @@ -113,6 +113,8 @@ struct debug_class { */ char *logfile; int fd; + /* inode number of the logfile to detect logfile rotation */ + ino_t ino; }; static const char *default_classname_table[] = { @@ -1082,14 +1084,17 @@ static void debug_callback_log(const char *msg, int msg_level) Fix from dgib...@linuxcare.com. **************************************************************************/ -static bool reopen_one_log(int *fd, const char *logfile) +static bool reopen_one_log(struct debug_class *config) { - int old_fd = *fd; + int old_fd = config->fd; + const char *logfile = config->logfile; + struct stat st; int new_fd; + int ret; if (logfile == NULL) { debug_close_fd(old_fd); - *fd = -1; + config->fd = -1; return true; } @@ -1104,8 +1109,18 @@ static bool reopen_one_log(int *fd, const char *logfile) debug_close_fd(old_fd); smb_set_close_on_exec(new_fd); - *fd = new_fd; + config->fd = new_fd; + ret = fstat(new_fd, &st); + if (ret != 0) { + log_overflow = true; + DBG_ERR("Unable to fstat() new log file '%s': %s\n", + logfile, strerror(errno)); + log_overflow = false; + return false; + } + + config->ino = st.st_ino; return true; } @@ -1164,8 +1179,7 @@ bool reopen_logs_internal(void) state.reopening_logs = true; for (i = DBGC_ALL; i < debug_num_classes; i++) { - ok = reopen_one_log(&dbgc_config[i].fd, - dbgc_config[i].logfile); + ok = reopen_one_log(&dbgc_config[i]); if (!ok) { break; } @@ -1249,51 +1263,62 @@ bool need_to_check_log_size(void) Check to see if the log has grown to be too big. **************************************************************************/ -static void do_one_check_log_size(off_t maxlog, int *_fd, const char *logfile) +static void do_one_check_log_size(off_t maxlog, struct debug_class *config) { - char name[strlen(logfile) + 5]; + char name[strlen(config->logfile) + 5]; struct stat st; - int fd = *_fd; int ret; + bool reopen = false; bool ok; if (maxlog == 0) { return; } - ret = fstat(fd, &st); + ret = stat(config->logfile, &st); if (ret != 0) { return; } - if (st.st_size < maxlog ) { + if (st.st_size >= maxlog ) { + reopen = true; + } + + if (st.st_ino != config->ino) { + reopen = true; + } + + if (!reopen) { return; } /* reopen_logs_internal() modifies *_fd */ (void)reopen_logs_internal(); - fd = *_fd; - if (fd <= 2) { + if (config->fd <= 2) { return; } - ret = fstat(fd, &st); + ret = fstat(config->fd, &st); if (ret != 0) { + config->ino = (ino_t)0; return; } + + config->ino = st.st_ino; + if (st.st_size < maxlog) { return; } - snprintf(name, sizeof(name), "%s.old", logfile); + snprintf(name, sizeof(name), "%s.old", config->logfile); - (void)rename(logfile, name); + (void)rename(config->logfile, name); ok = reopen_logs_internal(); if (ok) { return; } /* We failed to reopen a log - continue using the old name. */ - (void)rename(name, logfile); + (void)rename(name, config->logfile); } static void do_check_log_size(off_t maxlog) @@ -1307,9 +1332,7 @@ static void do_check_log_size(off_t maxlog) if (dbgc_config[i].logfile == NULL) { continue; } - do_one_check_log_size(maxlog, - &dbgc_config[i].fd, - dbgc_config[i].logfile); + do_one_check_log_size(maxlog, &dbgc_config[i]); } } diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c index 623fc23fb18..cc03607d789 100644 --- a/libcli/smb/smb2_signing.c +++ b/libcli/smb/smb2_signing.c @@ -92,8 +92,7 @@ NTSTATUS smb2_signing_sign_pdu(struct smb2_signing_key *signing_key, } if (!smb2_signing_key_valid(signing_key)) { - DBG_WARNING("Wrong session key length %zu for SMB2 signing\n", - signing_key->blob.length); + DBG_WARNING("No signing key for SMB2 signing\n"); return NT_STATUS_ACCESS_DENIED; } @@ -416,8 +415,7 @@ NTSTATUS smb2_signing_encrypt_pdu(struct smb2_signing_key *encryption_key, tf = (uint8_t *)vector[0].iov_base; if (!smb2_signing_key_valid(encryption_key)) { - DBG_WARNING("Wrong encryption key length %zu for SMB2 signing\n", - encryption_key->blob.length); + DBG_WARNING("No encryption key for SMB2 signing\n"); return NT_STATUS_ACCESS_DENIED; } @@ -613,8 +611,7 @@ NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key *decryption_key, tf = (uint8_t *)vector[0].iov_base; if (!smb2_signing_key_valid(decryption_key)) { - DBG_WARNING("Wrong decryption key length %zu for SMB2 signing\n", - decryption_key->blob.length); + DBG_WARNING("No decryption key for SMB2 signing\n"); return NT_STATUS_ACCESS_DENIED; } diff --git a/selftest/flapping b/selftest/flapping index c9f0adbf1bd..8c3f9e8969a 100644 --- a/selftest/flapping +++ b/selftest/flapping @@ -31,6 +31,5 @@ # This test just is not reliable in finding the max search limit # ^samba4.ldap.notification.python\(.*\).