[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3c6ca81aad1 vfs_glusterfs: Retrieve fs capabilities using vfs_get_fs_capabilities via 9524b402f81 vfs_ceph_new: Retrieve fs capabilties using vfs_get_fs_capabilities via 58cf7a63209 vfs_ceph_new: Populate fs capabilities within vfs_ceph_statvfs via 44e4e1eade5 vfs_ceph: Retrieve fs capabilties using vfs_get_fs_capabilities via 0d922d06a71 vfs_ceph: Populate fs capabilities within cephwrap_statvfs via 9bced4429e9 vfs_default: Retrieve fs capabilites using vfs_get_fs_capabilties via b1fbaefc665 s3/smbd: Add a helper to fetch fs capabilities from 250947611c7 ctdb-tests: Fix test failure when tests are installed https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3c6ca81aad16e74bc3d9c4784baf97a237f652c6 Author: Anoop C S Date: Tue Sep 17 23:58:50 2024 +0530 vfs_glusterfs: Retrieve fs capabilities using vfs_get_fs_capabilities vfs_glusterfs is supposed to be the last entry when listed with other vfs modules. This is due to the fact that the connection path is not local to the server but relative to the virtual remote file system beneath it. Especially SMB_VFS_FS_CAPABILITIES implementation from vfs_default is likely to return incorrect results based on the connection path assumed to be local to the server which might not be the case with glusterfs module stacked. Therefore it doesn't make sense to pass through any vfs interface implementations further down the line to vfs_default. Instead make use of get_fs_capabilties to start with already known fs capabilties from connect phase. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15716 Signed-off-by: Anoop C S Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Mon Oct 7 13:36:11 UTC 2024 on atb-devel-224 commit 9524b402f811fd2fc35c9952df0496898f8e2cbe Author: Anoop C S Date: Thu Oct 3 12:32:04 2024 +0530 vfs_ceph_new: Retrieve fs capabilties using vfs_get_fs_capabilities Make use of get_fs_capabilties to start with already known fs capabilties from connect phase. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15716 Signed-off-by: Anoop C S Reviewed-by: Ralph Boehme commit 58cf7a63209b0a898bc39c9f8b7de5188bef618f Author: Anoop C S Date: Thu Oct 3 12:29:58 2024 +0530 vfs_ceph_new: Populate fs capabilities within vfs_ceph_statvfs SMB_VFS_STATVFS implementation for vfs_ceph_new failed to fill in the FsCapabilities field for vfs_statvfs_struct. Insert the minimum required values for defining the capabilties of a ceph file system. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15716 Signed-off-by: Anoop C S Reviewed-by: Ralph Boehme commit 44e4e1eade5cadea9bd93fde8293ab6eb26230cc Author: Anoop C S Date: Tue Sep 17 23:50:25 2024 +0530 vfs_ceph: Retrieve fs capabilties using vfs_get_fs_capabilities vfs_ceph is supposed to be the last entry when listed with other vfs modules. This is due to the fact that the connection path is not local to the server but relative to the virtual remote file system beneath it. Especially SMB_VFS_FS_CAPABILITIES implementation from vfs_default is likely to return incorrect results based on the connection path assumed to be local to the server which might not be the case with ceph module stacked. Therefore it doesn't make sense to pass through any vfs interface implementations further down the line to vfs_default. Instead make use of get_fs_capabilties to start with already known fs capabilties from connect phase. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15716 Signed-off-by: Anoop C S Reviewed-by: Ralph Boehme commit 0d922d06a71ad647791cd93194c5591033fc4b4b Author: Anoop C S Date: Mon Sep 23 14:55:59 2024 +0530 vfs_ceph: Populate fs capabilities within cephwrap_statvfs SMB_VFS_STATVFS implementation for vfs_ceph failed to fill in the FsCapabilities field for vfs_statvfs_struct. Insert the minimum required values for defining the capabilties of a ceph file system. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15716 Signed-off-by: Anoop C S Reviewed-by: Ralph Boehme commit 9bced4429e90ba871b848f31738aa8614bf03b08 Author: Anoop C S Date: Tue Sep 24 11:25:54 2024 +0530 vfs_default: Retrieve fs capabilites using vfs_get_fs_capabilties Make use of get_fs_capabilties to start with already known fs capabilties from connect phase. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15716 Signed-off-by: Anoop C S Reviewed-by: Ralph Boehme commit b1fbaefc665a7fb0413a26bd0304f97356fda414 Author: Anoop C S Date: Tue Sep 24 11:06:58 2024 +05
[SCM] Samba Shared Repository - branch master updated
26e743 librpc/rpc: add get_binding() to dcerpc_binding_handle_ops via 72b79a771fd s3:rpc_client: header signing is negotiated per transport connection via d406f9fffed s3:rpc_client: make use of struct samba_sockaddr in rpc_pipe_open_ncalrpc() via 61d38f70be3 s3:winbindd: cm_connect_lsa_tcp() doesn't need to check for NCACN_IP_TCP or LEVEL_INTEGRITY via 8dcbbebe56d s3:rpcclient: make use of dcerpc_binding_handle_auth_info() via 1a311df3d61 s3:rpc_client: the transport_session_key is per connection! via 3a3338bd184 s3:rpc_client: remove unused cli_get_session_key() via f75189dee9d s3:rpcclient/cli_drsuapi: make use of dcerpc_binding_handle_auth_session_key() via 099c8d904ec s3:libnet_dssync: make use of dcerpc_binding_handle_auth_session_key() via 77da0914d5c s3:rpc_client: make use of dcerpc_binding_handle_transport_session_key() via a14ac349dec s3:utils/net_rpc: make use of dcerpc_binding_handle_transport_session_key() via 56175a0947f s3:libnet_join: make use of dcerpc_binding_handle_transport_session_key() via 2cb726e92c8 s3:lib/netapi: make use of dcerpc_binding_handle_transport_session_key() via bbe529a2f60 s4:torture/drs: make use of dcerpc_binding_handle_auth_session_key() via 38874d28404 s4:pyrpc: make use of dcerpc_binding_handle_auth_session_key() via 5d3faa86fd4 s4:py_net: make use of dcerpc_binding_handle_auth_session_key() via bf888b59e34 s4:libnet: make use of dcerpc_binding_handle_auth_session_key() in libnet_become_dc.c via 51f5eefcd11 s4:drepl: make use of dcerpc_binding_handle_auth_session_key() via af16ecece87 s3:rpc_client: add rpccli_bh_auth_session_key() via 64467157479 s4:librpc/rpc: add dcerpc_bh_auth_session_key() via 5e34173041e librpc/rpc: add dcerpc_binding_handle_auth_session_key() via d9bf23f971d s4:librpc/rpc: remove unused dcerpc_fetch_session_key() via 4ccd2dd8a2f s4:torture/rpc: make use of dcerpc_binding_handle_transport_session_key() via 57905603e06 xss4:pyrpc: make use of dcerpc_binding_handle_transport_session_key() via 93e8d58736e s4:libnet: make use of dcerpc_binding_handle_transport_session_key() in libnet_passwd.c via 2d1c182bf51 s4:libnet: add struct dcerpc_binding_handle helper variables in libnet_passwd.c via 3cc6ddeb589 s4:librpc/rpc: remove unused dcerpc_transport_encrypted() via 9567d753ac0 s4:pyrpc: let py_iface_transport_encrypted() use dcerpc_binding_handle_transport_encrypted() via 5bb35cc7cca s3:rpc_client: add rpccli_bh_transport_session_key() via 9b50ab08c16 s4:librpc/rpc: add dcerpc_bh_transport_{encrypted,session_key}() via 3dc3f9cf1b6 librpc/rpc: add dcerpc_binding_handle_transport_{encrypted,session_key}() via 061267e0e4d s4:torture/rpc: avoid using DCERPC_NDR_REF_ALLOC in fsrvp.c via 136ee756fe3 s4:torture/rpc: remove useless usage of DCERPC_SIGN, DCERPC_SEAL via b0be3c8af82 s4:torture/rpc: avoid checking p->last_fault_code in iremotewinspool* via 492f6a0eef7 librpc/rpc: map DCERPC_NCA_S_UNSUPPORTED_TYPE to NT_STATUS_RPC_UNSUPPORTED_TYPE via 722e93e4d9a librpc/rpc: map DCERPC_NCA_S_SERVER_TOO_BUSY to NT_STATUS_RPC_SERVER_TOO_BUSY from b3bc2c950fd lib:ldb: Use tdb_traverse_read() in ldb_kv_index_sub_transaction_commit() https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 93db1c7f3bb4209b5d69b879bc506ca72b635bd7 Author: Volker Lendecke Date: Tue Sep 24 10:59:23 2024 +0200 pylibsmb: Fix a typo pylibsmb is supposed to be used only internally, at least I hope this has not made it into an API that is perceived to be publically used. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Thu Sep 26 16:35:55 UTC 2024 on atb-devel-224 commit 342d45eddbde41b2ae27f8cd2299818da74d83a5 Author: Volker Lendecke Date: Tue Sep 24 09:50:57 2024 +0200 posix_ext: Pass unix file type through posix query_directory Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 83794d08bc39c74caebebd8dee4cc3f207ed90c5 Author: Volker Lendecke Date: Mon Sep 23 19:37:15 2024 +0200 tests: Check that we return the posix type in query_directory Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 529951ade5b64bf45e8d1fbc783c935b368099d7 Author: Volker Lendecke Date: Mon Sep 23 18:52:13 2024 +0200 smbd: Return file type in the posix create context response Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 3b63170f506114a556fad31cba6a4f1922944e39 Author: Volker Lendecke Date: Mon Sep 23 18:23:43 2024 +0200 tests: Check that posix extensions return the file type
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7da019d6140 s4: torture: Add a new test lease_rename_with_overwrite. from 4f577c7b689 sync machine password to keytab: handle FreeIPA use case https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7da019d61401d4c213da4859c36f5fb3a1edbc0e Author: Jeremy Allison Date: Tue Sep 17 11:47:31 2024 -0700 s4: torture: Add a new test lease_rename_with_overwrite. Creates and opens two files with leases, then tries rename-with-overwrite on file_src -> file_dst. Ensures we get a lease break on file_dst before getting the access denied response. Passes against Windows, fails against Samba. Add knownfail. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Sep 18 05:42:15 UTC 2024 on atb-devel-224 --- Summary of changes: selftest/knownfail.d/lease_rename_with_overwrite | 1 + source4/torture/smb2/lease.c | 98 2 files changed, 99 insertions(+) create mode 100644 selftest/knownfail.d/lease_rename_with_overwrite Changeset truncated at 500 lines: diff --git a/selftest/knownfail.d/lease_rename_with_overwrite b/selftest/knownfail.d/lease_rename_with_overwrite new file mode 100644 index 000..4f97b1659cc --- /dev/null +++ b/selftest/knownfail.d/lease_rename_with_overwrite @@ -0,0 +1 @@ +^samba3.smb2.lease.v2_rename_target_overwrite\(nt4_dc\) diff --git a/source4/torture/smb2/lease.c b/source4/torture/smb2/lease.c index fb65f61..eec997d4a98 100644 --- a/source4/torture/smb2/lease.c +++ b/source4/torture/smb2/lease.c @@ -4004,6 +4004,102 @@ done: return ret; } +/* + * Try doing a rename overwrite where the target file is open + * with a RWH lease. + */ + +static bool test_lease_v2_rename_target_overwrite(struct torture_context *tctx, +struct smb2_tree *tree) +{ + TALLOC_CTX *mem_ctx = talloc_new(tctx); + struct smb2_create io; + struct smb2_create io_dst; + struct smb2_lease ls1; + struct smb2_lease ls_dst; + struct smb2_handle h = {}; + struct smb2_handle h_dst = {}; + union smb_setfileinfo sinfo; + const char *fname = "lease_v2_rename_overwrite_src.dat"; + const char *fname_dst = "lease_v2_rename_overwrite_dst.dat"; + bool ret = true; + NTSTATUS status; + uint32_t caps; + enum protocol_types protocol; + + caps = smb2cli_conn_server_capabilities(tree->session->transport->conn); + if (!(caps & SMB2_CAP_LEASING)) { + torture_skip(tctx, "leases are not supported"); + } + + protocol = smbXcli_conn_protocol(tree->session->transport->conn); + if (protocol < PROTOCOL_SMB3_00) { + torture_skip(tctx, "v2 leases are not supported"); + } + + smb2_util_unlink(tree, fname); + smb2_util_unlink(tree, fname_dst); + + tree->session->transport->lease.handler = torture_lease_handler; + tree->session->transport->lease.private_data = tree; + tree->session->transport->oplock.handler = torture_oplock_handler; + tree->session->transport->oplock.private_data = tree; + + torture_reset_lease_break_info(tctx, &lease_break_info); + + ZERO_STRUCT(io); + smb2_lease_v2_create_share(&io, &ls1, false, fname, + smb2_util_share_access("RWD"), + LEASE1, NULL, + smb2_util_lease_state("RHW"), + 0x4711); + status = smb2_create(tree, mem_ctx, &io); + CHECK_STATUS(status, NT_STATUS_OK); + h = io.out.file.handle; + CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE); + ls1.lease_epoch += 1; + CHECK_LEASE_V2(&io, "RHW", true, LEASE1, 0, 0, ls1.lease_epoch); + + /* Create the target file with a lease and leave open. */ + ZERO_STRUCT(io_dst); + smb2_lease_v2_create_share(&io_dst, &ls_dst, false, fname_dst, + smb2_util_share_access("RWD"), + LEASE2, NULL, + smb2_util_lease_state("RHW"), + 0x4711); + status = smb2_create(tree, mem_ctx, &io_dst); + CHECK_STATUS(status, NT_STATUS_OK); + h_dst = io_dst.out.file.handle; + CHECK_CREATED(&io_dst, CREATED, FILE_ATTRIBUTE_ARCHIVE); + ls_dst.lease_epoch += 1; + CHECK_LEASE_V2(&io_dst, "RHW", true, LEASE2, 0, 0
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 61d9c0d92e8 smbd: add options "fs:[logical|aligned|performance|effective aligned] bytes per sector" via 909edd6e8a5 vfs_default: implement FSCTL_DUP_EXTENTS_TO_FILE with copy_reflink() via 9ffcfb8c436 libreplace: add rep_copy_reflink() via deeca8ff176 smbd: consolidate fs capabilities code in vfswrap_fs_capabilities() via 1c4e2ba842c docs: document SUPPORTS_BLOCK_REFCOUNTING for share:fake_fscaps from f1cd250a6fd s3:libads: Do not print error message for a default configuration https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 61d9c0d92e8c27c8882c47bbd305d9985ea722be Author: Ralph Boehme Date: Fri Apr 5 15:25:03 2024 +0200 smbd: add options "fs:[logical|aligned|performance|effective aligned] bytes per sector" In order to support certain Windows applications that make use of copy reflink, we need some way to allow configuring these values. According to testing, the application somehow uses the value of phys_bytes_per_sector_atomic for some check when requesting server-side reflink copies, eg for ZFS the following is needed block size = 131072 fs:aligned bytes per sector = 131072 For some reason "block size" must also be set to the value of fs:aligned bytes per sector, but fs:logical bytes per sector, which according to the spec should match "block size", must stay at the default of 512, otherwise the application does not work. As the whole client behaviour could not be fully understood, I'm proposing to introduce these options as undocumented parametric options, so we can at least start testing with them. Signed-off-by: Ralph Boehme Reviewed-by: David Disseldorp Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Tue Aug 20 07:01:19 UTC 2024 on atb-devel-224 commit 909edd6e8a5222c996553a3565b6d4b20da77e71 Author: Ralph Boehme Date: Sun Mar 24 17:40:50 2024 +0100 vfs_default: implement FSCTL_DUP_EXTENTS_TO_FILE with copy_reflink() According to MS-FSA 2.1.5.9.4 FSCTL_DUPLICATE_EXTENTS_TO_FILE ReFS on Windows does not check for byte range lock conflicts: * The object store SHOULD<81> check for byte range lock conflicts ... * <81>: The ReFS file system in Windows Server 2016 and later does not check for byte range lock conflicts To match Windows behaviour we also don't check for conflicts. Signed-off-by: Ralph Boehme Reviewed-by: David Disseldorp commit 9ffcfb8c4361bf1f6a364aa56a6057ed9b7bd247 Author: Ralph Boehme Date: Sun Mar 24 17:02:21 2024 +0100 libreplace: add rep_copy_reflink() FICLONERANGE was introduced in kernel version 4.5, so I guess we can just assume it is present if HAVE_LINUX_IOCTL is defined. Signed-off-by: Ralph Boehme Reviewed-by: David Disseldorp commit deeca8ff176e7e9082cc0fcf48d7f981de2523c5 Author: Ralph Boehme Date: Thu Jun 6 15:38:16 2024 +0200 smbd: consolidate fs capabilities code in vfswrap_fs_capabilities() This ensures the values we return via SMB_FS_ATTRIBUTE_INFORMATION is the same we use internally via conn->fs_capabilities. This deliberately preserves existing behaviour as much as possible and leaves possible improvements as a future excercize. Particularily FILE_VOLUME_QUOTAS is already set insided SMB_VFS_STATVFS() depending on backend filesystem flags which is probably the correct way to do it instead of just setting the capability when Samba was built with quota support. Signed-off-by: Ralph Boehme Reviewed-by: David Disseldorp commit 1c4e2ba842cb379d1cb7c520643e523de711921d Author: Ralph Boehme Date: Wed Jun 5 14:40:15 2024 +0200 docs: document SUPPORTS_BLOCK_REFCOUNTING for share:fake_fscaps Signed-off-by: Ralph Boehme Reviewed-by: David Disseldorp --- Summary of changes: docs-xml/smbdotconf/protocol/sharefakefscaps.xml | 24 +- lib/replace/replace.c| 28 ++ lib/replace/replace.h| 9 + source3/modules/vfs_btrfs.c | 393 --- source3/modules/vfs_ceph.c | 3 +- source3/modules/vfs_default.c| 83 +++-- source3/modules/vfs_glusterfs.c | 4 +- source3/smbd/smb2_trans2.c | 45 +-- 8 files changed, 146 insertions(+), 443 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/protocol/sharefakefscaps.xml b/docs-xml/smbdotconf/protocol/sharefakefscaps.xml index 31e7ebc0e75..2f90d0be867 100644 --- a/docs-xml/smbdotconf/protocol/sharefake
