The branch, v4-20-test has been updated
via fc318c63e55 auth/credentials: don't ignore "client use kerberos"
and --use-kerberos for machine accounts
via 212b014679f auth/credentials: add tests for
cli_credentials_get_kerberos_state[_obtained]()
via 46ebf66fe96 auth/credentials: add
cli_credentials_get_kerberos_state_obtained() helper
via cccd9c95c8b testprogs/blackbox: add test_ldap_token.sh to test
"client use kerberos" and --use-kerberos
via 694605f52a4 testprogs/blackbox: let test_trust_token.sh check for
S-1-18-1 with kerberos
via 7d69ec93e31 vfs_recycle: remember resolved config->repository in
vfs_recycle_connect()
via f464a85c129 Revert "TMP-REPRODUCE: vfs_recycle: demonstrate memory
corruption in recycle_unlink_internal()"
via 64d7108cddb vfs_recycle: fix memory hierarchy
via 4bb5f8a92aa vfs_recycle: use the correct return in
SMB_VFS_HANDLE_GET_DATA()
via a5d5d83c492 vfs_recycle: use a talloc_stackframe() in
recycle_unlink_internal()
via 69b9c140527 vfs_recycle: directly allocate
smb_fname_final->base_name
via db098ff1aad vfs_recycle: don't unlink on allocation failure
via cf22968a8a1 TMP-REPRODUCE: vfs_recycle: demonstrate memory
corruption in recycle_unlink_internal()
via 7d277c424fc test_recycle.sh: make sure we don't see panics on the
log files
via b3ce5a86489 vfs_default: also call vfs_offload_token_ctx_init in
vfswrap_offload_write_send
via d7e0b5933fa s4:torture/smb2: add smb2.ioctl.copy_chunk_bug15644
from 5b90acbef15 s3/smbd: fix nested chdir into msdfs links on
(widelinks = yes) share
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test
- Log -----------------------------------------------------------------
commit fc318c63e5556e940ee846e63ebbc1ca5a39c945
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Jun 18 20:28:25 2024 +0200
auth/credentials: don't ignore "client use kerberos" and --use-kerberos for
machine accounts
We only turn desired into off in the NT4 domain member case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15666
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
Autobuild-User(master): Stefan Metzmacher <me...@samba.org>
Autobuild-Date(master): Wed Jun 19 10:17:28 UTC 2024 on atb-devel-224
(cherry picked from commit 5b40cdf6e8885c9db6c5ffa972112f3516e4130a)
Autobuild-User(v4-20-test): Jule Anger <jan...@samba.org>
Autobuild-Date(v4-20-test): Wed Jun 19 14:07:17 UTC 2024 on atb-devel-224
commit 212b014679f17808c20015ee6852ffbd5f4b847f
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Jun 18 19:02:05 2024 +0200
auth/credentials: add tests for
cli_credentials_get_kerberos_state[_obtained]()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15666
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
(cherry picked from commit eeb60574b6bf1a5209b85a8af843b93300550ba7)
commit 46ebf66fe965ba361325877364b65c69b781484a
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Jun 18 18:53:48 2024 +0200
auth/credentials: add cli_credentials_get_kerberos_state_obtained() helper
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15666
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
(cherry picked from commit c715ac5e496ddde119212d3b880ff0e68c2da67b)
commit cccd9c95c8bbbde16f3251081ea2c3a1fc3b2ac3
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Jun 18 19:34:30 2024 +0200
testprogs/blackbox: add test_ldap_token.sh to test "client use kerberos"
and --use-kerberos
This shows that they are ignored for machine accounts as domain member.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15666
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
(cherry picked from commit db2c576f329675e8d66e19c336fe04ccba918b4a)
commit 694605f52a45ae31e2607895fff2ae60f9f64595
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Jun 18 19:11:09 2024 +0200
testprogs/blackbox: let test_trust_token.sh check for S-1-18-1 with kerberos
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15666
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
(cherry picked from commit cda8beea45303a77080c64bb2391d22c59672deb)
commit 7d69ec93e3178105ee02aae24d056d65d2d70358
Author: Stefan Metzmacher <me...@samba.org>