__main__.LDAPNotificationTest.test_max_search -^samba3.blackbox.smbclient_tar.* # fails very, very often on sn-devel ^samba3.blackbox.smbclient_s3.*.sending a message to the remote server # flakey on sn-devel-104 and sn-devel-144 ^samba3.blackbox.smbclient_s3.*.creating a good symlink and deleting it by path # flakey on sn-devel-104 and sn-devel-144 diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index 0a8cefa811d..e141f102ef1 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -1334,6 +1334,9 @@ sub setup_fileserver my $tarmode_sharedir="$share_dir/tarmode"; push(@dirs,$tarmode_sharedir); + my $tarmode2_sharedir="$share_dir/tarmode2"; + push(@dirs,$tarmode2_sharedir); + my $smbcacls_sharedir="$share_dir/smbcacls"; push(@dirs,$smbcacls_sharedir); @@ -1362,6 +1365,14 @@ sub setup_fileserver get quota command = $prefix_abs/getset_quota.py set quota command = $prefix_abs/getset_quota.py +[tarmode] + path = $tarmode_sharedir + comment = tar test share + xattr_tdb:file = $prefix_abs/tarmode-xattr.tdb +[tarmode2] + path = $tarmode2_sharedir + comment = tar test share + xattr_tdb:file = $prefix_abs/tarmode2-xattr.tdb [spotlight] path = $share_dir spotlight = yes diff --git a/source3/client/client.c b/source3/client/client.c index f65293849d0..8c7ceb644aa 100644 --- a/source3/client/client.c +++ b/source3/client/client.c @@ -87,8 +87,6 @@ static char dest_ss_str[INET6_ADDRSTRLEN]; #define SEPARATORS " \t\n\r" -static bool abort_mget = true; - /* timing globals */ uint64_t get_total_size = 0; unsigned int get_total_time_ms = 0; @@ -1203,12 +1201,10 @@ static NTSTATUS do_mget(struct cli_state *cli_state, struct file_info *finfo, const char *dir) { TALLOC_CTX *ctx = talloc_tos(); - NTSTATUS status = NT_STATUS_OK; - char *rname = NULL; - char *quest = NULL; - char *saved_curdir = NULL; - char *mget_mask = NULL; - char *new_cd = NULL; + const char *client_cwd = NULL; + size_t client_cwd_len; + char *path = NULL; + char *local_path = NULL; if (!finfo->name) { return NT_STATUS_OK; @@ -1217,121 +1213,63 @@ static NTSTATUS do_mget(struct cli_state *cli_state, struct file_info *finfo, if (strequal(finfo->name,".") || strequal(finfo->name,"..")) return NT_STATUS_OK; - if (abort_mget) { - d_printf("mget aborted\n"); - return NT_STATUS_UNSUCCESSFUL; - } - - if (finfo->attr & FILE_ATTRIBUTE_DIRECTORY) { - if (asprintf(&quest, - "Get directory %s? ",finfo->name) < 0) { - return NT_STATUS_NO_MEMORY; - } - } else { - if (asprintf(&quest, - "Get file %s? ",finfo->name) < 0) { - return NT_STATUS_NO_MEMORY; - } - } - - if (prompt && !yesno(quest)) { - SAFE_FREE(quest); + if ((finfo->attr & FILE_ATTRIBUTE_DIRECTORY) && !recurse) { return NT_STATUS_OK; } - SAFE_FREE(quest); - if (!(finfo->attr & FILE_ATTRIBUTE_DIRECTORY)) { - rname = talloc_asprintf(ctx, - "%s%s", - client_get_cur_dir(), - finfo->name); - if (!rname) { + if (prompt) { + const char *object = (finfo->attr & FILE_ATTRIBUTE_DIRECTORY) ? + "directory" : "file"; + char *quest = NULL; + bool ok; + + quest = talloc_asprintf( + ctx, "Get %s %s? ", object, finfo->name); + if (quest == NULL) { return NT_STATUS_NO_MEMORY; } - rname = client_clean_name(ctx, rname); - if (rname == NULL) { - return NT_STATUS_NO_MEMORY; + + ok = yesno(quest); + TALLOC_FREE(quest); + if (!ok) { + return NT_STATUS_OK; } - do_get(rname, finfo->name, false); - TALLOC_FREE(rname); - return NT_STATUS_OK; } - /* handle directories */ - saved_curdir = talloc_strdup(ctx, client_get_cur_dir()); - if (!saved_curdir) { + path = talloc_asprintf( + ctx, "%s%c%s", dir, CLI_DIRSEP_CHAR, finfo->name); + if (path == NULL) { return NT_STATUS_NO_MEMORY; } - - new_cd = talloc_asprintf(ctx, - "%s%s%s", - client_get_cur_dir(), - finfo->name, - CLI_DIRSEP_STR); - if (!new_cd) { + path = client_clean_name(ctx, path); + if (path == NULL) { return NT_STATUS_NO_MEMORY; } - new_cd = client_clean_name(ctx, new_cd); - if (new_cd == NULL) { - return NT_STATUS_NO_MEMORY; - } - client_set_cur_dir(new_cd); - - string_replace(finfo->name,'\\','/'); - if (lowercase) { - if (!strlower_m(finfo->name)) { - return NT_STATUS_INVALID_PARAMETER; - } - } - if (!directory_exist(finfo->name) && - mkdir(finfo->name,0777) != 0) { - d_printf("failed to create directory %s\n",finfo->name); - client_set_cur_dir(saved_curdir); - return map_nt_error_from_unix(errno); - } - - if (chdir(finfo->name) != 0) { - d_printf("failed to chdir to directory %s\n",finfo->name); - client_set_cur_dir(saved_curdir); - return map_nt_error_from_unix(errno); - } - - mget_mask = talloc_asprintf(ctx, - "%s*", - client_get_cur_dir()); + /* + * Skip the path prefix if we've done a remote "cd" when + * creating the local path + */ -- Samba Shared Repository