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e4d6a19e492 third_party/heimdal: Import lorikeet-heimdal-202407041740 (commit 42ba2a6e5dd1bc14a8b5ada8c9b8ace85956f6a0) from c9c74d819a2 s3:rpc_server: Initialize array struct security_ace ace[] https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e4d6a19e49260af22bffd2a417119489719ba364 Author: Ralph Boehme Date: Thu Jul 4 18:00:52 2024 +0200 third_party/heimdal: Import lorikeet-heimdal-202407041740 (commit 42ba2a6e5dd1bc14a8b5ada8c9b8ace85956f6a0) Fix clock skew error message and memory cache clock skew recovery BUG: https://bugzilla.samba.org/show_bug.cgi?id=15676 Signed-off-by: Ralph Boehme Signed-off-by: Stefan Metzmacher Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Jul 5 10:02:26 UTC 2024 on atb-devel-224 --- Summary of changes: third_party/heimdal/lib/krb5/fast.c | 12 third_party/heimdal/lib/krb5/mcache.c | 2 +- 2 files changed, 9 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/third_party/heimdal/lib/krb5/fast.c b/third_party/heimdal/lib/krb5/fast.c index 90133a7abc0..4026ed62327 100644 --- a/third_party/heimdal/lib/krb5/fast.c +++ b/third_party/heimdal/lib/krb5/fast.c @@ -691,10 +691,14 @@ _krb5_fast_unwrap_error(krb5_context context, idx = 0; pa = krb5_find_padata(md->val, md->len, KRB5_PADATA_FX_FAST, &idx); if (pa == NULL) { - ret = KRB5_KDCREP_MODIFIED; - krb5_set_error_message(context, ret, - N_("FAST fast response is missing FX-FAST", "")); - goto out; + /* +* Typically _krb5_fast_wrap_req() has set KRB5_FAST_EXPECTED, which +* means check_fast() will complain and return KRB5KRB_AP_ERR_MODIFIED. +* +* But for TGS-REP init_tgs_req() clears KRB5_FAST_EXPECTED and we'll +* ignore a missing KRB5_PADATA_FX_FAST. +*/ + return check_fast(context, state); } ret = unwrap_fast_rep(context, state, pa, &fastrep); diff --git a/third_party/heimdal/lib/krb5/mcache.c b/third_party/heimdal/lib/krb5/mcache.c index 9463e825af8..148fcf2624c 100644 --- a/third_party/heimdal/lib/krb5/mcache.c +++ b/third_party/heimdal/lib/krb5/mcache.c @@ -225,7 +225,7 @@ mcc_initialize(krb5_context context, */ mcc_destroy_internal(context, m); m->dead = 0; -m->kdc_offset = 0; +m->kdc_offset = context->kdc_sec_offset; m->mtime = time(NULL); ret = krb5_copy_principal (context, primary_principal, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0ebabaedbc0 smbd: Fix cached dos attributes via a32f52e5735 librpc: Make NDR_PRINT_DEBUG call just one DEBUG via b565901a474 smbd: Simplify smbd_do_qfsinfo with direct struct initialization via d2932c22e07 smbd: Simplify reopen_from_fsp via c3799dfb4a7 smbd: Remove some unused code via 1fb07bc7213 smbd: Avoid a cast via 9cb187d1880 smbd: Print reparse_point in dos_mode_debug_print via 7b03fc3d9f2 smbd: Simplify dos_mode_from_sbuf via e2ba6144657 smbd: Simplify fdos_mode via 6a077e2fcda smbd: Simplify filename_convert_dirfsp_nosymlink via 5e206ffbe36 smbd: Remove an obsolete comment via e94de8a4af9 smbd: Simplify init_smb_file_time via e5a304193ba smbd: Simplify copy_stat_ex_timestamps via 1d2fbbdd640 smbd: Modernize a DEBUG via 2edb49c5fc7 vfs: Fix typos via 6f68812d228 smbd: Don't leave a pointer variable uninitialized via e6f8568541a smbd: Align an integer type via 0db47112bba smbd: Modernize a DEBUG from 11c4b253317 ctdb-conf: Rename config loading to not be daemon-specific https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0ebabaedbc06b3b4f658430dcf2edb0711f599fd Author: Volker Lendecke Date: Mon Jun 24 16:50:57 2024 +0200 smbd: Fix cached dos attributes The callers of fset_dos_mode must set the cached attributes themselves, which I did not see. I tried, but I did not find a clean way to fix this behind SMB_VFS_FSET_DOS_ATTRIBUTES, with a smb_fname and smb_fname->fsp->fsp_name we might have two copies of the cached dos attributes around and if we only update fsp->fsp_name, we might miss the outer one. Not doing a test, this is really fresh code, and in the future we must reorganize setting and caching dos attributes anyway. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Jun 28 14:32:27 UTC 2024 on atb-devel-224 commit a32f52e573561900cbed097c453b5240df3b0ae5 Author: Volker Lendecke Date: Mon Jun 17 14:42:30 2024 +0200 librpc: Make NDR_PRINT_DEBUG call just one DEBUG Give debug.c the chance to use just one write call (right now it doesn't yet) Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit b565901a47483ec3782c532a1e87dcf213e30fbe Author: Volker Lendecke Date: Thu Jun 27 12:50:50 2024 +0200 smbd: Simplify smbd_do_qfsinfo with direct struct initialization Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit d2932c22e07de217766f622f57e6750f0cd4bc46 Author: Volker Lendecke Date: Wed Jun 26 15:30:50 2024 +0200 smbd: Simplify reopen_from_fsp In a variable declaration the (struct ...) is not needed Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit c3799dfb4a79ab048096ffa0d37f4a487a3a Author: Volker Lendecke Date: Wed Jun 26 08:57:26 2024 +0200 smbd: Remove some unused code Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 1fb07bc7213d49577e5a853823e68328ca99b863 Author: Volker Lendecke Date: Tue Jun 25 16:11:16 2024 +0200 smbd: Avoid a cast Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 9cb187d1880bf9c56107ccce4dc8956284e94689 Author: Volker Lendecke Date: Tue Jun 25 16:10:28 2024 +0200 smbd: Print reparse_point in dos_mode_debug_print Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 7b03fc3d9f25ce3b82108e0deaffdf70dc83a414 Author: Volker Lendecke Date: Tue Jun 25 16:07:58 2024 +0200 smbd: Simplify dos_mode_from_sbuf We don't need that else branch, this could be a switch as well Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit e2ba6144657be84f35add7e4c7f7c178f80a4f07 Author: Volker Lendecke Date: Tue Jun 25 16:04:53 2024 +0200 smbd: Simplify fdos_mode We don't need the outer !NT_STATUS_IS_OK and the comment Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 6a077e2fcdabae64c1ab6e1378ea10ea2b57f738 Author: Volker Lendecke Date: Tue Jun 25 15:49:23 2024 +0200 smbd: Simplify filename_convert_dirfsp_nosymlink Initialize the timestamps in the existing struct assignment Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 5e206ffbe360004573c00b11fc0bfcdf74f7040d Author: Volker Lendecke Date: Tue Jun 25 13:08:58 2024 +0200 smbd: Remove an obsolete comment We have a good understanding of SAMBA_UTIME_OMIT these days Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit e94de8a4af908c0e09185c6b1f1a04848d831dfb Author: Volker Lendecke
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via ac7a16f9cc4 smbd: Fix crossing automounter mount points from 2d743185e0c vfs_ceph: use consistent code style when setting errno https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ac7a16f9cc4bd97ef546d1b7b02605991000d0f9 Author: Volker Lendecke Date: Fri Dec 29 16:54:56 2023 +0100 smbd: Fix crossing automounter mount points We get ENOENT on /proc/self/fd/ when we try to turn the mountpoint's O_PATH handle into a real one. This does not trigger a mount attempt, you have to use name-based calls. This is not the real fix, because if the autofs mount triggers, the inode number will change. For directories this is not a huge problem as we don't touch the share mode database before we open the "real" fd. We would only violate potential share modes with other pure READ_ATTRIBUTES (i.e. stat-) opens that came before the mount trigger. As I don't think share modes on directories are really relevant, I think we can live with this "fix". Once we do directory leases this will potentially change. As a quick remedy we could use our defer_open() mechanism that starts path processing from scratch. But as long as this seems not really required, we should not add users of this really bad way of going back to square 1. The "real" fix would be to go back to the point where we open the last component with openat(). In the retry round we need to do this without O_PATH to trigger the mount and only then do the initial fstat. Right now I don't see an easy way to properly test this behaviour. Intercepting with vfs_error_inject is certainly possible, but nailing the exact call would clutter the main code path. So I have just tested this manually. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Thu Jun 27 11:59:05 UTC 2024 on atb-devel-224 --- Summary of changes: source3/smbd/open.c | 26 ++ source3/wscript | 5 + 2 files changed, 31 insertions(+) Changeset truncated at 500 lines: diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 7d2227f9d9f..20db4cf5e23 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -43,6 +43,10 @@ #include "lib/util/time_basic.h" #include "source3/smbd/dir.h" +#if defined(HAVE_LINUX_MAGIC_H) +#include +#endif + extern const struct generic_mapping file_generic_mapping; struct deferred_open_record { @@ -1180,6 +1184,27 @@ static NTSTATUS reopen_from_fsp(struct files_struct *dirfsp, fsp, how); if (new_fd == -1) { +#if defined(HAVE_FSTATFS) && defined(HAVE_LINUX_MAGIC_H) + if (S_ISDIR(fsp->fsp_name->st.st_ex_mode) && + (errno == ENOENT)) { + struct statfs sbuf = {}; + int ret = fstatfs(old_fd, &sbuf); + if (ret == -1) { + int saved_errno = errno; + DBG_ERR("fstatfs failed: %s\n", + strerror(errno)); + errno = saved_errno; + } else if (sbuf.f_type == AUTOFS_SUPER_MAGIC) { + /* +* When reopening an as-yet +* unmounted autofs mount +* point we get ENOENT. We +* have to retry pathbased. +*/ + goto namebased_open; + } + } +#endif status = map_nt_error_from_unix(errno); fd_close(fsp); return status; @@ -1194,6 +1219,7 @@ static NTSTATUS reopen_from_fsp(struct files_struct *dirfsp, return NT_STATUS_OK; } +namebased_open: /* * Close the existing pathref fd and set the fsp flag * is_pathref to false so we get a "normal" fd this time. diff --git a/source3/wscript b/source3/wscript index 4048ec5aad5..d8f04646b03 100644 --- a/source3/wscript +++ b/source3/wscript @@ -118,6 +118,7 @@ def configure(conf): conf.CHECK_HEADERS('netdb.h') conf.CHECK_HEADERS('linux/falloc.h linux/ioctl.h') +conf.CHECK_HEADERS('lin
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 225e6aeafc7 s4/torture: Remove already existing test_dir via 3b230769b02 s4/torture: Create test_dir with SEC_RIGHTS_DIR_ALL from 469b22b849a python/samba/tests/krb5: Allow PkInitTests.test_pkinit_ntlm_from_pac_must_change_now to pass on Samba/Heimdal https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 225e6aeafc78d0508881915b8406273c15966e63 Author: Anoop C S Date: Wed May 29 18:52:10 2024 +0530 s4/torture: Remove already existing test_dir In configurations where vfs_acl_xattr is used with 'ignore system acls' option we encounter NT_STATUS_ACCESS_DENIED while trying to open an already existing test_dir in smb2.delete-on-close-perms.READONLY. Due to missing SEC_STD_DELETE permission from the list of allowed ACEs it couldn't be removed via previous call to smb2_deltree(). Thus as seen with other tests we now call set_dir_delete_perms() so that subsequent attempt to remove it can succeed. Signed-off-by: Anoop C S Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Mon Jun 10 13:17:58 UTC 2024 on atb-devel-224 commit 3b230769b02e7c9ecbe7eac05e0344b233b3ae39 Author: Anoop C S Date: Wed May 29 18:41:32 2024 +0530 s4/torture: Create test_dir with SEC_RIGHTS_DIR_ALL In shares where acl_xattr vfs module is loaded with 'ignore system acls' set, smb2.delete-on-close-perms.FIND_and_set_DOC fails to open test_dir due to NT_STATUS_ACCESS_DENIED as it lacks few permissions for owner when created using create_dir(). Test case aims to set delete-on-close for which delete permission is necessary in first place. Therefore we now perform the creation and subsequent opening of directory using torture_smb2_testdir() so that the open handle comes with SEC_STD_DELETE permission. Signed-off-by: Anoop C S Reviewed-by: Ralph Boehme --- Summary of changes: source4/torture/smb2/delete-on-close.c | 32 +--- 1 file changed, 9 insertions(+), 23 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/torture/smb2/delete-on-close.c b/source4/torture/smb2/delete-on-close.c index 05242876dcb..33561516fa0 100644 --- a/source4/torture/smb2/delete-on-close.c +++ b/source4/torture/smb2/delete-on-close.c @@ -518,45 +518,28 @@ static bool test_doc_create_if_exist(struct torture_context *tctx, struct smb2_t static bool test_doc_find_and_set_doc(struct torture_context *tctx, struct smb2_tree *tree) { - struct smb2_create io; + struct smb2_handle dir_handle; struct smb2_find find; NTSTATUS status; union smb_search_data *d; union smb_setfileinfo sfinfo; unsigned int count; - uint32_t perms = 0; - - perms = SEC_STD_SYNCHRONIZE | SEC_STD_READ_CONTROL | SEC_STD_DELETE | - SEC_DIR_WRITE_ATTRIBUTE | SEC_DIR_READ_ATTRIBUTE | - SEC_DIR_WRITE_EA | SEC_FILE_APPEND_DATA | - SEC_FILE_WRITE_DATA | SEC_DIR_LIST; /* File should not exist for this first test, so make sure */ set_dir_delete_perms(tctx, tree); smb2_deltree(tree, DNAME); - create_dir(tctx, tree); - torture_comment(tctx, "FIND and delete directory\n"); torture_comment(tctx, "We expect NT_STATUS_OK\n"); - /* open the directory first */ - ZERO_STRUCT(io); - io.in.desired_access = perms; - io.in.file_attributes= FILE_ATTRIBUTE_DIRECTORY; - io.in.create_disposition = NTCREATEX_DISP_OPEN_IF; - io.in.share_access = NTCREATEX_SHARE_ACCESS_READ | - NTCREATEX_SHARE_ACCESS_DELETE; - io.in.create_options = NTCREATEX_OPTIONS_DIRECTORY; - io.in.fname = DNAME; - - status = smb2_create(tree, tctx, &io); + /* create and open the directory first*/ + status = torture_smb2_testdir(tree, DNAME, &dir_handle); CHECK_STATUS(status, NT_STATUS_OK); /* list directory */ ZERO_STRUCT(find); - find.in.file.handle= io.out.file.handle; + find.in.file.handle= dir_handle; find.in.pattern= "*"; find.in.continue_flags = SMB2_CONTINUE_FLAG_SINGLE; find.in.max_response_size = 0x100; @@ -570,12 +553,12 @@ static bool test_doc_find_and_set_doc(struct torture_context *tctx, struct smb2_ ZERO_STRUCT(sfinfo); sfinfo.generic.level = RAW_SFILEINFO_DISPOSITION_INFORMATION; sfinfo.disposition_info.in.delete_on_close = 1; - sfinfo.generic.in.file.handle = io.out.file.handle; + sfinfo.generic.in.file.handle = dir_handle; status
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 80159018e41 s3:utils: Fix Inherit-Only flag being automatically propagated to children via eba2bfde347 python/samba/tests/blackbox: Add tests for Inherit-only flag propagation from 96b5cfe4e6c s3:libsmb: Pass a memory context to get_ipc_connect() https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 80159018e411c643fbfe7ef82bd33e30b6147901 Author: Anna Popova Date: Fri Apr 12 17:32:37 2024 +0300 s3:utils: Fix Inherit-Only flag being automatically propagated to children Inherit-only flag applies only to the container it was set to and it shouldn't be automatically propagated to children. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15636 Signed-off-by: Anna Popova Reviewed-by: Noel Power Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Mon Apr 29 10:56:48 UTC 2024 on atb-devel-224 commit eba2bfde347041a395f0fbd3c57235be63b1890d Author: yuzu367 Date: Thu Apr 11 11:31:07 2024 +0300 python/samba/tests/blackbox: Add tests for Inherit-only flag propagation BUG: https://bugzilla.samba.org/show_bug.cgi?id=15636 Signed-off-by: Anna Popova Reviewed-by: Noel Power Reviewed-by: Ralph Boehme --- Summary of changes: .../blackbox/smbcacls_propagate_inhertance.py | 108 + source3/utils/smbcacls.c | 4 + 2 files changed, 112 insertions(+) Changeset truncated at 500 lines: diff --git a/python/samba/tests/blackbox/smbcacls_propagate_inhertance.py b/python/samba/tests/blackbox/smbcacls_propagate_inhertance.py index cc13727b8fb..5b3a27111d5 100644 --- a/python/samba/tests/blackbox/smbcacls_propagate_inhertance.py +++ b/python/samba/tests/blackbox/smbcacls_propagate_inhertance.py @@ -1288,3 +1288,111 @@ class InheritanceSmbCaclsTests(SmbCaclsBlockboxTestBase): except BlackboxProcessError as e: self.fail(str(e)) + +def test_simple_iocioi_add(self): +"""test smbcacls '--propagate-inheritance --add' which attempts to add the ACL +for the file and additionally use inheritance rules to propagate appropriate +changes to children + +This test adds an ACL with (IO)(CI)(OI)(READ) + +before: + ++-tar_test_dir/(OI)(CI)(I)(F) + +-oi_dir/(OI)(CI)(I)(F) + | +-file.1(I)(F) + | +-nested/ (OI)(CI)(I)(F) + | +-file.2 (I)(F) + | +-nested_again/ (OI)(CI)(I)(F) + | +-file.3 (I)(F) + +after/expected: + ++-tar_test_dir/(OI)(CI)(I)(F) + +-oi_dir/(OI)(CI)(I)(F), (IO)(CI)(OI)(READ) + | +-file.1(I)(F), (I)(READ) + | +-nested/ (OI)(CI)(I)(F), (I)(CI)(OI)(READ) + | +-file.2 (I)(F), (I)(READ) + | +-nested_again/ (OI)(CI)(I)(F), (I)(CI)(OI)(READ) + | +-file.3 (I)(F), (I)(READ)""" + +dir_add_acl_str = "ACL:%s:ALLOWED/OI|CI|IO/READ" % self.user +obj_inherited_ace_str = "ACL:%s:ALLOWED/I/READ" % self.user +dir_inherited_ace_str = "ACL:%s:ALLOWED/OI|CI|I/READ" % self.user + +try: + +self.smb_cacls(["--propagate-inheritance", "--add", +dir_add_acl_str, self.oi_dir]) + +# check top level container 'oi_dir' has IO|CI|OI/READ +dir_ace = self.ace_parse_str(dir_add_acl_str) +self.assertTrue(self.file_ace_check(self.oi_dir, dir_ace)) + +# file 'oi_dir/file-1' should have inherited I/READ +child_file_ace = self.ace_parse_str(obj_inherited_ace_str) +self.assertTrue(self.file_ace_check(self.f1, child_file_ace)) + +# nested dir 'oi_dir/nested/' should have I|CI|OI/READ +child_dir_ace = self.ace_parse_str(dir_inherited_ace_str) +self.assertTrue(self.file_ace_check(self.nested_dir, child_dir_ace)) + +# nested file 'oi_dir/nested/file-2' should have inherited I/READ +self.assertTrue(self.file_ace_check(self.f2, child_file_ace)) + +# nested_again dir 'oi_dir/nested/nested_again' should have I|CI|OI/READ +child_dir_ace = self.ace_parse_str(dir_inherited_ace_str) +self.assertTrue(self.file_ace_check(self.nested_again_dir, child_dir_ace)) +# nested_again file 'oi_dir/nested/nested_again/file-3' should have inherited I/READ +self.assertTrue(self.file_ace_check(self.f3, child_file_ace)) +except BlackboxProcessError as e: +