Date: Fri Jun 14 10:07:02 2024 +0200
vfs_recycle: remember resolved config->repository in vfs_recycle_connect()
This should not change during the lifetime of the tcon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15659
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Martin Schwenke <mar...@meltin.net>
Reviewed-by: Noel Power <noel.po...@suse.com>
Reviewed-by: Volker Lendecke <v...@samba.org>
(cherry picked from commit 53b72ea4d25d4aa6cf8de1c7555456d4cc03b809)
commit f464a85c12968c0791714af68c7d3a044e81adc6
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Jun 18 14:18:17 2024 +0200
Revert "TMP-REPRODUCE: vfs_recycle: demonstrate memory corruption in
recycle_unlink_internal()"
This was only added to demonstrate the problem more reliable.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15659
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Martin Schwenke <mar...@meltin.net>
Reviewed-by: Noel Power <noel.po...@suse.com>
Reviewed-by: Volker Lendecke <v...@samba.org>
(cherry picked from commit c229a84b449b8ba326ee0f6f702d91f101b99ee4)
commit 64d7108cddb64d60afaf52dd0fc74d127e6c0b94
Author: Stefan Metzmacher <me...@samba.org>
Date: Fri Jun 14 10:07:02 2024 +0200
vfs_recycle: fix memory hierarchy
If the configuration is reloaded strings and string lists
in recycle_config_data could become stale pointers
leading to segmentation faults...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15659
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Martin Schwenke <mar...@meltin.net>
Reviewed-by: Noel Power <noel.po...@suse.com>
Reviewed-by: Volker Lendecke <v...@samba.org>
(cherry picked from commit 2175856fef17964cef7cf8618b39736168219eec)
commit 4bb5f8a92aa34cf7d65fbc9518a2b8b94a98fec8
Author: Stefan Metzmacher <me...@samba.org>
Date: Fri Jun 14 10:07:02 2024 +0200
vfs_recycle: use the correct return in SMB_VFS_HANDLE_GET_DATA()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15659
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Martin Schwenke <mar...@meltin.net>
Reviewed-by: Noel Power <noel.po...@suse.com>
Reviewed-by: Volker Lendecke <v...@samba.org>
(cherry picked from commit b38241da3dd73386c4f41a56d95d33d4e1e3d2de)
commit a5d5d83c4923ff860a1463a65057859bfdf61db0
Author: Stefan Metzmacher <me...@samba.org>
Date: Fri Jun 14 10:07:02 2024 +0200
vfs_recycle: use a talloc_stackframe() in recycle_unlink_internal()
That makes the cleanup more clear...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15659
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Martin Schwenke <mar...@meltin.net>
Reviewed-by: Noel Power <noel.po...@suse.com>
Reviewed-by: Volker Lendecke <v...@samba.org>
(cherry picked from commit cf7a6b521ac0bb903dabbd1af208d1af4fbe9a8b)
commit 69b9c140527c930b6632e7201a6f83a3e8f664f1
Author: Stefan Metzmacher <me...@samba.org>
Date: Fri Jun 14 10:07:02 2024 +0200
vfs_recycle: directly allocate smb_fname_final->base_name
We can use talloc_asprintf() instead of asprintf() followed
by talloc_strdup().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15659
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Martin Schwenke <mar...@meltin.net>
Reviewed-by: Noel Power <noel.po...@suse.com>
Reviewed-by: Volker Lendecke <v...@samba.org>
(cherry picked from commit 220b0e977e2e25f2033cfd62c17d998c750992fc)
commit db098ff1aadb84d69ef32c981458a7b2c72e8a0a
Author: Stefan Metzmacher <me...@samba.org>
Date: Fri Jun 14 10:07:02 2024 +0200
vfs_recycle: don't unlink on allocation failure
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15659
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Martin Schwenke <mar...@meltin.net>
Reviewed-by: Noel Power <noel.po...@suse.com>
Reviewed-by: Volker Lendecke <v...@samba.org>
(cherry picked from commit 691564f6ca7d206939558b8e69b5fb86a3e68650)
commit cf22968a8a12151fcb294c164e0e3f6fc0015690
Author: Stefan Metzmacher <me...@samba.org>
Date: Fri Jun 14 13:40:35 2024 +0200
TMP-REPRODUCE: vfs_recycle: demonstrate memory corruption in
recycle_unlink_internal()
Forcing a reload of the smb.conf option values means the pointer learned
in vfs_recycle_connect() become stale.