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0dec2ef188a Revert "token_util.c: prefer capabilities over become_root" via 32aa11e9b57 Revert "dosmode.c: prefer use of capabilities at two places over become_root" via 33e88911ee7 Revert "nfs4_acls.c: prefer capabilities over become_root" via af7b930e2bf Revert "vfs_acl_common.c: prefer capabilities over become_root" via 52ad635b270 Revert "vfs_default.c: prefer capabilities over become_root" via 10c7a3e47c6 Revert "vfs_posix_eadb.c: prefer capabilities over become_root" via 7f19afbd40d Revert "vfs_recycle.c: prefer capabilities over become_root" via 88eb58af678 Revert "open.c: prefer capabilities over become_root" via 87479544381 Revert "posix_acls.c: prefer capabilities over become_root" via 58ea952fd0c Revert "dosmode: prefer capabilities over become_root" from 9550d37f2f9 winbind: Log NOT_IMPLEMENTED as debug https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0dec2ef188a93504da873d927ca2b26f8c491fb8 Author: Björn Jacke Date: Thu Jan 25 00:46:38 2024 +0100 Revert "token_util.c: prefer capabilities over become_root" This reverts commit 944cb51506a94084d7ab52ee044fe6f66e1aaeb9. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Mar 27 10:47:23 UTC 2024 on atb-devel-224 commit 32aa11e9b570ce1c0bec889b699bc4897c9d9843 Author: Björn Jacke Date: Mon Mar 25 17:04:45 2024 +0100 Revert "dosmode.c: prefer use of capabilities at two places over become_root" This reverts commit c1e2fbb1b9a7551becf5caa0f08d434edf9ad862. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme commit 33e88911ee7a8974d52021632ca25c1ddfcb6f45 Author: Björn Jacke Date: Mon Mar 25 17:04:23 2024 +0100 Revert "nfs4_acls.c: prefer capabilities over become_root" This reverts commit 06e5c1e32ea7907523cc19f021225e7541e2075f. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme commit af7b930e2bfe2275cee14dc2154f2aea8875fa63 Author: Björn Jacke Date: Mon Mar 25 17:04:17 2024 +0100 Revert "vfs_acl_common.c: prefer capabilities over become_root" This reverts commit 12734848dc9901b932644139aaa7e3f78e55c8dc. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme commit 52ad635b2705bcfc8166bd90b1ad35ebb9cbc986 Author: Björn Jacke Date: Mon Mar 25 17:03:57 2024 +0100 Revert "vfs_default.c: prefer capabilities over become_root" This reverts commit 62464bd2db2a95b1253364f4493bbb6770b73193. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme commit 10c7a3e47c62dcb1dfe7e384960d60cafcb9e44e Author: Björn Jacke Date: Mon Mar 25 17:03:50 2024 +0100 Revert "vfs_posix_eadb.c: prefer capabilities over become_root" This reverts commit 92278418dc885ed411f545e73c800ce93f858090. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme commit 7f19afbd40d3ad3c8d186d0a2a64d07a2a8bd00a Author: Björn Jacke Date: Mon Mar 25 17:03:44 2024 +0100 Revert "vfs_recycle.c: prefer capabilities over become_root" This reverts commit 4227b011f6ada97a4cd72a440ed887ffdb3f219e. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme commit 88eb58af6783ad23d2e2b602ee9fdbbdf556b354 Author: Björn Jacke Date: Mon Mar 25 17:03:35 2024 +0100 Revert "open.c: prefer capabilities over become_root" This reverts commit b250f25fe407f9a6269b804382de4854501f2d86. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme commit 87479544381e103ee2b1def574a5865a3f6a93d9 Author: Björn Jacke Date: Mon Mar 25 17:03:28 2024 +0100 Revert "posix_acls.c: prefer capabilities over become_root" This reverts commit 1edf9ecaf56f3312e199e633bff0804243042e33. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme commit 58ea952fd0c716f94b1b79b8ed1829bb72732ccc Author: Björn Jacke Date: Mon Mar 25 17:03:14 2024 +0100 Revert "dosmode: prefer capabilities over become_root&qu
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d63e972aa09 WHATSNEW: Add entry for new save/restore options for smbcacls via a9028f25e6a WHATSNEW: Add entry for wspsearch client utility via 49b6137f7c2 s3: Make build of wspsearch client enabled by default via 697d41420b4 Revert "vfs_acl_xattr.c: prefer capabilities over become_root" from 39e3300b8d8 smbd: Some README.Coding in smbd_do_qfilepathinfo() https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d63e972aa098a2bd0f76f03734c8d0790857b605 Author: Noel Power Date: Tue Jan 9 11:02:28 2024 + WHATSNEW: Add entry for new save/restore options for smbcacls Signed-off-by: Noel Power Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Jan 26 11:30:07 UTC 2024 on atb-devel-224 commit a9028f25e6a7251b104d11aab3c4d0494c086c7b Author: Noel Power Date: Mon Jan 8 17:01:26 2024 + WHATSNEW: Add entry for wspsearch client utility Signed-off-by: Noel Power Reviewed-by: Ralph Boehme commit 49b6137f7c2244aeb3cf9b65fc9d46fcf0b8dc55 Author: Noel Power Date: Mon Jan 8 16:45:16 2024 + s3: Make build of wspsearch client enabled by default Although wspsearch client is experimental it is probably better to enable its building by default so it gets has some opportunity to be used/tested by users. Signed-off-by: Noel Power commit 697d41420b4f4830396acfbc96bd1f1c1f0531f4 Author: Anoop C S Date: Wed Jan 24 15:06:53 2024 +0530 Revert "vfs_acl_xattr.c: prefer capabilities over become_root" This reverts commit 0e3836e3961f2b7c39173ce1023d3c92addef630. With capabilities preferred over become_root() we failed to achieve the basic goal of storing NT ACLs in xattrs using vfs_acl_xattr. This is due to the fact that apart from CAP_DAC_OVERRIDE it is manadatory to have CAP_SYS_ADMIN for write access to xattrs from security namespace[1]. Despite the option to configure the xattr name within the module we should not anticipate and miss to consider xattrs from security namespace which is far more protected even with our default name "security.NTACL". Theorotically we could make it work by adding another capability on top of existing ones. But given the functions designed around this area we may not be able to come up with a cleaner change which can handle the fallback mechanism to become_root(). Any failure to set the very first capability would put us in become_root() path where further capabilities are mostly not required. Thus reverting to old behaviour to always become_root() until we have a cleaner approach to handle the fallback while modifying multiple capabilities at once. [1] https://www.man7.org/linux/man-pages/man7/xattr.7.html Signed-off-by: Anoop C S Reviewed-by: Ralph Boehme --- Summary of changes: WHATSNEW.txt| 27 +++ source3/modules/vfs_acl_xattr.c | 12 ++-- source3/wscript | 2 +- 3 files changed, 34 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index aba6726840c..e2bd54a1d01 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -81,6 +81,33 @@ Supported operations include: credentials cache with a new command "samba-tool user get-kerberos-ticket" +New Windows Search Protocol Client +-- + +Samba now by default builds new experimental Windows Search Protocol (WSP) +command line client "wspsearch" + +The "wspsearch" cmd-line utility allows a WSP search request to be sent +to a server (such as a windows server) that has the (WSP) +Windows Search Protocol service configured and enabled. + +For more details see the wspsearch man page. + +Allow 'smbcacls' to save/restore DACLs to file + + +'smbcacls' has been extended to allow DACLs to be saved and restored +to/from a file. This feature mimics the functionality that windows cmd +line tool 'icacls.exe' provides. Additionally files created either +by 'smbcalcs' or 'icacls.exe' are interchangeable and can be used by +either tool as the same file format is used. + +New options added are: + - '--save savefile'Saves DACLs in sddl format to file + - '--recurse' Performs the '--save' operation above on directory +and all files/directories below. + - '--restore savefile' Restores the stored DACLS to files in directory + REMOVED FEATURES diff --git a/source3/modules/vfs_acl_xattr
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f14a7065690 smbd: move access override for previous versions to the SMB layer via fd4e41144a8 smbd: check for previous versions in check_any_access_fsp() via 02ed99343d1 smbd: use check_any_access_fsp() for all access checks via 995a31c8d4c smbd: replace CHECK_WRITE() macro with calls to check_any_access_fsp() via ee3035218df smbd: set fsp->fsp_flags.can_write to false for access to previous-versions via a0ae45be770 smbd: return correct error when trying to create a hardlink to a VSS file via bf497819e61 smbd: fix check_any_access_fsp() for non-fsa fsps via 96b577c380f smbd: rename check_access_fsp() to check_any_access_fsp() via 76c8fe16bff smbd: set fsp_flags.is_fsa to true on printer file handles via 276c5bd851a smbd: return the correct error in can_rename() via 537eedfe2a7 smbtorture: expand smb2.twrp.write test via c62484bc2c6 s4/libcli/raw: implemement RAW_SFILEINFO_LINK_INFORMATION via 78119edba01 selftest: remove error_inject from shadow_write share from 1047abf3aa3 selftest: let list_servers.NT1 really use NT1 protocol https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f14a7065690b00e3c6af2c1f0b0aec51c1e0b372 Author: Ralph Boehme Date: Fri Dec 15 11:59:36 2023 +0100 smbd: move access override for previous versions to the SMB layer Doing the previous version access checks and semantics at the SMB layer means we can simplify the shadow_copy2 and remove the kludge. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Mon Jan 8 16:58:26 UTC 2024 on atb-devel-224 commit fd4e41144a819b4403340e4a28664ac586722b41 Author: Ralph Boehme Date: Wed Dec 20 15:09:59 2023 +0100 smbd: check for previous versions in check_any_access_fsp() Now that check_any_access_fsp() is broadly used consistently to restrict access for all modifying operations, we can add a check for previous versions to check_any_access_fsp() and it gets enforced consistently. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit 02ed99343d19fd0845531ad99a46b1dd5b8a7a4f Author: Ralph Boehme Date: Wed Dec 20 18:01:57 2023 +0100 smbd: use check_any_access_fsp() for all access checks Replaces the direct access to fsp->access_mask with a call to check_any_access_fsp() which allows doing additional checks if needed. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit 995a31c8d4c1789c16bae6b8196f2565d4b1dfdb Author: Ralph Boehme Date: Wed Dec 20 18:32:25 2023 +0100 smbd: replace CHECK_WRITE() macro with calls to check_any_access_fsp() The additional check if fd underlying fd is valid and not -1 should not be done at this place. I actually would prefer an write to fail with EBADF if this happens, as it's likely easier to debug why this happened. These days we should always have a valid fd. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit ee3035218df4cfd68b6aab6825c78f2b85234c6c Author: Ralph Boehme Date: Wed Dec 20 18:03:22 2023 +0100 smbd: set fsp->fsp_flags.can_write to false for access to previous-versions BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit a0ae45be770a13373c148a689b9761f14c4f942c Author: Ralph Boehme Date: Fri Dec 22 11:19:38 2023 +0100 smbd: return correct error when trying to create a hardlink to a VSS file BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit bf497819e61131cfa6469971596af3aa9bd4bb49 Author: Ralph Boehme Date: Thu Dec 21 10:58:09 2023 +0100 smbd: fix check_any_access_fsp() for non-fsa fsps smbd_check_access_rights_fsp() requires *all* rights in access_mask to be granted by the underlying ACL, but the semantics of this function is supposed to grant access if any one of the rights in access_requested is allowed. Fix this by looping over the requested access mask. If smbd_check_access_rights_fsp() returns sucess, mask will be non-null and when assigned to access_granted, the subsequent check will pass, fail otherwise. I'm not doing an early exit on purpose because a subsequent commit adds additional security checks that are done in the subsequent code path com
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 963fc353e70 vfs_gpfs: Implement CAP_DAC_OVERRIDE for fstatat via cbdc16a7cfa vfs_gpfs: Implement CAP_DAC_OVERRIDE for fstat via 95319351e37 vfs_gpfs: Move fstatat with DAC_CAP_OVERRIDE to helper function via b317622a8fe vfs_gpfs: Use O_PATH for opening dirfd for stat with CAP_DAC_OVERRIDE from 091af82f759 s4:kdc: Don’t convey PAC buffers from an RODC‐issued PAC https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 963fc353e70b940f4009ca2764e966682400e2dc Author: Christof Schmitt Date: Thu Oct 26 15:51:02 2023 -0700 vfs_gpfs: Implement CAP_DAC_OVERRIDE for fstatat BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507 Signed-off-by: Christof Schmitt Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Nov 8 18:42:13 UTC 2023 on atb-devel-224 commit cbdc16a7cfa225d1cf9109fafe85e9d14729700e Author: Christof Schmitt Date: Thu Oct 26 14:45:34 2023 -0700 vfs_gpfs: Implement CAP_DAC_OVERRIDE for fstat BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507 Signed-off-by: Christof Schmitt Reviewed-by: Ralph Boehme commit 95319351e37b8b968b798eee66c93852d9ad2d81 Author: Christof Schmitt Date: Thu Oct 26 14:39:46 2023 -0700 vfs_gpfs: Move fstatat with DAC_CAP_OVERRIDE to helper function Allow reuse of this code. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507 Signed-off-by: Christof Schmitt Reviewed-by: Ralph Boehme commit b317622a8fed0ee195ffe40129eb5bcad28dd985 Author: Christof Schmitt Date: Thu Oct 26 14:37:15 2023 -0700 vfs_gpfs: Use O_PATH for opening dirfd for stat with CAP_DAC_OVERRIDE Use O_PATH when available; this avoids the need for READ/LIST access on that directory. Keep using O_RDONLY if the system does not have O_PATH. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507 Signed-off-by: Christof Schmitt Reviewed-by: Ralph Boehme --- Summary of changes: source3/modules/vfs_gpfs.c | 89 +- 1 file changed, 80 insertions(+), 9 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c index 1c11809fb1b..2f505a103b0 100644 --- a/source3/modules/vfs_gpfs.c +++ b/source3/modules/vfs_gpfs.c @@ -1588,6 +1588,25 @@ static NTSTATUS vfs_gpfs_fset_dos_attributes(struct vfs_handle_struct *handle, return NT_STATUS_OK; } +static int fstatat_with_cap_dac_override(int fd, +const char *pathname, +SMB_STRUCT_STAT *sbuf, +int flags, +bool fake_dir_create_times) +{ + int ret; + + set_effective_capability(DAC_OVERRIDE_CAPABILITY); + ret = sys_fstatat(fd, + pathname, + sbuf, + flags, + fake_dir_create_times); + drop_effective_capability(DAC_OVERRIDE_CAPABILITY); + + return ret; +} + static int stat_with_capability(struct vfs_handle_struct *handle, struct smb_filename *smb_fname, int flag) { @@ -1597,6 +1616,11 @@ static int stat_with_capability(struct vfs_handle_struct *handle, struct smb_filename *dir_name = NULL; struct smb_filename *rel_name = NULL; int ret = -1; +#ifdef O_PATH + int open_flags = O_PATH; +#else + int open_flags = O_RDONLY; +#endif status = SMB_VFS_PARENT_PATHNAME(handle->conn, talloc_tos(), @@ -1608,20 +1632,17 @@ static int stat_with_capability(struct vfs_handle_struct *handle, return -1; } - fd = open(dir_name->base_name, O_RDONLY, 0); + fd = open(dir_name->base_name, open_flags, 0); if (fd == -1) { TALLOC_FREE(dir_name); return -1; } - set_effective_capability(DAC_OVERRIDE_CAPABILITY); - ret = sys_fstatat(fd, - rel_name->base_name, - &smb_fname->st, - flag, - fake_dctime); - - drop_effective_capability(DAC_OVERRIDE_CAPABILITY); + ret = fstatat_with_cap_dac_override(fd, + rel_name->base_name, + &smb_fname->st, + flag, + fake_dctime); TALLOC_FREE(dir_name); close(fd); @@ -1643,6 +1664,29 @@ static int vfs_gpfs_
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7a5228ffce0 CI: smb3unix.py: check basic CreateContexts response via b6301fd0d75 libsmb: add all fields from SMB2_FIND_POSIX_INFORMATION in list_posix_helper() via d6c8b709edb libsmb: remove mode from struct file_info via 3dc1911f7c4 libsmb: use K format for parsing unsigned long long via f52a025ac48 libsmb: info-level SMB2_FIND_POSIX_INFORMATION doesn't return short name via ea89dd0069e libsmb: infer posix context from info_level via 6944aa7cafd CI: smb3unix.py: use libsmb.SMB2_FIND_POSIX_INFORMATION via 4ff144c247a pylibsmb: add IO_REPARSE_TAG_RESERVED_ZERO via 8a8f1f3c6c4 libcli/smb: add IO_REPARSE_TAG_RESERVED_ZERO from 9313731e96c ctdb-scripts: Update detect_init_style to use /etc/os-release https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7a5228ffce0fd6700df03812aeb5712e4eb88928 Author: Ralph Boehme Date: Fri Oct 27 18:50:48 2023 +0200 CI: smb3unix.py: check basic CreateContexts response Signed-off-by: Ralph Boehme Reviewed-by: David Mulder Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Tue Oct 31 05:41:17 UTC 2023 on atb-devel-224 commit b6301fd0d75575fd8c19a24c37b2f353dc871fd5 Author: Ralph Boehme Date: Sun Oct 29 15:31:33 2023 +0100 libsmb: add all fields from SMB2_FIND_POSIX_INFORMATION in list_posix_helper() Signed-off-by: Ralph Boehme Reviewed-by: David Mulder commit d6c8b709edb9c648934587b7d0f6ef4f06c78c38 Author: Ralph Boehme Date: Sun Oct 29 15:27:08 2023 +0100 libsmb: remove mode from struct file_info There's already the "attr" member and this is even used in list_posix_helper() in pylibsmb.c. While at it, remove the cast in list_posix_helper() by using "I" instead of "i" format. Signed-off-by: Ralph Boehme Reviewed-by: David Mulder commit 3dc1911f7c434de9631ddd28beeac04aa7af9f87 Author: Ralph Boehme Date: Sun Oct 29 14:59:22 2023 +0100 libsmb: use K format for parsing unsigned long long Signed-off-by: Ralph Boehme Reviewed-by: David Mulder commit f52a025ac485694441096edff910da58761df94a Author: Ralph Boehme Date: Sun Oct 29 14:49:20 2023 +0100 libsmb: info-level SMB2_FIND_POSIX_INFORMATION doesn't return short name Signed-off-by: Ralph Boehme Reviewed-by: David Mulder commit ea89dd0069e7df323208ddea91ea79cdad64700c Author: Ralph Boehme Date: Sun Oct 29 11:21:47 2023 +0100 libsmb: infer posix context from info_level No need for an explcit additional argument, we can just infer this from the info_level. Signed-off-by: Ralph Boehme Reviewed-by: David Mulder commit 6944aa7cafd536598053812ce6b66b4d8e284859 Author: Ralph Boehme Date: Sun Oct 29 11:09:04 2023 +0100 CI: smb3unix.py: use libsmb.SMB2_FIND_POSIX_INFORMATION Signed-off-by: Ralph Boehme Reviewed-by: David Mulder commit 4ff144c247a8548a47743e197406e844038df1fc Author: Ralph Boehme Date: Fri Oct 27 18:50:30 2023 +0200 pylibsmb: add IO_REPARSE_TAG_RESERVED_ZERO Signed-off-by: Ralph Boehme Reviewed-by: David Mulder commit 8a8f1f3c6c46d4fa2fe473c93b1c14fae806274e Author: Ralph Boehme Date: Fri Oct 27 18:50:06 2023 +0200 libcli/smb: add IO_REPARSE_TAG_RESERVED_ZERO Signed-off-by: Ralph Boehme Reviewed-by: David Mulder --- Summary of changes: libcli/smb/smb_constants.h | 1 + python/samba/tests/smb3unix.py | 66 +++--- source3/include/client.h | 1 - source3/libsmb/cli_smb2_fnum.c | 9 +++--- source3/libsmb/cli_smb2_fnum.h | 3 +- source3/libsmb/clilist.c | 7 ++--- source3/libsmb/proto.h | 3 +- source3/libsmb/pylibsmb.c | 45 8 files changed, 100 insertions(+), 35 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/smb/smb_constants.h b/libcli/smb/smb_constants.h index 8d3dc998a10..ead047d924f 100644 --- a/libcli/smb/smb_constants.h +++ b/libcli/smb/smb_constants.h @@ -607,6 +607,7 @@ enum csc_policy { * A few values from [MS-FSCC] 2.1.2.1 Reparse Tags */ +#define IO_REPARSE_TAG_RESERVED_ZERO 0x #define IO_REPARSE_TAG_SYMLINK 0xA00C #define IO_REPARSE_TAG_MOUNT_POINT 0xA003 #define IO_REPARSE_TAG_HSM 0xC004 diff --git a/python/samba/tests/smb3unix.py b/python/samba/tests/smb3unix.py index 7b25c4bcd68..a98109d096b 100644 --- a/python/samba/tests/smb3unix.py +++ b/python/samba/tests/smb3unix.py @@ -20,12 +20,21 @@ from samba import NTSTATUSError,ntstatus import samba.tests.libsmb from samba.dcerpc import security from samba.common import get_string +from samba.dcerpc import smb3