This will be reverted at the end of the patset again.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15659
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Martin Schwenke <mar...@meltin.net>
Reviewed-by: Noel Power <noel.po...@suse.com>
Reviewed-by: Volker Lendecke <v...@samba.org>
(cherry picked from commit 6467c47cbe562e99e970dbb895e1068f54e6295b)
commit 7d277c424fc14b5b43c63cb100705ae0fcc99994
Author: Stefan Metzmacher <me...@samba.org>
Date: Fri Jun 14 13:40:35 2024 +0200
test_recycle.sh: make sure we don't see panics on the log files
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15659
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Martin Schwenke <mar...@meltin.net>
Reviewed-by: Noel Power <noel.po...@suse.com>
Reviewed-by: Volker Lendecke <v...@samba.org>
(cherry picked from commit 2916b6096e16fb44d659b7e60d3f3a569d037279)
commit b3ce5a86489e53ab6874ef52cfde79be3bff249b
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Jun 17 10:41:53 2024 +0200
vfs_default: also call vfs_offload_token_ctx_init in
vfswrap_offload_write_send
If a client for whatever reason calls FSCTL_SRV_COPYCHUNK[_WRITE] without
FSCTL_SRV_REQUEST_RESUME_KEY, we call vfswrap_offload_write_send
before vfswrap_offload_read_send.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15664
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Noel Power <noel.po...@suse.com>
Autobuild-User(master): Stefan Metzmacher <me...@samba.org>
Autobuild-Date(master): Mon Jun 17 18:02:27 UTC 2024 on atb-devel-224
(cherry picked from commit 462b74da79c51f9ba6dbd24e603aa904485d5123)
commit d7e0b5933fa4a76f004ef62fa55b260cbb825e80
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Jun 17 11:18:07 2024 +0200
s4:torture/smb2: add smb2.ioctl.copy_chunk_bug15644
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15664
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Noel Power <noel.po...@suse.com>
(cherry picked from commit 372476aeb003e9c608cd2c0a78a9c577b57ba8f4)
-----------------------------------------------------------------------
Summary of changes:
auth/credentials/credentials.c | 5 +
auth/credentials/credentials.h | 1 +
auth/credentials/credentials_secrets.c | 31 ++++--
auth/credentials/tests/test_creds.c | 37 +++++--
source3/modules/vfs_default.c | 6 ++
source3/modules/vfs_recycle.c | 176 ++++++++++++++++++++-------------
source3/script/tests/test_recycle.sh | 5 +
source4/selftest/tests.py | 5 +
source4/torture/smb2/ioctl.c | 64 ++++++++++++
testprogs/blackbox/test_ldap_token.sh | 115 +++++++++++++++++++++
testprogs/blackbox/test_trust_token.sh | 5 +-
11 files changed, 363 insertions(+), 87 deletions(-)
create mode 100755 testprogs/blackbox/test_ldap_token.sh
Changeset truncated at 500 lines:
diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index 20ab858e67b..e563be34399 100644
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -146,6 +146,11 @@ _PUBLIC_ enum credentials_use_kerberos
cli_credentials_get_kerberos_state(struct
return creds->kerberos_state;
}
+_PUBLIC_ enum credentials_obtained
cli_credentials_get_kerberos_state_obtained(struct cli_credentials *creds)
+{
+ return creds->kerberos_state_obtained;
+}
+
_PUBLIC_ const char *cli_credentials_get_forced_sasl_mech(struct
cli_credentials *creds)
{
return creds->forced_sasl_mech;
diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h
index 341c984f60c..16eddccec57 100644
--- a/auth/credentials/credentials.h
+++ b/auth/credentials/credentials.h
@@ -267,6 +267,7 @@ const char
*cli_credentials_get_impersonate_principal(struct cli_credentials *cr
const char *cli_credentials_get_self_service(struct cli_credentials *cred);