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f83d6c53cce clang-format: sort alphabetically via 071b1024960 clang-format: tweak config to bring us closer to README.Coding. from 6830b796ac8 s3:/winbindd: remove parse_domain_user_fstr https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f83d6c53cce2805f47ead0f2944fce294481e0d6 Author: Ralph Boehme Date: Fri Jun 30 17:05:46 2023 +0200 clang-format: sort alphabetically Signed-off-by: Ralph Boehme Reviewed-by: Andreas Schneider Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Tue Oct 24 14:47:57 UTC 2023 on atb-devel-224 commit 071b102496078d64d6c31fa3da37edc722ef7407 Author: Ralph Boehme Date: Fri Jun 30 13:00:23 2023 +0200 clang-format: tweak config to bring us closer to README.Coding. I'm enabling "AllowAllArgumentsOnNextLine" because that's longstanding practice with many many function calls like tevent_req_callback_data() and tevent_req_data() and imho results in the most readable code at the place where this is often seen (variable declartions with tevent_req_* stuff). Signed-off-by: Ralph Boehme Reviewed-by: Andreas Schneider --- Summary of changes: .clang-format | 33 - 1 file changed, 20 insertions(+), 13 deletions(-) Changeset truncated at 500 lines: diff --git a/.clang-format b/.clang-format index 5385807bc1c..c4c12b9955b 100644 --- a/.clang-format +++ b/.clang-format @@ -1,9 +1,14 @@ # https://clang.llvm.org/docs/ClangFormatStyleOptions.html +AlignAfterOpenBracket: Align +AlignEscapedNewlines: Left +AllowAllArgumentsOnNextLine: true +AllowAllParametersOfDeclarationOnNextLine: false +AllowShortFunctionsOnASingleLine: Empty +AllowShortIfStatementsOnASingleLine: false +AlwaysBreakAfterReturnType: None BasedOnStyle: LLVM -IndentWidth: 8 -ContinuationIndentWidth: 8 -UseTab: true -BreakBeforeBraces: Custom +BinPackArguments: false +BinPackParameters: false BraceWrapping: AfterEnum: false AfterFunction: true @@ -12,15 +17,17 @@ BraceWrapping: AfterExternBlock: true BeforeElse: false BeforeWhile: false -AllowShortIfStatementsOnASingleLine: false +AfterControlStatement: MultiLine +BreakBeforeBinaryOperators: None +BreakBeforeBraces: Custom ColumnLimit: 80 +ContinuationIndentWidth: 8 IndentCaseLabels: false -AlignAfterOpenBracket: Align -BinPackParameters: false -BinPackArguments: false -AllowAllParametersOfDeclarationOnNextLine: false -AllowAllArgumentsOnNextLine: false -AllowShortFunctionsOnASingleLine: Empty -AlwaysBreakAfterReturnType: None -AlignEscapedNewlines: Left +IndentGotoLabels: false +IndentWidth: 8 +PenaltyBreakAssignment: 200 +PenaltyBreakBeforeFirstCallParameter: 100 +PenaltyReturnTypeOnItsOwnLine: 1000 SortIncludes: false +UseTab: true +WhitespaceSensitiveMacros: ['DEBUG'] -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3f4f80edba2 smb2_server: monitor connections with TEVENT_FD_ERROR via c5201cd0b59 s3:rpc_server: make use of tstream_bsd_fail_readv_first_error(true) via 7e6f830d9d3 s4:rpc_server: make use of tstream_bsd_fail_readv_first_error(true) via 27b2ca7d8d7 s4:service_named_pipe: make use of tstream_bsd_fail_readv_first_error(true) via 8e8f2fa9c7f libcli/named_pipe_auth: let tstream_npa_existing_socket use tstream_bsd_fail_readv_first_error(true) via 82b2a379e8f s4:wrepl_server: make use of tstream_bsd_fail_readv_first_error(true) via 0e83b564039 s4:libcli/wrepl: make use of tstream_bsd_fail_readv_first_error(false) via 391ef8ae7b2 s4:ntp_signd: make use of tstream_bsd_fail_readv_first_error(true) via d9c416baa99 s3:libsmb: the unexpected handler use tstream_bsd_fail_readv_first_error(true) via 341e800dfe8 s4:dns_server: make use of tstream_bsd_fail_readv_first_error(true) via e897ccd9c8a s4:ldap_server: make use of tstream_bsd_fail_readv_first_error(true) via 3a47a276fde s4:kdc: make use of tstream_bsd_fail_readv_first_error(true) via 71e8727bdc0 lib/tsocket: add tstream_bsd_fail_readv_first_error() via 5bedf1675e7 lib/tsocket: make use of TEVENT_FD_ERROR in tstream_bsd_fde_handler() via 22e3a542f39 lib/tsocket: let tstream_bsd_connect_send() use TEVENT_FD_ERROR instead of TEVENT_FD_READ via 82aafa4ac8b lib/async_req: let writev_send/recv use TEVENT_FD_ERROR via 21a18a5b52a lib/async_req: let async_connect_send use TEVENT_FD_ERROR instead of TEVENT_FD_READ via 66b25637220 lib/tsocket: make use of samba_socket_sock_error() via cd964e521ba lib/tsocket: make use of samba_socket_poll_or_sock_error() via f8213ec8710 lib/util: add samba_socket_{poll,sock,poll_or_sock}_error() from 63aeb64504c s4:kdc: Add device to Authenticated Users for authentication policy evaluation https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3f4f80edba2156492645900527d628b1fab5ca4a Author: Stefan Metzmacher Date: Thu Jan 12 11:35:30 2023 +0100 smb2_server: monitor connections with TEVENT_FD_ERROR By asking for TEVENT_FD_ERROR we're able to fail early when a connection to a client is broken. In that case it does not make any sense to process pending requests in the recv queue as it's not possible to deliver the response to the client anyway. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme Reviewed-by: Andrew Bartlett Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Tue Oct 24 10:32:56 UTC 2023 on atb-devel-224 commit c5201cd0b59647c41ac46ed1f4efb1a72bc37bf9 Author: Stefan Metzmacher Date: Thu Jan 12 10:49:13 2023 +0100 s3:rpc_server: make use of tstream_bsd_fail_readv_first_error(true) This avoids doing useless work in case the client connection is already broken. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme Reviewed-by: Andrew Bartlett commit 7e6f830d9d3aac14336a886c1c5d9ff623218085 Author: Stefan Metzmacher Date: Thu Jan 12 10:48:22 2023 +0100 s4:rpc_server: make use of tstream_bsd_fail_readv_first_error(true) This avoids doing useless work in case the client connection is already broken. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme Reviewed-by: Andrew Bartlett commit 27b2ca7d8d725b374aef97c11e0650686cfadbd3 Author: Stefan Metzmacher Date: Thu Jan 12 10:46:56 2023 +0100 s4:service_named_pipe: make use of tstream_bsd_fail_readv_first_error(true) This avoids doing useless work in case the client connection is already broken. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme Reviewed-by: Andrew Bartlett commit 8e8f2fa9c7f1e2cb8a296755a8c0aba6a2d22b54 Author: Stefan Metzmacher Date: Thu Jan 12 10:44:25 2023 +0100 libcli/named_pipe_auth: let tstream_npa_existing_socket use tstream_bsd_fail_readv_first_error(true) This avoids doing useless work in case the client connection is already broken. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme Reviewed-by: Andrew Bartlett commit 82b2a379e8fac89d94a1321f4df7d732f4fbfc5d Author: Stefan Metzmacher Date: Thu Jan 12 10:46:20 2023 +0100 s4:wrepl_server: make use of tstream_bsd_fail_readv_first_error(true) This avoids doing useless work in case the client connection is already broken. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme Reviewed-by: Andrew Bartlett commit 0e83b5640398a92fb0bf063f902c53801eaec92f Author: Stefan Metzmacher Date: Thu Jan 12 10:43:21 2023 +0100 s4:libcli/wrepl: make use of tstream_bsd_fail_readv_f
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via acd9248b13c tevent: version 0.16.0 via 407cda2f3b7 tevent: add support for TEVENT_FD_ERROR via 55f25eb34bb tevent: add test_event_fd3 via a76056fafb4 tevent: add test_fd_speed3 via 28bf51fc657 tevent: let tevent_epoll.c use new generic mpx infrastructure via b328e990651 tevent: add tevent_common_fd_mpx infrastructure via 95d6600a066 tevent: split out a tevent_common_fd_disarm() helper via 7672a29febe ldb: sync DLIST_DEMOTE_SHORT() changes to include/dlinklist.h via 4fe39d9e7c9 lib/util: sync DLIST_DEMOTE_SHORT() changes to dlinklist.h via 30d22631a6b tevent: introduce DLIST_DEMOTE_SHORT() from d895c98c507 wintest: Fix invalid escape sequences https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit acd9248b13cba06d5b748f17aa9bc5d62079d9cc Author: Stefan Metzmacher Date: Wed Jul 19 23:04:01 2023 +0200 tevent: version 0.16.0 - the epoll backend is no longer limited to 2 event handlers per low level fd. - finally add support for TEVENT_FD_ERROR Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Oct 13 10:45:51 UTC 2023 on atb-devel-224 commit 407cda2f3b7738d3690daeb8d679898f78ef3b74 Author: Stefan Metzmacher Date: Wed Jul 13 09:46:26 2011 +0200 tevent: add support for TEVENT_FD_ERROR After 12 years we finally got TEVENT_FD_ERROR support :-) TEVENT_FD_WRITE event handlers never get errors reported instead the event handler is silently disabled. There are likely callers relying on that behavior, so we are not able to chance it. Now TEVENT_FD_WRITE can be used together with TEVENT_FD_ERROR in order to get errors reported without waiting for TEVENT_FD_READ. TEVENT_FD_ERROR can also be used alone in order to detect errors on sockets in order to cleanup resources. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit 55f25eb34bb7994e4410899b86cd6df44b2d1fb7 Author: Stefan Metzmacher Date: Wed Dec 28 16:54:24 2022 +0100 tevent: add test_event_fd3 The tests the interaction of multiple event handlers on the same low level fd. It shows that poll and epoll backends behave in the same fair way. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit a76056fafb489624eb3bb451f373b256b8895ec5 Author: Stefan Metzmacher Date: Mon Apr 24 14:37:38 2023 + tevent: add test_fd_speed3 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit 28bf51fc657179de020716a486aa1651143529a8 Author: Stefan Metzmacher Date: Fri Nov 11 22:30:35 2022 +0100 tevent: let tevent_epoll.c use new generic mpx infrastructure This allows any number of event handlers per low level fd. It means the epoll backend behaves like the poll backend now. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit b328e990651a3182bba3e4e8d8b91eed457bd8a1 Author: Stefan Metzmacher Date: Wed Nov 9 22:48:10 2022 +0100 tevent: add tevent_common_fd_mpx infrastructure Backends may require to map individual tevent_fd instances to a single low level kernel state (e.g. for epoll). This generic infrastructure adds helper functions using a generic (sub)part of struct tevent_fd. The new code will allow us to support more than 2 tevent_fd instances per fd, which makes sure all backends can provide a similar behavior. This will be important when we add TEVENT_FD_ERROR as a 3rd kind of fd event. The aim is to use this in order to replace the limited implementation we already have in tevent_epoll.c. As these helpers are typically called from within 'void tevent_fd_set_flags(struct tevent_fd *fde, uint16_t flags)' there's no way to report errors. So in order avoid additional error handling complexity the helpers try to avoid any allocations which may fail. It also means the logic in tevent_epoll.c doesn't have to change much. These are implemented as static line functions in order to avoid the function call overhead, which showed up in profiles of the early implementation. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit 95d6600a0668b8abac53cbe2085236b31d652b66 Author: Stefan Metzmacher Date: Thu Aug 31 18:09:28 2023 +0200 tevent: split out a tevent_common_fd_disarm() helper It means tevent_trace_fd_callback(TEVENT_EVENT_TRACE_DETACH) is always called and similar future changes are only needed in one place. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit 7672a29febe9151b4435fae9d6b21a82205
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d1846452e96 vfs: Add VFS_OPEN_HOW_WITH_BACKUP_INTENT via f701faf6677 smbd: Remove "flags2" from open_file_ntcreate() via 02d9321ce0c smbd: Pass struct vfs_open_how to open_file() via 7c356769870 smbd: Remove "local_flags" from open_file() via 6ec031b2d14 smbd: Make open_file() a bit safer via 884b9926b9c smbd: Simplify open_file() via 814b37bdcf7 smbd: Simplify open_file() via f8645c7a101 smbd: Simplify open_file() via df78af98936 smbd: Simplify an if-condition in open_file() via 45005d4b71c smbd: Simplify open_file() via ad7b119b8be smbd: Don't change incoming flags in open_file() via 3f4c937dcf9 smbd: Remove variable "accmode" from open_file() via 236df26a1f4 smbd: Slightly simplify open_file() via 2a53fdeb449 smbd: Pass "struct vfs_open_how" to reopen_from_fsp() via 7996c07bd8e smbd: Pass "struct vfs_open_how" to fd_open_atomic() via 4b376fff032 smbd: Pass "struct vfs_open_how" to reopen_from_procfd() from cb89ea70b1f libsmb: Use pidl generated parsing for posix file info https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d1846452e96217695c8cb2537f071f287ab210d4 Author: Volker Lendecke Date: Fri Sep 1 14:51:47 2023 +0200 vfs: Add VFS_OPEN_HOW_WITH_BACKUP_INTENT Indicate BACKUP_INTENT to vfs_openat(). Why? I have a customer request who wants to add O_NOATIME in this case to avoid metadata updates when a backup or virus-checking application comes along. This does not fully handle BACKUP_INTENT correctly, this would require become_root() appropriately. We might want to do that later after a lot of careful security audit, but this patch independently might already provide some infrastructure for it. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Thu Oct 5 14:00:33 UTC 2023 on atb-devel-224 commit f701faf6677100bef6cbcf7f3d5c973f76a6bb49 Author: Volker Lendecke Date: Tue Sep 5 15:55:26 2023 +0200 smbd: Remove "flags2" from open_file_ntcreate() "flags" carried just the O_ACCMODE bits, "flags2" everything else. Unify them. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 02d9321ce0c9fd5b5968ca950cfa3b2eb2a768fc Author: Volker Lendecke Date: Tue Sep 5 15:36:01 2023 +0200 smbd: Pass struct vfs_open_how to open_file() We want to pass BACKUP_INTENT down into reopen_from_fsp, and the elegant way is to do this via vfs_open_how.resolve. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 7c35676987053fa4e51c1fc2ee2cfb1951aad708 Author: Volker Lendecke Date: Tue Sep 5 15:27:46 2023 +0200 smbd: Remove "local_flags" from open_file() This needs close review. I could not see where we were actually referencing the original flags in a way that would not be available in local_flags. The reason for this patch is that I want to pass in vfs_open_how into open_file(), and the distinction between flags and local_flags made this significantly harder to understand for me. The only place where we really used both versions is the DBG_NOTICE in the last hunk, and this will come back in the next patch. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 6ec031b2d146962a414da69694d298c00df0c517 Author: Volker Lendecke Date: Tue Sep 5 15:25:07 2023 +0200 smbd: Make open_file() a bit safer Move adding O_RDWR before the check for read only shares. I haven't been able to pass this condition through SMB, but in any case we should not accidentially open with O_RDWR in the !CAN_WRITE(conn) case. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 884b9926b9ce5176e861bffd3ab62dec642ee786 Author: Volker Lendecke Date: Tue Sep 5 14:59:29 2023 +0200 smbd: Simplify open_file() Simplify an if-condition: We have to return NT_STATUS_OBJECT_NAME_INVALID even if we're not creating. In fact, we probably should not end up in open_file() if we're open a Windows file with a wildcard. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 814b37bdcf7eec3c68f1574028dc9c417029e80f Author: Volker Lendecke Date: Fri Sep 1 16:33:04 2023 +0200 smbd: Simplify open_file() We have extracted FSP_POSIX_FLAGS_PATHNAMES above. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit f8645c7a1014a2d3f655c453ae833de3c83776b9 Author: Volker Lendecke Date: Tue Sep 5 14:53:18 2023 +0200 smbd: Simplify open_file()
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via ad76bb2e0c6 streams_depot: Goto done if FSETXATTR SAMBA_XATTR_MARKER failed from c8b90d8d200 librpc: Fix typos in error messages https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ad76bb2e0c65c3f9c9f898b891872f33a3682f14 Author: MikeLiu Date: Wed Sep 27 13:46:36 2023 +0800 streams_depot: Goto done if FSETXATTR SAMBA_XATTR_MARKER failed Goto done if FSETXATTR SAMBA_XATTR_MARKER failed Signed-off-by: MikeLiu Reviewed-by: Volker Lendecke Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Sep 27 08:42:25 UTC 2023 on atb-devel-224 --- Summary of changes: source3/modules/vfs_streams_depot.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_streams_depot.c b/source3/modules/vfs_streams_depot.c index 38d8994bb94..2a46d5b12b2 100644 --- a/source3/modules/vfs_streams_depot.c +++ b/source3/modules/vfs_streams_depot.c @@ -725,7 +725,7 @@ static int streams_depot_openat(struct vfs_handle_struct *handle, if (ret == -1) { DBG_DEBUG("FSETXATTR failed: %s\n", strerror(errno)); - return -1; + goto done; } } } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 05291d2bd40 s3: smbd: Now we have proved hardlink_internals() doesn't use src_dirfsp and dst_dirfsp, remove the parameters. via 3fba7872b2b s3: smbd: hardlink_internals() never looks at src_dirfsp or dst_dirfsp. via e94796e7c49 s3: smbd: Now we have shown dst_dirfsp is always NULL, remove the parameter from rename_internals(). via c38815b4fce s3: smbd: As rename_internals() calls rename_internals_fsp(), show we can pass dst_dirfsp as NULL here too. via 33845e09b61 s3: smbd: Now we've proved dst_dirfsp parameter is always NULL, remove the parameter from rename_internals_fsp(). via e61a956b934 s3: smbd: rename_internals_fsp() has to reopen the parent directory of the target as a pathref to check permissions. from 5b7f9840f76 selftest: add some basic testing for the io_uring vfs module https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 05291d2bd40a50a026df2caf8bf9f4c762238362 Author: Jeremy Allison Date: Tue Sep 19 10:32:59 2023 -0700 s3: smbd: Now we have proved hardlink_internals() doesn't use src_dirfsp and dst_dirfsp, remove the parameters. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Tue Sep 19 19:51:47 UTC 2023 on atb-devel-224 commit 3fba7872b2bc04b9c5b284bef0f44ec286925730 Author: Jeremy Allison Date: Tue Sep 19 10:30:01 2023 -0700 s3: smbd: hardlink_internals() never looks at src_dirfsp or dst_dirfsp. Show this by sending NULL in all cases. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit e94796e7c49b5396a42ceca9c76eb3453975ade6 Author: Jeremy Allison Date: Tue Sep 19 10:03:05 2023 -0700 s3: smbd: Now we have shown dst_dirfsp is always NULL, remove the parameter from rename_internals(). Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit c38815b4fcebc14bd7211f89323407e15a489fb1 Author: Jeremy Allison Date: Tue Sep 19 09:55:12 2023 -0700 s3: smbd: As rename_internals() calls rename_internals_fsp(), show we can pass dst_dirfsp as NULL here too. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit 33845e09b618e2064e89d5a956fc1266d82631f7 Author: Jeremy Allison Date: Tue Sep 19 09:52:16 2023 -0700 s3: smbd: Now we've proved dst_dirfsp parameter is always NULL, remove the parameter from rename_internals_fsp(). Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit e61a956b9346833e863d35d29e36a702ca1e92f2 Author: Jeremy Allison Date: Tue Sep 19 09:49:25 2023 -0700 s3: smbd: rename_internals_fsp() has to reopen the parent directory of the target as a pathref to check permissions. So it never looks at any passed in dst_dirfsp. Prove this by passing NULL. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme --- Summary of changes: source3/smbd/proto.h| 4 source3/smbd/smb1_nttrans.c | 3 --- source3/smbd/smb1_reply.c | 1 - source3/smbd/smb1_trans2.c | 2 -- source3/smbd/smb2_reply.c | 3 --- source3/smbd/smb2_trans2.c | 9 - 6 files changed, 22 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h index 78e1b48be09..04b1b053ae6 100644 --- a/source3/smbd/proto.h +++ b/source3/smbd/proto.h @@ -973,7 +973,6 @@ ssize_t sendfile_short_send(struct smbXsrv_connection *xconn, size_t smb_maxcnt); NTSTATUS rename_internals_fsp(connection_struct *conn, files_struct *fsp, - struct files_struct *dst_dirfsp, struct smb_filename *smb_fname_dst_in, const char *dst_original_lcomp, uint32_t attrs, @@ -983,7 +982,6 @@ NTSTATUS rename_internals(TALLOC_CTX *ctx, struct smb_request *req, struct files_struct *src_dirfsp, struct smb_filename *smb_fname_src, - struct files_struct *dst_dirfsp, struct smb_filename *smb_fname_dst, const char *dst_original_lcomp, uint32_t attrs, @@ -1127,9 +1125,7 @@ NTSTATUS hardlink_internals(TALLOC_CTX *ctx, connection_struct *conn, struct smb_request *req, bool overwrite_if_exists, - struct files_struct *old_dirfsp, const struct smb_filename *smb_fname_old, - struct files_struct *new_dirfsp, struct smb_filename *smb_fname_new); NTSTATUS smb_set_file_time(connection_struct *conn, files_struct *fsp, diff