const char *cli_credentials_get_target_service(struct cli_credentials *cred);
enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct
cli_credentials *creds);
+enum credentials_obtained cli_credentials_get_kerberos_state_obtained(struct
cli_credentials *creds);
const char *cli_credentials_get_forced_sasl_mech(struct cli_credentials *cred);
enum credentials_krb_forwardable cli_credentials_get_krb_forwardable(struct
cli_credentials *creds);
NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
diff --git a/auth/credentials/credentials_secrets.c
b/auth/credentials/credentials_secrets.c
index 8469d6e116f..906f3ff1a21 100644
--- a/auth/credentials/credentials_secrets.c
+++ b/auth/credentials/credentials_secrets.c
@@ -370,13 +370,17 @@ _PUBLIC_ NTSTATUS
cli_credentials_set_machine_account_db_ctx(struct cli_credenti
}
if (secrets_tdb_password_more_recent) {
- enum credentials_use_kerberos use_kerberos =
- CRED_USE_KERBEROS_DISABLED;
char *machine_account = talloc_asprintf(tmp_ctx, "%s$",
lpcfg_netbios_name(lp_ctx));
cli_credentials_set_password(cred, secrets_tdb_password,
CRED_SPECIFIED);
cli_credentials_set_old_password(cred,
secrets_tdb_old_password, CRED_SPECIFIED);
cli_credentials_set_domain(cred, domain, CRED_SPECIFIED);
if (strequal(domain, lpcfg_workgroup(lp_ctx))) {
+ enum credentials_use_kerberos use_kerberos =
+ cli_credentials_get_kerberos_state(cred);
+ enum credentials_obtained use_kerberos_obtained =
+
cli_credentials_get_kerberos_state_obtained(cred);
+ bool is_ad = false;
+
cli_credentials_set_realm(cred, lpcfg_realm(lp_ctx),
CRED_SPECIFIED);
switch (server_role) {
@@ -388,13 +392,28 @@ _PUBLIC_ NTSTATUS
cli_credentials_set_machine_account_db_ctx(struct cli_credenti
FALL_THROUGH;
case ROLE_ACTIVE_DIRECTORY_DC:
case ROLE_IPA_DC:
- use_kerberos = CRED_USE_KERBEROS_DESIRED;
+ is_ad = true;
break;
}
+
+ if (use_kerberos != CRED_USE_KERBEROS_DESIRED || is_ad)
{
+ /*
+ * Keep an explicit selection
+ *
+ * For AD domains we also keep
+ * CRED_USE_KERBEROS_DESIRED
+ */
+ } else if (use_kerberos_obtained <= CRED_SMB_CONF) {
+ /*
+ * Disable kerberos by default within
+ * an NT4 domain.
+ */
+ cli_credentials_set_kerberos_state(cred,
+ CRED_USE_KERBEROS_DISABLED,
+ CRED_SMB_CONF);
+ }
}
- cli_credentials_set_kerberos_state(cred,
- use_kerberos,
- CRED_SPECIFIED);
+
cli_credentials_set_username(cred, machine_account,
CRED_SPECIFIED);
cli_credentials_set_password_last_changed_time(cred,
secrets_tdb_lct);
cli_credentials_set_secure_channel_type(cred,
secrets_tdb_secure_channel_type);
diff --git a/auth/credentials/tests/test_creds.c
b/auth/credentials/tests/test_creds.c
index 2cb2e6d0e34..e79f08982ad 100644
--- a/auth/credentials/tests/test_creds.c
+++ b/auth/credentials/tests/test_creds.c
@@ -227,6 +227,8 @@ static void torture_creds_krb5_state(void **state)
TALLOC_CTX *mem_ctx = *state;
struct cli_credentials *creds = NULL;
struct loadparm_context *lp_ctx = NULL;
+ enum credentials_obtained kerberos_state_obtained;
+ enum credentials_use_kerberos kerberos_state;
bool ok;
lp_ctx = loadparm_init_global(true);
@@ -234,18 +236,27 @@ static void torture_creds_krb5_state(void **state)
creds = cli_credentials_init(mem_ctx);
assert_non_null(creds);
- assert_int_equal(creds->kerberos_state_obtained, CRED_UNINITIALISED);
- assert_int_equal(creds->kerberos_state, CRED_USE_KERBEROS_DESIRED);
+ kerberos_state_obtained =
+ cli_credentials_get_kerberos_state_obtained(creds);
+ kerberos_state = cli_credentials_get_kerberos_state(creds);
+ assert_int_equal(kerberos_state_obtained, CRED_UNINITIALISED);
+ assert_int_equal(kerberos_state, CRED_USE_KERBEROS_DESIRED);
ok = cli_credentials_set_conf(creds, lp_ctx);
assert_true(ok);