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3afa27a01ca mdssvc: better support for search with mdfind from Macs from 70dea37d063 wscript: Refer to correct ConfigSet variable https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3afa27a01ca0b81b0044d5d543a36582e67a Author: Ralph Boehme Date: Tue Aug 29 16:14:38 2023 +0200 mdssvc: better support for search with mdfind from Macs When searching Samba via Spotlight from a Mac with mdfind, only 50 results are returned. It seems the changes for bug #15342 where one step in the right direction. There, a status indicator meaning "search is still being processed" was implemented, returning a special status indicator (0x23) in a response, when the query was still running in the backend, eg Elasticsearch, and we haven't got any result when when the Mac already comes along asking for results of a query. Turns out, we should also return 0x23, ie "search is still being processed" when we have some initial search results from the backend. Otherwise mdfind will stop querying for more results. It works in Finder, as the Finder by default employs a "live" search where it just keeps polling for more results even after the server returned an empty result set. The Finder just keeps on querying in some interval, typically 4 seconds, and a Mac server Spotlight server might return new results if new files where created that match the query, hence "live" search. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15463 Signed-off-by: Ralph Boehme Reviewed-by: Noel Power Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Aug 30 10:51:40 UTC 2023 on atb-devel-224 --- Summary of changes: source3/rpc_server/mdssvc/mdssvc.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_server/mdssvc/mdssvc.c b/source3/rpc_server/mdssvc/mdssvc.c index e79be666dbe..23a30884b69 100644 --- a/source3/rpc_server/mdssvc/mdssvc.c +++ b/source3/rpc_server/mdssvc/mdssvc.c @@ -313,11 +313,11 @@ static bool add_results(sl_array_t *array, struct sl_query *slq) bool ok; /* -* Taken from a network trace against a macOS SMB Spotlight server. If -* the first fetch-query-results has no results yet because the search -* is still running, macOS returns 0x23, otherwise 0x0. +* Taken from network traces against a macOS SMB Spotlight server: if +* the search is not finished yet in the backend macOS returns 0x23, +* otherwise 0x0. */ - if (slq->state >= SLQ_STATE_RESULTS ) { + if (slq->state >= SLQ_STATE_DONE) { status = 0; } else { status = 0x23; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 20df26b9081 s3: smbd: Sanitize any "server" and "share" components of SMB1 DFS paths to remove UNIX separators. via 2aa9ffa2f0f s3: torture: Add test to show an SMB1 DFS path of "\x//\/" crashes smbd. from c2e83ebe726 mdssvc: fix returning file modification date for older Mac releases https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 20df26b908182f0455f301a51aeb54b6044af580 Author: Jeremy Allison Date: Wed Jul 26 16:39:51 2023 -0700 s3: smbd: Sanitize any "server" and "share" components of SMB1 DFS paths to remove UNIX separators. Remove knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15419 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Thu Jul 27 10:52:50 UTC 2023 on atb-devel-224 commit 2aa9ffa2f0fc79599efbfe0c37aac4ef5160f712 Author: Jeremy Allison Date: Wed Jul 26 16:37:11 2023 -0700 s3: torture: Add test to show an SMB1 DFS path of "\\x//\\/" crashes smbd. Adds knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15419 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme --- Summary of changes: source3/selftest/tests.py | 14 +++ source3/smbd/smb2_reply.c | 31 +++ source3/torture/proto.h | 1 + source3/torture/test_smb1_dfs.c | 56 + source3/torture/torture.c | 4 +++ 5 files changed, 106 insertions(+) Changeset truncated at 500 lines: diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index d2b5409d0a9..a10969adbb4 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -357,6 +357,20 @@ plantestsuite("samba3.smbtorture_s3.smb1.SMB1-DFS-OPERATIONS", '$PASSWORD', smbtorture3, "-mNT1"]) +# +# SMB1-DFS-BADPATH needs to run against a special share msdfs-pathname-share +# BUG: https://bugzilla.samba.org/show_bug.cgi?id=15419 +# +plantestsuite("samba3.smbtorture_s3.smb1.SMB1-DFS-BADPATH", +"fileserver_smb1", +[os.path.join(samba3srcdir, + "script/tests/test_smbtorture_s3.sh"), +'SMB1-DFS-BADPATH', +'//$SERVER_IP/msdfs-pathname-share', +'$USERNAME', +'$PASSWORD', +smbtorture3, +"-mNT1"]) # # SMB2-STREAM-ACL needs to run against a special share - vfs_wo_fruit diff --git a/source3/smbd/smb2_reply.c b/source3/smbd/smb2_reply.c index 9113878fa8c..66b735e0b75 100644 --- a/source3/smbd/smb2_reply.c +++ b/source3/smbd/smb2_reply.c @@ -324,6 +324,7 @@ static size_t srvstr_get_path_internal(TALLOC_CTX *ctx, char *share = NULL; char *remaining_path = NULL; char path_sep = 0; + char *p = NULL; if (posix_pathnames && (dst[0] == '/')) { path_sep = dst[0]; @@ -374,6 +375,16 @@ static size_t srvstr_get_path_internal(TALLOC_CTX *ctx, if (share == NULL) { goto local_path; } + /* +* Ensure the server name does not contain +* any possible path components by converting +* them to _'s. +*/ + for (p = server + 1; p < share; p++) { + if (*p == '/' || *p == '\\') { + *p = '_'; + } + } /* * It's a well formed DFS path with * at least server and share components. @@ -388,6 +399,16 @@ static size_t srvstr_get_path_internal(TALLOC_CTX *ctx, */ remaining_path = strchr(share+1, path_sep); if (remaining_path == NULL) { + /* +* Ensure the share name does not contain +* any possible path components by converting +* them to _'s. +*/ + for (p = share + 1; *p; p++) { + if (*p == '/' || *p == '\\') { + *p = '_'; + } + } /* * If no remaining path this was * a bare /server/sha
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 61c951e063e mdscli: correct handling of in-progress searches via 424af98c894 mdscli: increase MAX_SLQ_COUNT via b8e0f02f081 mdscli: increase MAX_SLQ_TOCIDX via 1149d497b35 mdssvc: increase MAX_SLQ_TOC via 68bb582bc51 mdssvc: introduce MAX_MDSCMD_SIZE via c2b4fe3fb7c mdscli: add fragmentation support via 27980c87c9b mdssvc: remove duplicate define of MAX_SL_FRAGMENT_SIZE via 566427c4f0e librpc/idl: mdssvc: unkn4 field is a fragment indicator from 5442c47dad2 libsmb: increase a debug level when site-aware DC lookup failed https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 61c951e063ecf98c6b61e03885eaa6d4a48f763b Author: Ralph Boehme Date: Thu Apr 20 15:12:49 2023 +0200 mdscli: correct handling of in-progress searches If a query is still being processed on the server and there no results yet, macOS returns 0x23. For now just implements this as dumb polling once a second in mdsearch and the Python bindings. Signed-off-by: Ralph Boehme Reviewed-by: Noel Power Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Mon Jul 24 16:15:16 UTC 2023 on atb-devel-224 commit 424af98c894b20b36fb7f7081caab1b8634c7633 Author: Ralph Boehme Date: Thu Apr 20 16:54:13 2023 +0200 mdscli: increase MAX_SLQ_COUNT Now that the client supports fragementation, when procesing reassambled large result sets from macOS Spotlight server, it's possible to hit this limit in the client. Let's just increase it to some larger value. Signed-off-by: Ralph Boehme Reviewed-by: Noel Power commit b8e0f02f081a3d17f2147b6db7b722a7704b Author: Ralph Boehme Date: Thu Apr 20 16:52:19 2023 +0200 mdscli: increase MAX_SLQ_TOCIDX Now that the client supports fragementation, when procesing reassambled large result sets from macOS Spotlight server, it's possible to hit this limit in the client. Let's just increase it to some larger value. Signed-off-by: Ralph Boehme Reviewed-by: Noel Power commit 1149d497b35faf375b9011241af821d73b90a337 Author: Ralph Boehme Date: Thu Apr 20 16:50:58 2023 +0200 mdssvc: increase MAX_SLQ_TOC Now that the client supports fragementation, when procesing reassambled large result sets from macOS Spotlight server, it's possible to hit this limit in the client. Let's just increase it to some larger value. Signed-off-by: Ralph Boehme Reviewed-by: Noel Power commit 68bb582bc513448a9b16705ca566539cfaf45882 Author: Ralph Boehme Date: Mon Jul 17 14:51:54 2023 +0200 mdssvc: introduce MAX_MDSCMD_SIZE Allow larger value for the reassembled mdscmd's. Now that the client supports fragementation, when processing reassambled large result sets from macOS Spotlight server, it's possible to hit this limit in the unmarshalling code. Let's just increase it to some larger value. Signed-off-by: Ralph Boehme Reviewed-by: Noel Power commit c2b4fe3fb7c71579541829aca7c112bc2c0eebeb Author: Ralph Boehme Date: Thu Apr 20 10:45:52 2023 +0200 mdscli: add fragmentation support Signed-off-by: Ralph Boehme Reviewed-by: Noel Power commit 27980c87c9b77d6d8a4de6210e13fa20ff870ba9 Author: Ralph Boehme Date: Thu Apr 20 14:59:12 2023 +0200 mdssvc: remove duplicate define of MAX_SL_FRAGMENT_SIZE Signed-off-by: Ralph Boehme Reviewed-by: Noel Power commit 566427c4f0e8c0d9a6ceae4807f6fe6c2fceea1c Author: Ralph Boehme Date: Thu Apr 20 10:44:58 2023 +0200 librpc/idl: mdssvc: unkn4 field is a fragment indicator Signed-off-by: Ralph Boehme Reviewed-by: Noel Power --- Summary of changes: librpc/idl/mdssvc.idl | 2 +- source3/rpc_client/cli_mdssvc.c | 76 + source3/rpc_client/py_mdscli.c | 7 ++- source3/rpc_server/mdssvc/marshalling.c | 14 +++--- source3/rpc_server/mdssvc/marshalling.h | 1 + source3/rpc_server/mdssvc/mdssvc.h | 1 - source3/utils/mdsearch.c| 10 - 7 files changed, 91 insertions(+), 20 deletions(-) Changeset truncated at 500 lines: diff --git a/librpc/idl/mdssvc.idl b/librpc/idl/mdssvc.idl index e7004f07419..b77474713c9 100644 --- a/librpc/idl/mdssvc.idl +++ b/librpc/idl/mdssvc.idl @@ -41,7 +41,7 @@ interface mdssvc [in]uint32 unkn1, /* always 0, status ? */ [in]uint32 device_id, [in]uint32 unkn3, /* = mdssvc_open.unkn2 ? */ - [in]uint32 unkn4, /* always 0 ? */ + [in]uint32 next_fr
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 5442c47dad2 libsmb: increase a debug level when site-aware DC lookup failed from 9bab902fc50 CVE-2023-3347: smbd: fix "server signing = mandatory" https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5442c47dad2d1c018b60a3a1e19c400bd0f4b4ac Author: Ralph Boehme Date: Thu Jul 20 17:08:19 2023 +0200 libsmb: increase a debug level when site-aware DC lookup failed Signed-off-by: Ralph Boehme Reviewed-by: Noel Power Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Jul 21 16:19:35 UTC 2023 on atb-devel-224 --- Summary of changes: source3/libsmb/namequery.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c index 4733aaed693..e6c0c7d2a09 100644 --- a/source3/libsmb/namequery.c +++ b/source3/libsmb/namequery.c @@ -3472,10 +3472,10 @@ NTSTATUS get_sorted_dc_list(TALLOC_CTX *ctx, &ordered); if (NT_STATUS_EQUAL(status, NT_STATUS_NO_LOGON_SERVERS) && sitename) { - DBG_NOTICE("no server for name %s available" - " in site %s, fallback to all servers\n", - domain, - sitename); + DBG_WARNING("No server for domain '%s' available" + " in site '%s', fallback to all servers\n", + domain, + sitename); status = get_dc_list(ctx, domain, NULL, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c66f6c58c7b torture/smb2: do not use client time in delayed timestamp updates test via bea154c9c13 lib: Fix tdb_validate() for incorrect tdb entries via 12c8b67ef63 torture3: Add tdb-validate test from 47f401095ea smbd: squash check_path_syntax() variants https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c66f6c58c7b5ceb9185cb5dd70b7c261c817a021 Author: Amir Goldstein Date: Tue Mar 14 19:57:08 2023 +0200 torture/smb2: do not use client time in delayed timestamp updates test Client time cannot be compared to server timestamp, because the clocks on client and server may not be in sync. Compare server timestamps, only to previous timestamps read from server. Signed-off-by: Amir Goldstein Reviewed-by: Ralph Boehme Reviewed-by: Jeremy Allison Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Sat Apr 1 06:23:36 UTC 2023 on atb-devel-224 commit bea154c9c13e2849eadcaccc1d5acccf9a3b8931 Author: Volker Lendecke Date: Wed Mar 29 06:20:01 2023 -0400 lib: Fix tdb_validate() for incorrect tdb entries We should not overwrite the "rc=1" initialization with the tdb_check retval. This will lead to tdb_validate_child() returning 0 even when validate_fn() found invalid entries. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14789 Signed-off-by: Volker Lendecke Reviewed-by: Andreas Schneider Reviewed-by: Jeremy Allison commit 12c8b67ef6355f9527b53f274cc7a1acc1648dcb Author: Volker Lendecke Date: Wed Mar 29 09:07:19 2023 -0400 torture3: Add tdb-validate test Bug: https://bugzilla.samba.org/show_bug.cgi?id=14789 Signed-off-by: Volker Lendecke Reviewed-by: Andreas Schneider Reviewed-by: Jeremy Allison --- Summary of changes: source3/lib/tdb_validate.c | 5 +-- source3/selftest/tests.py | 1 + source3/torture/proto.h | 1 + source3/torture/test_tdb_validate.c | 68 + source3/torture/torture.c | 4 +++ source3/torture/wscript_build | 2 ++ source4/torture/smb2/timestamps.c | 7 ++-- 7 files changed, 81 insertions(+), 7 deletions(-) create mode 100644 source3/torture/test_tdb_validate.c Changeset truncated at 500 lines: diff --git a/source3/lib/tdb_validate.c b/source3/lib/tdb_validate.c index 9db182fb0b3..78bd824c09d 100644 --- a/source3/lib/tdb_validate.c +++ b/source3/lib/tdb_validate.c @@ -31,6 +31,7 @@ static int tdb_validate_child(struct tdb_context *tdb, tdb_validate_data_func validate_fn) { int ret = 1; + int check_rc; int num_entries = 0; struct tdb_validation_status v_status; @@ -50,8 +51,8 @@ static int tdb_validate_child(struct tdb_context *tdb, * we can simplify this by passing a check function, * but I don't want to change all the callers... */ - ret = tdb_check(tdb, NULL, NULL); - if (ret != 0) { + check_rc = tdb_check(tdb, NULL, NULL); + if (check_rc != 0) { v_status.tdb_error = True; v_status.success = False; goto out; diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index 31112d4be9f..47234896ed6 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -503,6 +503,7 @@ local_tests = [ "LOCAL-G-LOCK8", "LOCAL-NAMEMAP-CACHE1", "LOCAL-IDMAP-CACHE1", +"LOCAL-TDB-VALIDATE", "LOCAL-hex_encode_buf", "LOCAL-remove_duplicate_addrs2"] diff --git a/source3/torture/proto.h b/source3/torture/proto.h index 5e6d914c3da..a67a771ef45 100644 --- a/source3/torture/proto.h +++ b/source3/torture/proto.h @@ -176,5 +176,6 @@ bool run_hidenewfiles_showdirs(int dummy); bool run_readdir_timestamp(int dummy); bool run_ctdbd_conn1(int dummy); bool run_rpc_scale(int dummy); +bool run_tdb_validate(int dummy); #endif /* __TORTURE_H__ */ diff --git a/source3/torture/test_tdb_validate.c b/source3/torture/test_tdb_validate.c new file mode 100644 index 000..4768512e159 --- /dev/null +++ b/source3/torture/test_tdb_validate.c @@ -0,0 +1,68 @@ +/* + * Unix SMB/CIFS implementation. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public L