- assert_int_equal(creds->kerberos_state_obtained, CRED_SMB_CONF);
- assert_int_equal(creds->kerberos_state, CRED_USE_KERBEROS_DESIRED);
+ kerberos_state_obtained =
+ cli_credentials_get_kerberos_state_obtained(creds);
+ kerberos_state = cli_credentials_get_kerberos_state(creds);
+ assert_int_equal(kerberos_state_obtained, CRED_SMB_CONF);
+ assert_int_equal(kerberos_state, CRED_USE_KERBEROS_DESIRED);
ok = cli_credentials_guess(creds, lp_ctx);
assert_true(ok);
- assert_int_equal(creds->kerberos_state_obtained, CRED_SMB_CONF);
- assert_int_equal(creds->kerberos_state, CRED_USE_KERBEROS_DESIRED);
+ kerberos_state_obtained =
+ cli_credentials_get_kerberos_state_obtained(creds);
+ kerberos_state = cli_credentials_get_kerberos_state(creds);
+ assert_int_equal(kerberos_state_obtained, CRED_SMB_CONF);
+ assert_int_equal(kerberos_state, CRED_USE_KERBEROS_DESIRED);
assert_int_equal(creds->ccache_obtained, CRED_GUESS_FILE);
assert_non_null(creds->ccache);
@@ -253,15 +264,21 @@ static void torture_creds_krb5_state(void **state)
CRED_USE_KERBEROS_REQUIRED,
CRED_SPECIFIED);
assert_true(ok);
- assert_int_equal(creds->kerberos_state_obtained, CRED_SPECIFIED);
- assert_int_equal(creds->kerberos_state, CRED_USE_KERBEROS_REQUIRED);
+ kerberos_state_obtained =
+ cli_credentials_get_kerberos_state_obtained(creds);
+ kerberos_state = cli_credentials_get_kerberos_state(creds);
+ assert_int_equal(kerberos_state_obtained, CRED_SPECIFIED);
+ assert_int_equal(kerberos_state, CRED_USE_KERBEROS_REQUIRED);
ok = cli_credentials_set_kerberos_state(creds,
CRED_USE_KERBEROS_DISABLED,
CRED_SMB_CONF);
assert_false(ok);
- assert_int_equal(creds->kerberos_state_obtained, CRED_SPECIFIED);
- assert_int_equal(creds->kerberos_state, CRED_USE_KERBEROS_REQUIRED);
+ kerberos_state_obtained =
+ cli_credentials_get_kerberos_state_obtained(creds);
+ kerberos_state = cli_credentials_get_kerberos_state(creds);
+ assert_int_equal(kerberos_state_obtained, CRED_SPECIFIED);
+ assert_int_equal(kerberos_state, CRED_USE_KERBEROS_REQUIRED);
}
diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index 62ad5063af0..73805983628 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -2147,6 +2147,12 @@ static struct tevent_req *vfswrap_offload_write_send(
.remaining = to_copy,
};
+ status = vfs_offload_token_ctx_init(handle->conn->sconn->client,
+ &vfswrap_offload_ctx);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
tevent_req_set_cleanup_fn(req, vfswrap_offload_write_cleanup);
switch (fsctl) {
diff --git a/source3/modules/vfs_recycle.c b/source3/modules/vfs_recycle.c
index 327a7eea06e..ea0417d9649 100644
--- a/source3/modules/vfs_recycle.c
+++ b/source3/modules/vfs_recycle.c
@@ -55,10 +55,14 @@ static int vfs_recycle_connect(struct vfs_handle_struct
*handle,
const char *service,
const char *user)
{
+ const struct loadparm_substitution *lp_sub =
+ loadparm_s3_global_substitution();
struct recycle_config_data *config = NULL;
int ret;
int t;
- const char *buff;
+ const char *buff = NULL;
+ const char **tmplist = NULL;
+ char *repository = NULL;
ret = SMB_VFS_NEXT_CONNECT(handle, service, user);
if (ret < 0) {
@@ -75,10 +79,30 @@ static int vfs_recycle_connect(struct vfs_handle_struct
*handle,
errno = ENOMEM;
return -1;
}
- config->repository = lp_parm_const_string(SNUM(handle->conn),
- "recycle",
- "repository",
- ".recycle");
+ buff = lp_parm_const_string(SNUM(handle->conn),
+ "recycle",
+ "repository",
+ ".recycle");
+ repository = talloc_sub_full(
+ config,
+ lp_servicename(talloc_tos(), lp_sub, SNUM(handle->conn)),
+ handle->conn->session_info->unix_info->unix_name,
+ handle->conn->connectpath,
+ handle->conn->session_info->unix_token->gid,