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 47f401095ea smbd: squash check_path_syntax() variants via 1d220e3170b s3: smbd: Correctly process SMB3 POSIX paths in create. via 09221cea5a1 s3: smbd: Correctly set smb2req->smb1req->posix_pathnames from the calling fsp on SMB2 calls. via 3f33ea95eb6 smbd: Ensure share root POSIX attrs are cleared after mode_fn via adfa3a428bd s3: smbd: Add check_path_syntax_smb2_posix(). via a8329d2536a s3: smbd: Flatten the check_path_syntax_smb2() wrapper. from 874e10ef79a s4:kdc: Add support for AD device claims https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 47f401095ea723cbca6a8fc1a841465a32852cdc Author: Ralph Boehme Date: Fri Mar 31 11:44:00 2023 +0200 smbd: squash check_path_syntax() variants Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Mar 31 21:21:57 UTC 2023 on atb-devel-224 commit 1d220e3170b1eb2afbff48d0148e30f8cec9fba0 Author: Jeremy Allison Date: Tue Mar 28 13:55:49 2023 -0700 s3: smbd: Correctly process SMB3 POSIX paths in create. Remove knownfail for posix path handling of case/reserved char Signed-off-by: David Mulder Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit 09221cea5a19034fd19394134cd2d9c3181966ca Author: Jeremy Allison Date: Tue Mar 28 13:53:20 2023 -0700 s3: smbd: Correctly set smb2req->smb1req->posix_pathnames from the calling fsp on SMB2 calls. We must always do SMB3+POSIX operations on fsp's opened with a posix create context. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit 3f33ea95eb654ab41636f2216002d7916fc56521 Author: David Mulder Date: Thu Dec 1 10:53:44 2022 -0700 smbd: Ensure share root POSIX attrs are cleared after mode_fn The call to mode_fn (smbd_dirptr_lanman2_mode_fn) was filling the cleared attributes back in to the stat. Ensure the clear happens after this call. Signed-off-by: David Mulder Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit adfa3a428bda14a19ef506203d82d055ee98f1be Author: Jeremy Allison Date: Tue Mar 28 11:06:36 2023 -0700 s3: smbd: Add check_path_syntax_smb2_posix(). Not yet used. Simple wrapper, identical to check_path_syntax_posix(). I want to keep SMB1/SMB2 code as separate as possible so we can remove any SMB1 code path later. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit a8329d2536a9333d63a7b2fd5106377364fde42a Author: Jeremy Allison Date: Tue Mar 28 11:03:59 2023 -0700 s3: smbd: Flatten the check_path_syntax_smb2() wrapper. Keep it, rather and move all SMB2 code to check_path_syntax() as I want to keep SMB1/SMB2 code as separate as possible so we can remove any SMB1 code path later. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme --- Summary of changes: selftest/knownfail.d/smb3unix | 2 -- source3/smbd/dir.c | 21 --- source3/smbd/globals.h | 3 ++- source3/smbd/msdfs.c| 6 +++--- source3/smbd/proto.h| 4 +--- source3/smbd/smb1_reply.c | 2 +- source3/smbd/smb2_break.c | 2 +- source3/smbd/smb2_close.c | 2 +- source3/smbd/smb2_create.c | 40 ++- source3/smbd/smb2_flush.c | 2 +- source3/smbd/smb2_getinfo.c | 2 +- source3/smbd/smb2_glue.c| 7 ++- source3/smbd/smb2_ioctl.c | 2 +- source3/smbd/smb2_lock.c| 2 +- source3/smbd/smb2_notify.c | 2 +- source3/smbd/smb2_query_directory.c | 2 +- source3/smbd/smb2_read.c| 2 +- source3/smbd/smb2_reply.c | 42 +++-- source3/smbd/smb2_setinfo.c | 2 +- source3/smbd/smb2_trans2.c | 6 -- source3/smbd/smb2_write.c | 2 +- 21 files changed, 71 insertions(+), 84 deletions(-) delete mode 100644 selftest/knownfail.d/smb3unix Changeset truncated at 500 lines: diff --git a/selftest/knownfail.d/smb3unix b/selftest/knownfail.d/smb3unix deleted file mode 100644 index 2ab886ae75e..000 --- a/selftest/knownfail.d/smb3unix +++ /dev/null @@ -1,2 +0,0 @@ -^samba.tests.smb3unix.samba.tests.smb3unix.Smb3UnixTests.test_posix_reserved_char\(fileserver\) -^samba.tests.smb3unix.samba.tests.smb3unix.Smb3UnixTests.test_posix_case_sensitive\(fileserver\) diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c index 859c8f0dc83..09029ee0c23 100644 --- a/source3/smbd/dir.c +++ b/source3/smbd/dir.c @@ -979,13 +979,6 @@ bool smbd_dirptr_get_entr
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 360b7394644 s3: smbd: Fix dumb typos that meant smb1.SMB1-DFS-* tests were running against an SMB2-only fileserver. via c3f48b0581e s3: smbd: Remove now unused dfs_filename_convert(). via e0ac0a2562c smbd: RIP DFS pathname processing in filename_convert_dirfsp_nosymlink() via 777e324efbb s3: smbd: In smb_file_link_information() and smb_file_rename_information() the target path is never DFS. via f32215dbac2 smbd: use smb1_strip_dfs_path() in call_trans2findfirst() via f539e632bb6 smbd: use smb1_strip_dfs_path() in reply_search() via fc3df8f5968 smbd: use smb1_strip_dfs_path() in call_trans2mkdir() via 6187381 smbd: use smb1_strip_dfs_path() in call_trans2setpathinfo() via 32a1f381137 smbd: use smb1_strip_dfs_path() in smb_set_file_unix_hlink() via adb34770fc2 smbd: use smb1_strip_dfs_path() in call_trans2qpathinfo() via 96765e535d7 smbd: use smb1_strip_dfs_path() in call_trans2open() via 2c4e4c22eac smbd: use smb1_strip_dfs_path() in reply_mv() via c3a87ffb632 smbd: use smb1_strip_dfs_path() in reply_mv() via c44491676ea smbd: use smb1_strip_dfs_path() in reply_rmdir() via 9c151af3135 smbd: use smb1_strip_dfs_path() in reply_mkdir() via 7ff2473bedc smbd: use smb1_strip_dfs_path() in reply_unlink() via 0d298ff757e smbd: use smb1_strip_dfs_path() in reply_ctemp() via 574b1369b7a smbd: use smb1_strip_dfs_path() in reply_mknew() via e4fbaae22bf smbd: use smb1_strip_dfs_path() in reply_open_and_X() via ba325ca2d26 smbd: use smb1_strip_dfs_path() in reply_open() via 0cb37f78c1c smbd: use smb1_strip_dfs_path() in reply_setatr() via 00c836436e0 smbd: use smb1_strip_dfs_path() in reply_getatr via 004d14a0244 smbd: use smb1_strip_dfs_path() in reply_checkpath() via d5b5589d012 smbd: use smb1_strip_dfs_path() in reply_ntrename() via 0089ea2a31e smbd: use smb1_strip_dfs_path() in reply_ntrename() via 666e42ef5b3 smbd: use smb1_strip_dfs_path() in call_nt_transact_create() via 8ad023c1990 smbd: use smb1_strip_dfs_path() in reply_ntcreate_and_X() via 66d7996dbcf s3: smbd: Add utility function smb1_strip_dfs_path(). via 06c738738ea s3: smbd: Remove unused and commented out check_path_syntax_smb2_msdfs(). via 34fabc26f1d s3: smbd: Remove 'is_dfs' parameter to check_path_syntax_smb2(). via 31f5c714c60 s3: smbd: Add assertion to filename_convert_dirfsp_nosymlink() that shows SMB2 is *never* dealing with a DFS path here. via 2c40e28908e s3: smbd: Remove all DFS path prefixes before passing to check_path_syntax_smb2(). via 39ad689eeac s3: smbd: Add utility function smb2_strip_dfs_path(). via 1b510ca2d98 s3: smbd: Change smb2_file_link_information() to use srvstr_pull_talloc()/check_path_syntax_smb2(). via b3fdc892b4f s3: smbd: In smb2_file_link_information(), don't ever expect @GMT tokens in the pathname. via 377c50abe91 s3: smbd: Duplicate smb_file_link_information() hardlink handling as smb2_file_link_information(). via 4c5a07ed4e0 s3: smbd: Cleanup. smb2_file_rename_information() can never have a @GMT path in the destination. via bb92df7c9e5 s3: smbd: Cleanup - don't set the FLAGS2_DFS_PATHNAMES in flags2 in the glue struct if it's not a DFS server or share. from ea4be00361e selftest: Add test parsing krb5 PAC claims via ndrdump https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 360b739464461acece91c04b8a29da30a022ac23 Author: Jeremy Allison Date: Thu Mar 30 13:19:22 2023 -0700 s3: smbd: Fix dumb typos that meant smb1.SMB1-DFS-* tests were running against an SMB2-only fileserver. Remove knownfail on SMB1-DFS-SEARCH-PATHS, as we now pass it with the new SMB1 remove DFS paths before pathname processing changes. Note, we still fail: smb1.SMB1-DFS-PATHS.smbtorture\(fileserver_smb1\) smb1.SMB1-DFS-OPERATIONS.smbtorture\(fileserver_smb1\) even with the new SMB1 remove DFS paths before pathname processing as those tests test *very* specific Windows behaviors. We now pass many more of the individual internal tests, but in order to pass them all completely I need to add specific --with-sambaserver checks to avoid some of the Windows DFS SMB1 insanity (error messages). Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Mar 31 06:07:01 UTC 2023 on atb-devel-224 commit c3f48b0581e5a948d1f31c8a65e8294aa6c92591 Author: Jeremy Allison Date: Thu Mar 30 13:01:08 2023 -0700 s3: smbd: Remove now unused dfs_filename_convert(). And all the static functions it called.
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 76573d6d8f1 s3: libcli: Refuse to connect to any server with zero values for max_trans_size, max_read_size, max_write_size. via 006fe806782 tests: Add samba3.blackbox.zero_readsize test. via b755b81d66a test: Add a test for "deny ous" via f9849dbf4ff tests: Slightly simplify test_idmap_ad.sh via 3fdf8d15c05 idmap_ad: Add "deny ous" and "allow ous" options via c9c709e39dd idmap: Initialize struct idmap_ad_context via 6499a2dcb3b winbind: Add idmap_config_string_list() via 443572ce420 winbind: Factor out idmap_config_name() from ffdfb78da7f buildtools: Remove compile_commands.json symlink https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 76573d6d8f168d6e6107af26a434b8c71aaf93af Author: Jeremy Allison Date: Tue Mar 21 10:34:46 2023 -0700 s3: libcli: Refuse to connect to any server with zero values for max_trans_size, max_read_size, max_write_size. There's nothing we can do to such a server (this now matches the behavior for SMB1). Remove knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15306 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Mar 29 18:58:33 UTC 2023 on atb-devel-224 commit 006fe806782c42e860ed2cf2bc9f6b1b82c3a307 Author: Jeremy Allison Date: Tue Mar 21 10:31:36 2023 -0700 tests: Add samba3.blackbox.zero_readsize test. smbclient crashes when smbd has "smb2 max read = 0" in the [global] section of smb.conf. We should fail the protocol negotiation with NT_STATUS_INVALID_NETWORK_RESPONSE in this case. Adds knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15306 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit b755b81d66a2b63e2e0a1fe9406d8f24b91d983e Author: Volker Lendecke Date: Tue Mar 7 17:21:56 2023 +0100 test: Add a test for "deny ous" Not a comprehensive test for all possible combinations, but it shows the basic functionality, and it found a bug in the initial implementation :-) Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit f9849dbf4ff87e848eb323ca6ca0f612c80c3f95 Author: Volker Lendecke Date: Tue Mar 7 13:54:47 2023 +0100 tests: Slightly simplify test_idmap_ad.sh ldbmodify can change multiple objects in one run Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 3fdf8d15c05518aa08770583d4d0172b15a9b389 Author: Volker Lendecke Date: Fri Nov 18 11:36:28 2022 +0100 idmap_ad: Add "deny ous" and "allow ous" options With these options, certain OUs can be denied or a list of OUs can be explicitly permitted for idmapping. Use case: Administration of OUs in AD has been delegated to people not 100% trusted by the unix server team, this can prevent arbitrary unix IDs to be assigned by these delegated admins. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit c9c709e39dd13680490338fd37caf095f17b70c8 Author: Volker Lendecke Date: Tue Mar 7 16:08:18 2023 +0100 idmap: Initialize struct idmap_ad_context We'll add another pointer next that should be initialized to NULL Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 6499a2dcb3bc4e6f22af5445517dd3e1ba9efff0 Author: Volker Lendecke Date: Thu Nov 17 10:43:22 2022 +0100 winbind: Add idmap_config_string_list() Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 443572ce4204c338a0e92417a9d0539a9ec2ddfa Author: Volker Lendecke Date: Thu Nov 17 10:40:36 2022 +0100 winbind: Factor out idmap_config_name() 3 times is enough, next patch will add a 4th one. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme --- Summary of changes: docs-xml/manpages/idmap_ad.8.xml | 31 + libcli/smb/smbXcli_base.c | 11 ++ nsswitch/tests/test_idmap_ad.sh| 54 + selftest/target/Samba3.pm | 1 + source3/script/tests/test_zero_readsize.sh | 101 source3/selftest/tests.py | 12 ++ source3/winbindd/idmap.c | 60 +- source3/winbindd/idmap_ad.c| 180 - source3/winbindd/winbindd_proto.h | 3 + 9 files changed, 401 insertions(+), 52 deletions(-) create mode 100755 source3/script/tests/test_zero_readsize.sh Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/idmap_ad.8.xml b/docs-xml/manpages/idmap_ad.8.xml index 12cde
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3f84a6df454 s3: smbd: Fix fsp/fd leak when looking up a non-existent stream name on a file. via c54bec26ad2 s3: tests: Add new test_stream_dir_rename.sh test. via 5a3db5105bd s3: provision: Add new streams_xattr_nostrict share - needs "strict rename = no". from e3cfb99d286 net: add hint which options can be used with net ads dns register command https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3f84a6df4546e0f1e62dfbcd0b823ea29499a787 Author: Jeremy Allison Date: Tue Feb 28 11:20:12 2023 -0800 s3: smbd: Fix fsp/fd leak when looking up a non-existent stream name on a file. When open_stream_pathref_fsp() returns NT_STATUS_OBJECT_NAME_NOT_FOUND, smb_fname_rel->fsp has been set to NULL, so we must free base_fsp separately to prevent fd-leaks when opening a stream that doesn't exist. Remove knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15314 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Mar 3 16:37:27 UTC 2023 on atb-devel-224 commit c54bec26ad23b0121b2ddfbf04bc81050f27e6e1 Author: Jeremy Allison Date: Tue Feb 28 11:18:10 2023 -0800 s3: tests: Add new test_stream_dir_rename.sh test. Shows we are leaking an fsp/fd if we request a non-existent stream on a file. This then causes rename of a directory containing the file to be denied, as it thinks we have an existing open file below it. Add knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15314 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit 5a3db5105bd8360b245cd35810002740ccff605c Author: Jeremy Allison Date: Tue Feb 28 11:14:34 2023 -0800 s3: provision: Add new streams_xattr_nostrict share - needs "strict rename = no". The bug we're testing for needs "strict rename = no" (the default), but the existing streams_xattr share uses "strict rename = yes" from the [global] section. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15314 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme --- Summary of changes: selftest/target/Samba3.pm | 5 ++ source3/script/tests/test_stream_dir_rename.sh | 72 ++ source3/selftest/tests.py | 4 ++ source3/smbd/filename.c| 21 4 files changed, 102 insertions(+) create mode 100755 source3/script/tests/test_stream_dir_rename.sh Changeset truncated at 500 lines: diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index 476f59c8783..15b13f2920f 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -3461,6 +3461,11 @@ sub provision($$) copy = tmp vfs objects = streams_xattr xattr_tdb +[streams_xattr_nostrict] + copy = tmp + strict rename = no + vfs objects = streams_xattr xattr_tdb + [acl_streams_xattr] copy = tmp vfs objects = acl_xattr streams_xattr fake_acls xattr_tdb diff --git a/source3/script/tests/test_stream_dir_rename.sh b/source3/script/tests/test_stream_dir_rename.sh new file mode 100755 index 000..7ac3194f649 --- /dev/null +++ b/source3/script/tests/test_stream_dir_rename.sh @@ -0,0 +1,72 @@ +#!/bin/sh +# +# Test a stream can rename a directory once an invalid stream path below it was requested. +# BUG: https://bugzilla.samba.org/show_bug.cgi?id=15314 + +if [ $# -lt 5 ]; then +cat <$tmpfile <fsp +* has been set to NULL, so we must free base_fsp separately +* to prevent fd-leaks when opening a stream that doesn't +* exist. +*/ + fd_close(base_fsp); + file_free(NULL, base_fsp); + base_fsp = NULL; goto done; } @@ -1402,6 +1412,17 @@ done: return NT_STATUS_OK; fail: + /* +* If open_stream_pathref_fsp() returns an error, smb_fname_rel->fsp +* has been set to NULL, so we must free base_fsp separately +* to prevent fd-leaks when opening a stream that doesn't +* exist. +*/ + if (base_fsp != NULL) { + fd_close(base_fsp); + file_free(NULL, base_fsp); + base_fsp = NULL; + } TALLOC_FREE(dirname); TALLOC_FREE(smb_dirname); TALLOC_FREE(smb_fname_rel); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e8abe52df2d s3: smbd: Fix log spam. Change a normal error message from DBG_ERR (level 0) to DBG_INFO (level 5). from 5b7fc5b696c gp: gp_sudoers_ext warn w/out visudo installed https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e8abe52df2d3ae533b3f874a885856f26ba5ec7e Author: Jeremy Allison Date: Tue Feb 7 17:51:10 2023 -0800 s3: smbd: Fix log spam. Change a normal error message from DBG_ERR (level 0) to DBG_INFO (level 5). BUG: https://bugzilla.samba.org/show_bug.cgi?id=15302 Signed-off-by: Jeremy Allison Reviewed-by: Andreas Schneider Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Sat Feb 11 08:48:05 UTC 2023 on atb-devel-224 --- Summary of changes: source3/smbd/open.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 3ad6b205116..da0498f9e7d 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -3550,7 +3550,7 @@ NTSTATUS smbd_calculate_access_mask_fsp(struct files_struct *dirfsp, rejected_share_access = access_mask & ~(fsp->conn->share_access); if (rejected_share_access) { - DBG_ERR("Access denied on file %s: " + DBG_INFO("Access denied on file %s: " "rejected by share access mask[0x%08X] " "orig[0x%08X] mapped[0x%08X] reject[0x%08X]\n", fsp_str_dbg(fsp), -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 65e9b409a6c s3:utils: Fix UNUSED_VALUE via 4d83e9fcbda s3:utils: Fix trailing whitespaces from 0f2978bbc0e s4-drsuapi: Give an error that matches windows on destination_dsa_guid lookup failure https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 65e9b409a6c27bbdf80307514523b3f37f20859d Author: Pavel Filipenský Date: Thu Feb 2 09:49:31 2023 +0100 s3:utils: Fix UNUSED_VALUE Reported by RedHat internal Covscan Since cb8a0d9 we no longer stop traversing the list if encryption_flag or signing_flags are unknown. Assignment "result = -1;" is always overwritten by "result = traverse_connections_*()" and is a dead code. Signed-off-by: Pavel Filipenský Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Thu Feb 2 15:46:52 UTC 2023 on atb-devel-224 commit 4d83e9fcbda34b45a55fdc25da4642e1d7839c7b Author: Pavel Filipenský Date: Thu Feb 2 09:48:37 2023 +0100 s3:utils: Fix trailing whitespaces Signed-off-by: Pavel Filipenský Reviewed-by: Ralph Boehme --- Summary of changes: source3/utils/status.c | 12 +--- 1 file changed, 5 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/utils/status.c b/source3/utils/status.c index cca8b7d6cb2..5359dda90cc 100644 --- a/source3/utils/status.c +++ b/source3/utils/status.c @@ -1,4 +1,4 @@ -/* +/* Unix SMB/CIFS implementation. status reporting Copyright (C) Andrew Tridgell 1994-1998 @@ -86,10 +86,10 @@ static void Ucrit_addUid(uid_t uid) static unsigned int Ucrit_checkUid(uid_t uid) { - if ( !Ucrit_IsActive ) + if ( !Ucrit_IsActive ) return 1; - if ( uid == Ucrit_uid ) + if ( uid == Ucrit_uid ) return 1; return 0; @@ -99,7 +99,7 @@ static unsigned int Ucrit_checkPid(struct server_id pid) { int i; - if ( !Ucrit_IsActive ) + if ( !Ucrit_IsActive ) return 1; for (i=0;i
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 425aaf6f7eb lib: Fix a use-after-free in "net vfs getntacl" via d278fe4a847 lib: Fix out-of-bounds access in print_ace_flags() via 3a458a8198e lib: Use talloc_asprintf_addbuf() in print_ace_flags() via 6dcbea9e0fb build: Don't compile source3/lib/util_sd.c four times from 98d84192a03 s3:utils:mdsearch go to cmdline_messaging_context_free https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 425aaf6f7ebecc33463f6ed2f39573e95a72bf55 Author: Volker Lendecke Date: Thu Jan 12 12:00:26 2023 +0100 lib: Fix a use-after-free in "net vfs getntacl" Don't hang "sd" off "fsp", which is free'ed before printing Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Thu Jan 12 16:41:07 UTC 2023 on sn-devel-184 commit d278fe4a8478c1108b0f95daa99eb0a4e8fa787c Author: Volker Lendecke Date: Thu Jan 12 11:55:04 2023 +0100 lib: Fix out-of-bounds access in print_ace_flags() Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 3a458a8198eef40e4e58a6dc10525409188d573f Author: Volker Lendecke Date: Thu Jan 12 11:51:50 2023 +0100 lib: Use talloc_asprintf_addbuf() in print_ace_flags() Simplifies code. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 6dcbea9e0fb09f2d420b2424081bb20d459277fb Author: Volker Lendecke Date: Thu Jan 12 12:11:49 2023 +0100 build: Don't compile source3/lib/util_sd.c four times Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme --- Summary of changes: source3/lib/util_sd.c | 45 +-- source3/torture/wscript_build | 2 +- source3/utils/net_vfs.c | 4 +++- source3/utils/wscript_build | 8 +--- source3/wscript_build | 3 +++ 5 files changed, 25 insertions(+), 37 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/util_sd.c b/source3/lib/util_sd.c index a4288a46f3d..23f37b7e734 100644 --- a/source3/lib/util_sd.c +++ b/source3/lib/util_sd.c @@ -240,53 +240,34 @@ bool StringToSid(struct cli_state *cli, struct dom_sid *sid, const char *str) static void print_ace_flags(FILE *f, uint8_t flags) { char *str = talloc_strdup(NULL, ""); - - if (!str) { - goto out; - } + size_t len; if (flags & SEC_ACE_FLAG_OBJECT_INHERIT) { - str = talloc_asprintf(str, "%s%s", - str, "OI|"); - if (!str) { - goto out; - } + talloc_asprintf_addbuf(&str, "OI|"); } if (flags & SEC_ACE_FLAG_CONTAINER_INHERIT) { - str = talloc_asprintf(str, "%s%s", - str, "CI|"); - if (!str) { - goto out; - } + talloc_asprintf_addbuf(&str, "CI|"); } if (flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT) { - str = talloc_asprintf(str, "%s%s", - str, "NP|"); - if (!str) { - goto out; - } + talloc_asprintf_addbuf(&str, "NP|"); } if (flags & SEC_ACE_FLAG_INHERIT_ONLY) { - str = talloc_asprintf(str, "%s%s", - str, "IO|"); - if (!str) { - goto out; - } + talloc_asprintf_addbuf(&str, "IO|"); } if (flags & SEC_ACE_FLAG_INHERITED_ACE) { - str = talloc_asprintf(str, "%s%s", - str, "I|"); - if (!str) { - goto out; - } + talloc_asprintf_addbuf(&str, "I|"); } + if (str == NULL) { + goto out; + } + /* Ignore define SEC_ACE_FLAG_SUCCESSFUL_ACCESS ( 0x40 ) and SEC_ACE_FLAG_FAILED_ACCESS ( 0x80 ) as they're audit ace flags. */ - if (str[strlen(str)-1] == '|') { - str[strlen(str)-1] = '\0'; - fprintf(f, "/%s/", str); + len = strlen(str); + if (len > 0) { + fprintf(f, "/%.*s/", (int)len-1, str); } else { fprintf(f, "/0x%x/", flags); } diff --git a/source3/torture/wscript_build b/source3/torture/wscript_build index e941829ab5f..18106aaf59a
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via dd86376294f smbd: Fix indentation via 17e9758b537 smbd: Fix CID 1518901 Logically dead code via c1be654988a smbd: Fix CID 1518902 Use after free from 316b8fa4a8a nsswitch: remove winbind_nss_mutex https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit dd86376294fd4117521dd550165ee4943ae8bec1 Author: Volker Lendecke Date: Thu Jan 5 15:17:44 2023 +0100 smbd: Fix indentation Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Thu Jan 5 18:00:17 UTC 2023 on sn-devel-184 commit 17e9758b537e3a43f4f290debdc2b812abb394ed Author: Volker Lendecke Date: Thu Jan 5 15:17:14 2023 +0100 smbd: Fix CID 1518901 Logically dead code Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit c1be654988a14ed5ac7fb337716cb8f41daebca1 Author: Volker Lendecke Date: Thu Jan 5 15:11:10 2023 +0100 smbd: Fix CID 1518902 Use after free The SMB_REALLOC macro properly deals with failure to realloc, so overwriting the target variable is correct here. Signed-off-by: Volker Lendecke --- Summary of changes: source3/smbd/smb1_trans2.c | 55 +++--- 1 file changed, 13 insertions(+), 42 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/smb1_trans2.c b/source3/smbd/smb1_trans2.c index 815e529b231..336024c9456 100644 --- a/source3/smbd/smb1_trans2.c +++ b/source3/smbd/smb1_trans2.c @@ -2113,15 +2113,13 @@ static NTSTATUS smb_q_unix_basic( int *ptotal_data) { const int total_data = 100; - char *pdata = NULL; - pdata = SMB_REALLOC(*ppdata, total_data); - if (pdata == NULL) { + *ppdata = SMB_REALLOC(*ppdata, total_data); + if (*ppdata == NULL) { return NT_STATUS_NO_MEMORY; } - store_file_unix_basic(conn, pdata, fsp, &smb_fname->st); + store_file_unix_basic(conn, *ppdata, fsp, &smb_fname->st); - *ppdata = pdata; *ptotal_data = total_data; return NT_STATUS_OK; @@ -2136,15 +2134,13 @@ static NTSTATUS smb_q_unix_info2( int *ptotal_data) { const int total_data = 116; - char *pdata = NULL; - pdata = SMB_REALLOC(*ppdata, total_data); - if (pdata == NULL) { + *ppdata = SMB_REALLOC(*ppdata, total_data); + if (*ppdata == NULL) { return NT_STATUS_NO_MEMORY; } - store_file_unix_basic_info2(conn, pdata, fsp, &smb_fname->st); + store_file_unix_basic_info2(conn, *ppdata, fsp, &smb_fname->st); - *ppdata = pdata; *ptotal_data = total_data; return NT_STATUS_OK; @@ -2442,12 +2438,12 @@ static NTSTATUS smb_q_posix_acl( } size_needed += SMB_POSIX_ACL_HEADER_SIZE; - pdata = SMB_REALLOC(*ppdata, size_needed); - if (pdata == NULL) { + *ppdata = SMB_REALLOC(*ppdata, size_needed); + if (*ppdata == NULL) { status = NT_STATUS_NO_MEMORY; goto out; } - *ppdata = pdata; + pdata = *ppdata; SSVAL(pdata,0,SMB_POSIX_ACL_VERSION); SSVAL(pdata,2,num_file_acls); @@ -2547,11 +2543,11 @@ static NTSTATUS smb_q_posix_symlink( needed = (link_len+1)*2; - pdata = SMB_REALLOC(*ppdata, needed); - if (pdata == NULL) { + *ppdata = SMB_REALLOC(*ppdata, needed); + if (*ppdata == NULL) { return NT_STATUS_NO_MEMORY; } - *ppdata = pdata; + pdata = *ppdata; status = srvstr_push( pdata, @@ -4413,7 +4409,6 @@ static void call_trans2setpathinfo( struct files_struct *fsp = NULL; char *params = *pparams; uint32_t ucf_flags = ucf_flags_from_smb_request(req); - bool require_existing_object = true; NTTIME twrp = 0; char *fname = NULL; bool info_level_handled; @@ -4549,7 +4544,7 @@ static void call_trans2setpathinfo( case SMB_SET_POSIX_ACL: status = smb_set_posix_acl( conn, req, *ppdata, total_data, NULL, smb_fname); - break; + break; } if (info_level_handled) { @@ -4571,30 +4566,6 @@ static void call_trans2setpathinfo( */ fsp = smb_fname->fsp; - /* -* There are 4 info levels which can -* create a new object in the filesystem. -* They are: -* SMB_SET_FILE_UNIX_LINK -> creates POSIX symlink. -* SMB_POSIX_PATH_OPEN -> creates POSIX file or directory. -* SMB_SET_FILE_UNIX_BASIC: -* SMB_SET_FILE_UNIX_INFO2: can create a POSIX special file. -* -* These info lev
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 316b8fa4a8a nsswitch: remove winbind_nss_mutex via 642a4452ce5 nsswitch: leverage TLS if available in favour over global locking via ae4a06f4b08 nsswitch: prepare for removing global locking by using TLS via 347f75499e8 nsswitch/stress-nss-libwbclient: also test after fork via 29a99e5e123 libreplace: require TLS support if pthread support is available via 73e7d3731d8 libreplace: update comment on __thread support from 9636b40b05b smbd: Use get_dirent_ea_size() also for BOTH_DIRECTORY_INFO https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 316b8fa4a8ae1f5e48692c2a86c6c1c962953389 Author: Ralph Boehme Date: Wed Dec 21 14:48:06 2022 +0100 nsswitch: remove winbind_nss_mutex We're now thread-safe by using TLS, so the global lock isn't needed anymore. Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Thu Jan 5 12:34:35 UTC 2023 on sn-devel-184 commit 642a4452ce5bc50e41e54bc6ca779686ecc3 Author: Ralph Boehme Date: Sun Nov 6 16:57:27 2022 +0100 nsswitch: leverage TLS if available in favour over global locking The global locking can lead to deadlocks when using nscd: when processing the first request in winbind, when we know we call into code that will recurse into winbind we call winbind_off() which sets an environment variable which is later checked here in the nsswitch module. But with nscd in the stack, we don't see the env variable in nsswitch, so when we try to acquire the global lock again, it is already locked and we deadlock. By using a thread specific winbindd_context, plus a few other thread local global variables, we don't need a global lock anymore. Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit ae4a06f4b087c6b247f55716a4b3f59aaa79 Author: Ralph Boehme Date: Sun Nov 6 16:57:27 2022 +0100 nsswitch: prepare for removing global locking by using TLS Switch to using TLS for all global variables. No change in behaviour. Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit 347f75499e832dc669268c5c1b0368224dbf0374 Author: Ralph Boehme Date: Mon Oct 31 16:19:21 2022 +0100 nsswitch/stress-nss-libwbclient: also test after fork Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit 29a99e5e123465145f0faf66bddd94ecc26d15ff Author: Ralph Boehme Date: Tue Nov 15 11:30:28 2022 +0100 libreplace: require TLS support if pthread support is available Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit 73e7d3731d87b3c3ed907e718fcba5ed2e293e51 Author: Ralph Boehme Date: Thu Oct 27 07:51:49 2022 +0200 libreplace: update comment on __thread support Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher --- Summary of changes: lib/replace/replace.h | 12 +++ lib/replace/wscript | 6 +- nsswitch/libwbclient/wscript | 6 +- nsswitch/stress-nss-libwbclient.c | 152 ++ nsswitch/wb_common.c | 127 +-- nsswitch/winbind_nss_linux.c | 123 +- 6 files changed, 296 insertions(+), 130 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/replace/replace.h b/lib/replace/replace.h index de50761d000..b15f3d14c8a 100644 --- a/lib/replace/replace.h +++ b/lib/replace/replace.h @@ -1082,4 +1082,16 @@ static inline bool hex_byte(const char *in, uint8_t *out) #include #endif +/* + * This handles the case of missing pthread support and ensures code can use + * __thread unconditionally, such that when built on a platform without pthread + * support, the __thread qualifier is an empty define. + */ +#ifndef HAVE___THREAD +# ifdef HAVE_PTHREAD +# error Configure failed to detect pthread library with missing TLS support +# endif +#define HAVE___THREAD +#endif + #endif /* _LIBREPLACE_REPLACE_H */ diff --git a/lib/replace/wscript b/lib/replace/wscript index b1ca95515a0..82c5a8a477b 100644 --- a/lib/replace/wscript +++ b/lib/replace/wscript @@ -673,7 +673,8 @@ syscall(SYS_copy_file_range,0,NULL,0,NULL,0,0); conf.CONFIG_SET('HAVE_PTHREAD_MUTEX_CONSISTENT_NP'))): conf.DEFINE('HAVE_ROBUST_MUTEXES', 1) -# __thread is available since 2002 in gcc. +# __thread is available in Solaris Studio, IBM XL, +# gcc, Clang and Intel C Compiler conf.CHECK_CODE(''' __thread int tls; @@ -685,6 +686,9 @@ syscall(SYS_copy_file_range,0,NULL,0,NULL,0,0); addmain=False,
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 9636b40b05b smbd: Use get_dirent_ea_size() also for BOTH_DIRECTORY_INFO via dc98e564604 smbd: Factor out get_dirent_ea_size() via 8000c188374 pylibsmb: Add reparse tag definitions via ecdb225a7c6 pylibsmb: Get reparse tag when listing directories via d4f47d4b869 smbd: Modernize a DBG statement via eb0e911c73c smbd: Shorten a few lines via 852ce99e2ae smbd: Remove duplicate/unused #defines via 7a21dc75645 torture: Fix whitespace via 71610e3633d smbd: Move SMB_QUERY_FILE_UNIX_LINK to smb1_trans2.c via f48e2489ad7 smbd: Move get_posix_fsp() to smb1_trans2.c via 6fc64f53a80 smbd: Move SMB_QUERY_POSIX_ACL to smb1_trans2.c via 01e14e0fe13 smbd: Move SMB_QUERY_FILE_UNIX_[BASIC|INFO2] to smb1_trans2.c via 0cfea607927 smbd: Remove an unnecessary if-statement via 65fc2b105a3 smbd: Remove an unnecessary if-statement via 4f69b76fa18 smbd: Move smb_set_posix_acl() to smb1_trans2.c via 19c41395e55 smbd: Make get_posix_fsp() public via b0dfee968a4 smbd: smbd_do_qfilepathinfo() does not need lock_data anymore via e53988cdea2 smbd: Handle SMB_QUERY_POSIX_LOCK() in call_trans2qfileinfo() via ad453a3827b smbd: Remove two variables never set after initialization via 2be0e68ec51 smbd: Move SMB_SET_FILE_UNIX_[BASIC|INFO2] to smb1_trans2.c via 483aa414809 smbd: Make map_info2_flags_to_sbuf() public via 1c21fc72e9a smbd: Make smb_set_file_size() public via 765f9bcf666 smbd: Move handling smb_set_posix_lock() to smb1_trans2.c via 2cef6fcd6d1 smbd: Move smb_set_file_unix_hlink() to smb1_trans2.c via 5273c1da12a smbd: Move smb_set_file_unix_link() to smb1_trans2.c via cabef724697 smbd: Move smb_posix_unlink() to smb1_trans2.c via bcc621a69f9 smbd: Make smb_set_file_disposition_info() public via 38b15fada27 smbd: Move smb_posix_open() to smb1_trans2.c via 58287995e5b smbd: Make store_file_unix_basic[_info2] public via bad8aa10cd8 smbd: Factor out handle_trans2qfilepathinfo_result() via 5f7d16dbefa smbd: Simplify call_trans2qfilepathinfo() via d66dc816716 smbd: Fix qfileinfo profiling via 3b76bc9689c smbd: Remove call_trans2setfilepathinfo() via 5f38f23668b smbd: Factor out handle_trans2setfilepathinfo_result() via f72572ff6f4 smbd: Simplify call_trans2setfilepathinfo() via 6619b16fec7 smbd: Fix setfileinfo profiling from c9a6e242d15 s3: smbd: Strip any leading '\' characters if the SMB2 DFS flag is set. https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9636b40b05b90e5317bb1ef29985ffb91bccf482 Author: Volker Lendecke Date: Mon Jan 2 16:21:50 2023 +0100 smbd: Use get_dirent_ea_size() also for BOTH_DIRECTORY_INFO This is a bit more involved as readdir_attr_data needs to be looked at. The meaning of this if-statements should be the same though, readdir_attr_data can only be non-NULL if we don't have a reparse point around. See the beginning of smbd_marshall_dir_entry(). Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Jan 4 09:48:37 UTC 2023 on sn-devel-184 commit dc98e564604f4b61fbc6bd41ba8c05ead30e7aa2 Author: Volker Lendecke Date: Mon Jan 2 16:19:12 2023 +0100 smbd: Factor out get_dirent_ea_size() Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 8000c1883748dcf4a5e2c2ea8f90115dff07254a Author: Volker Lendecke Date: Mon Jan 2 16:01:10 2023 +0100 pylibsmb: Add reparse tag definitions Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit ecdb225a7c6688f1d8ad53e6f651e7e985297582 Author: Volker Lendecke Date: Mon Jan 2 14:29:12 2023 +0100 pylibsmb: Get reparse tag when listing directories Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit d4f47d4b86923741ef8644b6aee8fc2faab79d74 Author: Volker Lendecke Date: Wed Dec 28 23:18:20 2022 +0100 smbd: Modernize a DBG statement Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit eb0e911c73cfc8d1ec348a17de13f71344901f92 Author: Volker Lendecke Date: Wed Dec 28 23:14:25 2022 +0100 smbd: Shorten a few lines Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 852ce99e2aeea148c3f0d5301ad4e93be9c94630 Author: Volker Lendecke Date: Fri Dec 23 09:21:25 2022 +0100 smbd: Remove duplicate/unused #defines Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 7a21dc75645040e44a8940e6dad3e064124e918e Author: Volker Lendecke Date: Sat Dec 24 14:08:40 2022 +0100 torture: Fix whitespace Signed-off-by: Volker Lendecke
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 01cdc5e00be lib/replace - add extra check to bsd_attr_list from a6136b88174 Happy New Year 2023! https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 01cdc5e00be78a51f0766634cc7fe50de2088203 Author: Andrew Walker Date: Tue Dec 27 10:59:14 2022 -0500 lib/replace - add extra check to bsd_attr_list The FreeBSD extattr API may return success and truncated namelist. We need to check for this in bsd_attr_list to ensure that we don't accidentally read off the end of the buffer. In the case of a truncated value, the pascal strings for attr names will reflect the lengths as if the value were not truncated. For example: `58DosStrea` In case of short read we now set error to ERANGE and fail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15271 Signed-off-by: Andrew Walker Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Mon Jan 2 14:27:23 UTC 2023 on sn-devel-184 --- Summary of changes: lib/replace/xattr.c | 12 1 file changed, 12 insertions(+) Changeset truncated at 500 lines: diff --git a/lib/replace/xattr.c b/lib/replace/xattr.c index 4869367b7da..1044942f4b9 100644 --- a/lib/replace/xattr.c +++ b/lib/replace/xattr.c @@ -267,6 +267,18 @@ static ssize_t bsd_attr_list (int type, extattr_arg arg, char *list, size_t size for(i = 0; i < list_size; i += len + 1) { len = buf[i]; + + /* +* If for some reason we receive a truncated +* return from call to list xattrs the pascal +* string lengths will not be changed and +* therefore we must check that we're not +* reading garbage data or off end of array +*/ + if (len + i >= list_size) { + errno = ERANGE; + return -1; + } strncpy(list, extattr[t].name, extattr[t].len + 1); list += extattr[t].len; strncpy(list, buf + i + 1, len); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 17bbd6ec4c2 smbd: Add "posix" flag to openat_pathref_dirfsp_nosymlink() via 612c8da01cf tests: Show that in smb1 posix we don't treat dirs as case sensitive from 897f08f7a03 testprogs: Use new kerberos options for samba-tool in test_kpasswd_mit.sh https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 17bbd6ec4c2607afeadd91a29c245054a6ca6828 Author: Volker Lendecke Date: Wed Dec 14 17:35:17 2022 +0100 smbd: Add "posix" flag to openat_pathref_dirfsp_nosymlink() Don't do the get_real_filename() retry if we're in posix context of if the connection is case sensitive. The whole concept of case sensivity blows my brain. In SMB1 without posix extensions it's a per-request thing. In SMB2 without posix extensions this should just depend on "case sensitive = yes/no", and in future SMB2 posix extensions this will become a per-request thing again, depending on the existence of the posix create context. Then there are other semantics that are attached to posix-ness, which have nothing to do with case sensivity. See for example merge request 2819 and bug 8776, or commit f0e1137425f. Also see check_path_syntax_internal(). This patch uses the same flags as openat_pathref_fsp_case_insensitive() does, but I am 100% certain this is wrong in a subtle way. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Thu Dec 15 11:30:04 UTC 2022 on sn-devel-184 commit 612c8da01cf54be1268f2fe27fb187161cc2d0b3 Author: Volker Lendecke Date: Wed Dec 14 18:05:04 2022 +0100 tests: Show that in smb1 posix we don't treat dirs as case sensitive Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme --- Summary of changes: python/samba/tests/smb1posix.py | 52 + source3/selftest/tests.py | 1 + source3/smbd/filename.c | 1 + source3/smbd/files.c| 8 ++- source3/smbd/proto.h| 1 + 5 files changed, 62 insertions(+), 1 deletion(-) create mode 100644 python/samba/tests/smb1posix.py Changeset truncated at 500 lines: diff --git a/python/samba/tests/smb1posix.py b/python/samba/tests/smb1posix.py new file mode 100644 index 000..52b0312ac8b --- /dev/null +++ b/python/samba/tests/smb1posix.py @@ -0,0 +1,52 @@ +# Unix SMB/CIFS implementation. +# Copyright Volker Lendecke 2022 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +from samba.samba3 import libsmb_samba_internal as libsmb +from samba import (ntstatus,NTSTATUSError) +from samba.dcerpc import security as sec +import samba.tests.libsmb + +class Smb1PosixTests(samba.tests.libsmb.LibsmbTests): + +def test_directory_case_sensivity(self): +"""Test that in smb1 posix dirs are case sensitive""" +conn = libsmb.Conn( +self.server_ip, +"posix_share", +self.lp, +self.creds, +force_smb1=True) +conn.smb1_posix() + +try: +conn.mkdir("lower") +except NTSTATUSError as e: +if e.args[0] != ntstatus.NT_STATUS_OBJECT_NAME_COLLISION: +raise +try: +conn.mkdir("lower/second") +except NTSTATUSError as e: +if e.args[0] != ntstatus.NT_STATUS_OBJECT_NAME_COLLISION: +raise + +self.assertFalse(conn.chkpath("Lower/second")) +conn.rmdir("lower/second") +conn.rmdir("lower") + +if __name__ == '__main__': +import unittest +unittest.main() diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index 1630fdd2035..a1379e8080e 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -1689,3 +1689,4 @@ for t in CLUSTERED_LOCAL_TESTS: planpythontestsuite("fileserver", "samba.tests.smb3unix") planpythontestsuite("fileserver", "samba.tests.reparsepoints") planpythontestsuite(&qu