+ handle->conn->session_info->unix_info->sanitized_username,
+ handle->conn->session_info->info->domain_name,
+ buff);
+ if (repository == NULL) {
+ DBG_ERR("talloc_sub_full() failed\n");
+ TALLOC_FREE(config);
+ errno = ENOMEM;
+ return -1;
+ }
+ /* shouldn't we allow absolute path names here? --metze */
+ /* Yes :-). JRA. */
+ trim_char(repository, '\0', '/');
+ config->repository = repository;
+
config->keeptree = lp_parm_bool(SNUM(handle->conn),
"recycle",
"keeptree",
@@ -95,18 +119,48 @@ static int vfs_recycle_connect(struct vfs_handle_struct
*handle,
"recycle",
"touch_mtime",
False);
- config->exclude = lp_parm_string_list(SNUM(handle->conn),
- "recycle",
- "exclude",
- NULL);
- config->exclude_dir = lp_parm_string_list(SNUM(handle->conn),
- "recycle",
- "exclude_dir",
- NULL);
- config->noversions = lp_parm_string_list(SNUM(handle->conn),
- "recycle",
- "noversions",
- NULL);
+ tmplist = lp_parm_string_list(SNUM(handle->conn),
+ "recycle",
+ "exclude",
+ NULL);
+ if (tmplist != NULL) {
+ char **tmpcpy = str_list_copy(config, tmplist);
+ if (tmpcpy == NULL) {
+ DBG_ERR("str_list_copy() failed\n");
+ TALLOC_FREE(config);
+ errno = ENOMEM;
+ return -1;
+ }
+ config->exclude = discard_const_p(const char *, tmpcpy);
+ }
+ tmplist = lp_parm_string_list(SNUM(handle->conn),
+ "recycle",
+ "exclude_dir",
+ NULL);
+ if (tmplist != NULL) {
+ char **tmpcpy = str_list_copy(config, tmplist);
+ if (tmpcpy == NULL) {
+ DBG_ERR("str_list_copy() failed\n");
+ TALLOC_FREE(config);
+ errno = ENOMEM;
+ return -1;
+ }
+ config->exclude_dir = discard_const_p(const char *, tmpcpy);
+ }
+ tmplist = lp_parm_string_list(SNUM(handle->conn),
+ "recycle",
+ "noversions",
+ NULL);
+ if (tmplist != NULL) {
+ char **tmpcpy = str_list_copy(config, tmplist);
+ if (tmpcpy == NULL) {
+ DBG_ERR("str_list_copy() failed\n");
+ TALLOC_FREE(config);
+ errno = ENOMEM;
+ return -1;
+ }
+ config->noversions = discard_const_p(const char *, tmpcpy);
+ }
config->minsize = conv_str_size(lp_parm_const_string(
SNUM(handle->conn), "recycle", "minsize", NULL));
config->maxsize = conv_str_size(lp_parm_const_string(
@@ -421,42 +475,27 @@ static int recycle_unlink_internal(vfs_handle_struct
*handle,
const struct smb_filename *smb_fname,
int flags)
{
- const struct loadparm_substitution *lp_sub =
- loadparm_s3_global_substitution();
- connection_struct *conn = handle->conn;
+ TALLOC_CTX *frame = NULL;
struct smb_filename *full_fname = NULL;
char *path_name = NULL;
- char *temp_name = NULL;
- char *final_name = NULL;
+ const char *temp_name = NULL;
+ const char *final_name = NULL;
struct smb_filename *smb_fname_final = NULL;
- const char *base;
- char *repository = NULL;
+ const char *base = NULL;
int i = 1;
off_t file_size; /* space_avail; */
bool exist;
int rc = -1;
- struct recycle_config_data *config;
+ struct recycle_config_data *config = NULL;
SMB_VFS_HANDLE_GET_DATA(handle,
config,
struct recycle_config_data,
- return true);
+ return -1);
- repository = talloc_sub_full(
- NULL,
- lp_servicename(talloc_tos(), lp_sub, SNUM(conn)),
- conn->session_info->unix_info->unix_name,
- conn->connectpath,
- conn->session_info->unix_token->gid,
- conn->session_info->unix_info->sanitized_username,
- conn->session_info->info->domain_name,
- config->repository);
- ALLOC_CHECK(repository, done);
- /* shouldn't we allow absolute path names here? --metze */
- /* Yes :-). JRA. */
- trim_char(repository, '\0', '/');
+ frame = talloc_stackframe();
- if(!repository || *(repository) == '\0') {
+ if (config->repository[0] == '\0') {
DEBUG(3, ("recycle: repository path not set, purging %s...\n",
smb_fname_str_dbg(smb_fname)));
rc = SMB_VFS_NEXT_UNLINKAT(handle,
@@ -466,16 +505,18 @@ static int recycle_unlink_internal(vfs_handle_struct
*handle,
goto done;
}
- full_fname = full_path_from_dirfsp_atname(talloc_tos(),
+ full_fname = full_path_from_dirfsp_atname(frame,
dirfsp,
smb_fname);
if (full_fname == NULL) {
- return -1;
+ rc = -1;
+ errno = ENOMEM;
+ goto done;
}
/* we don't recycle the recycle bin... */
- if (strncmp(full_fname->base_name, repository,
- strlen(repository)) == 0) {
+ if (strncmp(full_fname->base_name, config->repository,
+ strlen(config->repository)) == 0) {
DEBUG(3, ("recycle: File is within recycling bin, unlinking
...\n"));
rc = SMB_VFS_NEXT_UNLINKAT(handle,
dirfsp,
@@ -539,7 +580,7 @@ static int recycle_unlink_internal(vfs_handle_struct
*handle,
*/
/* extract filename and path */
- if (!parent_dirname(talloc_tos(), full_fname->base_name, &path_name,
&base)) {
+ if (!parent_dirname(frame, full_fname->base_name, &path_name, &base)) {
rc = -1;
errno = ENOMEM;
goto done;
@@ -571,13 +612,16 @@ static int recycle_unlink_internal(vfs_handle_struct
*handle,
}
if (config->keeptree) {
- if (asprintf(&temp_name, "%s/%s", repository, path_name) == -1)
{
- ALLOC_CHECK(temp_name, done);
+ temp_name = talloc_asprintf(frame, "%s/%s",
+ config->repository,
+ path_name);
+ if (temp_name == NULL) {
+ rc = -1;
+ goto done;
}
} else {
- temp_name = SMB_STRDUP(repository);
+ temp_name = config->repository;
}
- ALLOC_CHECK(temp_name, done);
exist = recycle_directory_exist(handle, temp_name);
if (exist) {
@@ -600,12 +644,15 @@ static int recycle_unlink_internal(vfs_handle_struct
*handle,
}
}
- if (asprintf(&final_name, "%s/%s", temp_name, base) == -1) {
- ALLOC_CHECK(final_name, done);
+ final_name = talloc_asprintf(frame, "%s/%s",
+ temp_name, base);
+ if (final_name == NULL) {
+ rc = -1;
+ goto done;
}
/* Create smb_fname with final base name and orig stream name. */
- smb_fname_final = synthetic_smb_fname(talloc_tos(),
+ smb_fname_final = synthetic_smb_fname(frame,
final_name,
full_fname->stream_name,
NULL,
@@ -641,20 +688,16 @@ static int recycle_unlink_internal(vfs_handle_struct
*handle,
/* rename file we move to recycle bin */
i = 1;
while (recycle_file_exist(handle, smb_fname_final)) {
- SAFE_FREE(final_name);
- if (asprintf(&final_name, "%s/Copy #%d of %s", temp_name, i++,
base) == -1) {
- ALLOC_CHECK(final_name, done);
- }
+ char *copy = NULL;
+
TALLOC_FREE(smb_fname_final->base_name);
- smb_fname_final->base_name = talloc_strdup(smb_fname_final,
- final_name);
- if (smb_fname_final->base_name == NULL) {
- rc = SMB_VFS_NEXT_UNLINKAT(handle,
- dirfsp,
- smb_fname,
- flags);
+ copy = talloc_asprintf(smb_fname_final, "%s/Copy #%d of %s",
+ temp_name, i++, base);
+ if (copy == NULL) {
+ rc = -1;
goto done;
}
+ smb_fname_final->base_name = copy;
}
DEBUG(10, ("recycle: Moving %s to %s\n", smb_fname_str_dbg(full_fname),
@@ -681,12 +724,7 @@ static int recycle_unlink_internal(vfs_handle_struct
*handle,
recycle_do_touch(handle, smb_fname_final, config->touch_mtime);
done:
- TALLOC_FREE(path_name);
- SAFE_FREE(temp_name);
- SAFE_FREE(final_name);
- TALLOC_FREE(full_fname);
- TALLOC_FREE(smb_fname_final);
- TALLOC_FREE(repository);
+ TALLOC_FREE(frame);
return rc;
}
diff --git a/source3/script/tests/test_recycle.sh
b/source3/script/tests/test_recycle.sh
index 8c9291feb92..ba1d0a598b1 100755
--- a/source3/script/tests/test_recycle.sh
+++ b/source3/script/tests/test_recycle.sh
@@ -90,11 +90,16 @@ quit
return 0
}
+panic_count_0=$(grep -c PANIC $SMBD_TEST_LOG)
testit "recycle" \
test_recycle ||
failed=$((failed + 1))
+panic_count_1=$(grep -c PANIC $SMBD_TEST_LOG)
+
+testit "check_panic" test $panic_count_0 -eq $panic_count_1 || failed=$(expr
$failed + 1)
+
#
# Cleanup.
do_cleanup
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index 791b71a0051..e47eb5766da 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -821,6 +821,11 @@ plantestsuite("samba4.blackbox.trust_ntlm",
"fl2000dc:local", [os.path.join(bbdi
plantestsuite("samba4.blackbox.trust_ntlm", "ad_member:local",
[os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME',
'$PASSWORD', '$SERVER', '$SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$REALM',
'$DOMAIN', 'member', 'auto', 'NT_STATUS_LOGON_FAILURE'])
plantestsuite("samba4.blackbox.trust_ntlm", "nt4_member:local",
[os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME',
'$PASSWORD', '$SERVER', '$SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$DOMAIN',
'$DOMAIN', 'member', 'auto', 'NT_STATUS_LOGON_FAILURE'])
+plantestsuite("samba4.blackbox.ldap_token", "fl2008r2dc:local",
[os.path.join(bbdir, "test_ldap_token.sh"), '$SERVER', '$USERNAME',
'$PASSWORD', '$REALM', '$DOMAIN', '$DOMSID'])
+plantestsuite("samba4.blackbox.ldap_token", "fl2003dc:local",
[os.path.join(bbdir, "test_ldap_token.sh"), '$SERVER', '$USERNAME',
'$PASSWORD', '$REALM', '$DOMAIN', '$DOMSID'])
+plantestsuite("samba4.blackbox.ldap_token", "fl2000dc:local",
[os.path.join(bbdir, "test_ldap_token.sh"), '$SERVER', '$USERNAME',
'$PASSWORD', '$REALM', '$DOMAIN', '$DOMSID'])
+plantestsuite("samba4.blackbox.ldap_token", "ad_member:local",
[os.path.join(bbdir, "test_ldap_token.sh"), '$DC_SERVER', '$DC_USERNAME',
'$DC_PASSWORD', '$REALM', '$DOMAIN', '$DOMSID'])
+
plantestsuite("samba4.blackbox.trust_utils(fl2008r2dc:local)",
"fl2008r2dc:local", [os.path.join(bbdir, "test_trust_utils.sh"), '$SERVER',
'$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER',
'$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN',
'$PREFIX', "forest"])
plantestsuite("samba4.blackbox.trust_utils(fl2003dc:local)", "fl2003dc:local",
[os.path.join(bbdir, "test_trust_utils.sh"), '$SERVER', '$USERNAME',
'$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME',
'$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "external"])
plantestsuite("samba4.blackbox.trust_utils(fl2000dc:local)", "fl2000dc:local",
[os.path.join(bbdir, "test_trust_utils.sh"), '$SERVER', '$USERNAME',
'$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME',
'$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "external"])
diff --git a/source4/torture/smb2/ioctl.c b/source4/torture/smb2/ioctl.c
index 3765dc0c1bd..beceaa5c551 100644
--- a/source4/torture/smb2/ioctl.c
+++ b/source4/torture/smb2/ioctl.c
@@ -7388,6 +7388,68 @@ static bool test_ioctl_bug14788_NETWORK_INTERFACE(struct
torture_context *tortur
return true;
}
--
Samba Shared Repository