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 39df9f4a593 s3: smbd: Fix schedule_smb2_aio_read() to allow the last read in a compound to go async. via 0bb4810719c s3: smbd: Fix schedule_aio_smb2_write() to allow the last write in a compound to go async. via 088b8a1e3e5 s4: torture: Add compound_async.read_read test to show we don't go async on the last read in a compound. via ffd9b94fe0f s4: torture: Add compound_async.write_write test to show we don't go async on the last write in a compound. via fc6c76e6dab s4: torture: Tweak the compound padding streamfile test to send 3 reads instead of 2, and check the middle read padding. via 48b12f11a5c s4: torture: Tweak the compound padding basefile test to send 3 reads instead of 2, and check the middle read padding. via f5b2ae58093 s3: tests: Change smb2.compound_async to run against share aio_delay_inject instead of tmp. from 49b40a13343 s4:torture: Fix segfault in multichannel test https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 39df9f4a593f4dd1f19c8b720fd7fd55081c29d1 Author: Jeremy Allison Date: Fri Nov 18 10:50:35 2022 -0800 s3: smbd: Fix schedule_smb2_aio_read() to allow the last read in a compound to go async. Remove knownfail. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Thu Dec 1 16:04:07 UTC 2022 on sn-devel-184 commit 0bb4810719ce0864114d84b72f8d3b206f1a7d0e Author: Jeremy Allison Date: Fri Nov 18 10:45:19 2022 -0800 s3: smbd: Fix schedule_aio_smb2_write() to allow the last write in a compound to go async. Remove knownfail. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit 088b8a1e3e56cc24a7c2a469042d1ece9e84df38 Author: Jeremy Allison Date: Thu Nov 17 15:50:30 2022 -0800 s4: torture: Add compound_async.read_read test to show we don't go async on the last read in a compound. Add knownfail. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit ffd9b94fe0f59c2b552402543db406cb69003745 Author: Jeremy Allison Date: Thu Nov 17 15:39:16 2022 -0800 s4: torture: Add compound_async.write_write test to show we don't go async on the last write in a compound. Add knownfail. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit fc6c76e6dabdc20bc7401cc2268baa6edb635ee1 Author: Jeremy Allison Date: Fri Nov 18 13:30:05 2022 -0800 s4: torture: Tweak the compound padding streamfile test to send 3 reads instead of 2, and check the middle read padding. The protocol allows the last read in a related compound to be split off and possibly go async (and smbd soon will do this). If the last read is split off, then the padding is different. By sending 3 reads and checking the padding on the 2nd read, we cope with the smbd change and are still correctly checking the padding on a compound related read. Do this for the stream filename compound padding test. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit 48b12f11a5c4ebd9affb2a2589f47881b46b659b Author: Jeremy Allison Date: Fri Nov 18 13:23:48 2022 -0800 s4: torture: Tweak the compound padding basefile test to send 3 reads instead of 2, and check the middle read padding. The protocol allows the last read in a related compound to be split off and possibly go async (and smbd soon will do this). If the last read is split off, then the padding is different. By sending 3 reads and checking the padding on the 2nd read, we cope with the smbd change and are still correctly checking the padding on a compound related read. Do this for the base filename compound padding test. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit f5b2ae58093a0920c7be0394f638b73736fbebc2 Author: Jeremy Allison Date: Fri Nov 18 09:53:23 2022 -0800 s3: tests: Change smb2.compound_async to run against share aio_delay_inject instead of tmp. It doesn't hurt the fsync compound async tests, and we need this for the next commits to ensure smb2_read/smb2_write compound tests take longer than 500ms so can be sure the last read/write in the compound will go async. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme --- Summary of changes: source3/selftest/tests.py | 2 +- source3/smbd/smb2_aio.c | 22 +++- source4/torture/smb2/compound.c | 258 +++- 3 files changed, 277 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index 8e9a4aaba47..1630fdd
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 535a08dfc4c smbd: reject FILE_ATTRIBUTE_TEMPORARY on directories via fdb19ce8aa1 torture: add a test trying to set FILE_ATTRIBUTE_TEMPORARY on a directory from c8bf9495f43 vfs: fix the build of nfs4acl_xattr_ without rpc/xdr.h support https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 535a08dfc4c045d7b0c0ed335f76b5d560dd7bbd Author: Ralph Boehme Date: Tue Nov 22 07:31:52 2022 +0100 smbd: reject FILE_ATTRIBUTE_TEMPORARY on directories Cf MS-FSA 2.1.5.14.2 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15252 Signed-off-by: Ralph Boehme Reviewed-by: Andrew Bartlett Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Mon Nov 28 10:14:12 UTC 2022 on sn-devel-184 commit fdb19ce8aa189f6cfbd2d1fd7ed6fe809ba93cf3 Author: Ralph Boehme Date: Tue Nov 22 10:45:35 2022 +0100 torture: add a test trying to set FILE_ATTRIBUTE_TEMPORARY on a directory BUG: https://bugzilla.samba.org/show_bug.cgi?id=15252 Signed-off-by: Ralph Boehme Reviewed-by: Andrew Bartlett --- Summary of changes: selftest/knownfail| 1 + source3/smbd/dosmode.c| 7 +++ source4/torture/smb2/create.c | 47 +++ 3 files changed, 55 insertions(+) Changeset truncated at 500 lines: diff --git a/selftest/knownfail b/selftest/knownfail index cd91a7a50e6..c6e0a242ecb 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -146,6 +146,7 @@ ^samba4.smb2.create.*.acldir ^samba4.smb2.create.*.impersonation ^samba4.smb2.create.quota-fake-file\(ad_dc_ntvfs\) # not supported by the NTVFS +^samba4.smb2.create.dosattr_tmp_dir\(ad_dc_ntvfs\) ^samba4.smb2.acls.*.generic ^samba4.smb2.acls.*.inheritflags ^samba4.smb2.acls.*.owner diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c index 40fe7b5166a..2e3aa0934a7 100644 --- a/source3/smbd/dosmode.c +++ b/source3/smbd/dosmode.c @@ -918,6 +918,13 @@ int file_set_dosmode(connection_struct *conn, return -1; } + if ((S_ISDIR(smb_fname->st.st_ex_mode)) && + (dosmode & FILE_ATTRIBUTE_TEMPORARY)) + { + errno = EINVAL; + return -1; + } + dosmode &= SAMBA_ATTRIBUTES_MASK; DEBUG(10,("file_set_dosmode: setting dos mode 0x%x on file %s\n", diff --git a/source4/torture/smb2/create.c b/source4/torture/smb2/create.c index 9357528909e..cdd543685a1 100644 --- a/source4/torture/smb2/create.c +++ b/source4/torture/smb2/create.c @@ -3372,6 +3372,52 @@ static bool test_fileid_unique_dir( return test_fileid_unique_object(tctx, tree, 100, true); } +static bool test_dosattr_tmp_dir(struct torture_context *tctx, +struct smb2_tree *tree) +{ + bool ret = true; + NTSTATUS status; + struct smb2_create c; + struct smb2_handle h1 = {{0}}; + const char *fname = DNAME; + + smb2_deltree(tree, fname); + smb2_util_rmdir(tree, fname); + + c = (struct smb2_create) { + .in.desired_access = SEC_RIGHTS_DIR_ALL, + .in.file_attributes = FILE_ATTRIBUTE_DIRECTORY, + .in.create_disposition = NTCREATEX_DISP_OPEN_IF, + .in.share_access = NTCREATEX_SHARE_ACCESS_READ | + NTCREATEX_SHARE_ACCESS_WRITE | + NTCREATEX_SHARE_ACCESS_DELETE, + .in.create_options = NTCREATEX_OPTIONS_DIRECTORY, + .in.fname = DNAME, + }; + + status = smb2_create(tree, tctx, &c); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "smb2_create\n"); + h1 = c.out.file.handle; + + /* Try to set temporary attribute on directory */ + SET_ATTRIB(FILE_ATTRIBUTE_TEMPORARY); + + torture_assert_ntstatus_equal_goto(tctx, status, + NT_STATUS_INVALID_PARAMETER, + ret, done, + "Unexpected setinfo result\n"); + +done: + if (!smb2_util_handle_empty(h1)) { + smb2_util_close(tree, h1); + } + smb2_util_unlink(tree, fname); + smb2_deltree(tree, fname); + + return ret; +} + /* test opening quota fakefile handle and returned attributes */ @@ -3927,6 +3973,7 @@ struct torture_suite *torture_smb2_create_init(TALLOC_CTX *ctx) torture_suite_add_1smb2_test(suite, "nulldacl", test_create_null_dacl); torture_suite_add_1smb2_test(suite, "mkdir-dup", test_mkdir_dup); torture_suite_add_1smb2_test(suite, "dir-alloc-size", test_dir_alloc_size); +
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c8bf9495f43 vfs: fix the build of nfs4acl_xattr_ without rpc/xdr.h support from 3b9ccfa4ac7 net: use correct printf format, fi3_id is an uint32_t https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c8bf9495f43ed677f90e59937e1e805fc5e60d49 Author: Stefan Metzmacher Date: Wed Mar 27 04:34:12 2019 +0100 vfs: fix the build of nfs4acl_xattr_ without rpc/xdr.h support Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Nov 25 06:07:32 UTC 2022 on sn-devel-184 --- Summary of changes: source3/modules/nfs4acl_xattr_nfs.c | 1 + source3/modules/nfs4acl_xattr_util.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/source3/modules/nfs4acl_xattr_nfs.c b/source3/modules/nfs4acl_xattr_nfs.c index 59e02bf1577..698630f3e6f 100644 --- a/source3/modules/nfs4acl_xattr_nfs.c +++ b/source3/modules/nfs4acl_xattr_nfs.c @@ -874,6 +874,7 @@ NTSTATUS nfs4acl_nfs_blob_to_smb4(struct vfs_handle_struct *handle, } #else /* !HAVE_RPC_XDR_H */ +#include "nfs4_acls.h" #include "nfs4acl_xattr_nfs.h" NTSTATUS nfs4acl_nfs_blob_to_smb4(struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx, diff --git a/source3/modules/nfs4acl_xattr_util.c b/source3/modules/nfs4acl_xattr_util.c index 8ea1e76ad17..998dbf2df4d 100644 --- a/source3/modules/nfs4acl_xattr_util.c +++ b/source3/modules/nfs4acl_xattr_util.c @@ -29,7 +29,6 @@ #ifdef FALSE #undef FALSE #endif -#endif #include "nfs4_acls.h" #include "nfs41acl.h" @@ -71,3 +70,4 @@ uint16_t nfs4acl_to_smb4acl_flags(unsigned nfsacl41_flags) return smb4acl_flags; } +#endif /* HAVE_RPC_XDR_H */ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 26adf334433 s3: smbd: Cause SMB2_OP_FLUSH to go synchronous in a compound anywhere but the last operation in the list. via e668c3a82cd s3: smbd: Add utility function smbd_smb2_is_last_in_compound(). via 6f149dfd9d8 s4: torture: Add an async SMB2_OP_FLUSH + SMB2_OP_FLUSH test to smb2.compound_async. via 17a110c1b58 s4: torture: Add an async SMB2_OP_FLUSH + SMB2_OP_CLOSE test to smb2.compound_async. from f6284877ce0 nsswitch: Fix uninitialized memory when allocating pwdlastset_prelim https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 26adf3344337f4e8d5d2107e6ba42e5ea7656372 Author: Jeremy Allison Date: Thu Oct 20 15:19:05 2022 -0700 s3: smbd: Cause SMB2_OP_FLUSH to go synchronous in a compound anywhere but the last operation in the list. Async read and write go synchronous in the same case, so do the same here. Remove knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15172 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Thu Nov 17 05:55:42 UTC 2022 on sn-devel-184 commit e668c3a82cd566b405c976d45659dd79786948de Author: Jeremy Allison Date: Thu Oct 20 15:08:14 2022 -0700 s3: smbd: Add utility function smbd_smb2_is_last_in_compound(). Not yet used. Returns true if we're processing the last SMB2 request in a compound. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15172 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit 6f149dfd9d8d2619a9e18975ebcf5e69df2b7766 Author: Jeremy Allison Date: Thu Oct 20 14:22:25 2022 -0700 s4: torture: Add an async SMB2_OP_FLUSH + SMB2_OP_FLUSH test to smb2.compound_async. Shows we fail sending an SMB2_OP_FLUSH + SMB2_OP_FLUSH compound if we immediately close the file afterward. Internally the flushes go async and we free the req, then we process the close. When the flushes complete they try to access already freed data. Extra test which will allow me to test when the final component (flush) of the compound goes async and returns NT_STATUS_PENDING. Add knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15172 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit 17a110c1b58196eb8ecf3c76eb97e8508976c544 Author: Jeremy Allison Date: Tue Oct 18 16:22:33 2022 -0700 s4: torture: Add an async SMB2_OP_FLUSH + SMB2_OP_CLOSE test to smb2.compound_async. Shows we fail sending an SMB2_OP_FLUSH + SMB2_OP_CLOSE compound. Internally the flush goes async and we free the req, then we process the close. When the flush completes it tries to access already freed data. Found using the Apple MacOSX client at SNIA SDC 2022. Add knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15172 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme --- Summary of changes: source3/selftest/tests.py | 2 + source3/smbd/globals.h | 1 + source3/smbd/smb2_flush.c | 14 +++ source3/smbd/smb2_server.c | 6 ++ source4/torture/smb2/compound.c | 232 source4/torture/smb2/smb2.c | 1 + 6 files changed, 256 insertions(+) Changeset truncated at 500 lines: diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index 67ba7b10484..f6cc6e0c639 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -1169,6 +1169,8 @@ for t in tests: plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD') plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/aio -U$USERNAME%$PASSWORD', 'aio') plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD') +elif t == "smb2.compound_async": +plansmbtorture4testsuite(t, "fileserver", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD') elif t == "smb2.ea": plansmbtorture4testsuite(t, "fileserver", '//$SERVER/ea_acl_xattr --option=torture:acl_xattr_name=hackme -U$USERNAME%$PASSWORD') elif t == "rpc.samba3.netlogon" or t == "rpc.samba3.sessionkey": diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index efcf02f0d24..125ef64f070 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -238,6 +238,7 @@ void smbd_server_disconnect_client_ex(struct smbXsrv_client *client, const char *smb2_opcode_name(uint16_t opcode); bool smbd_is_smb2_header(const uint8_t *inbuf, size_t size); bool smbd_smb2_is_comp
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f0ca9546102 s3: smbd: In synthetic_pathref() change DBG_ERR -> DBG_NOTICE to avoid spamming the logs. from 434f461e9e5 CVE-2022-42898 third_party/heimdal: PAC parse integer overflows https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f0ca9546102acf09f1834c03f8907ed26bfc80f8 Author: Jeremy Allison Date: Tue Nov 15 13:29:46 2022 -0800 s3: smbd: In synthetic_pathref() change DBG_ERR -> DBG_NOTICE to avoid spamming the logs. Can easily be seen by doing make test TESTS=fruit and looking in st/nt4_dc/smbd_test.log. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15210 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Nov 16 06:00:56 UTC 2022 on sn-devel-184 --- Summary of changes: source3/smbd/files.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/files.c b/source3/smbd/files.c index 64297f18773..40d71d8851b 100644 --- a/source3/smbd/files.c +++ b/source3/smbd/files.c @@ -1201,7 +1201,7 @@ NTSTATUS synthetic_pathref(TALLOC_CTX *mem_ctx, status = openat_pathref_fsp(dirfsp, smb_fname); if (!NT_STATUS_IS_OK(status)) { - DBG_ERR("opening [%s] failed\n", + DBG_NOTICE("opening [%s] failed\n", smb_fname_str_dbg(smb_fname)); TALLOC_FREE(smb_fname); return status; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
t (debug.c:1925) ==6357==by 0x4861515: reg_diff_load (patchfile.c:353) ==6357==by 0x4861CD3: reg_diff_apply (patchfile.c:542) ==6357==by 0x10ADF9: main (regpatch.c:114) ==6357== Address 0x70f79d0 is 0 bytes inside a block of size 5 free'd ==6357==at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==6357==by 0x4AF38B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2) ==6357==by 0x4AF45D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2) ==6357==by 0x10ADCF: main (regpatch.c:111) ==6357== Block was alloc'd at ==6357==at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==6357==by 0x4AF52EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2) ==6357==by 0x10ACBD: main (regpatch.c:79) ==6357== ==6357== Invalid read of size 1 ==6357==at 0x4B83DDF: _IO_default_xsputn (in /usr/lib64/libc.so.6) ==6357==by 0x4B5D39E: __vfprintf_internal (in /usr/lib64/libc.so.6) ==6357==by 0x4B7E719: __vasprintf_internal (in /usr/lib64/libc.so.6) ==6357==by 0x4AD32F0: __dbgtext_va (debug.c:1904) ==6357==by 0x4AD33F2: dbgtext (debug.c:1925) ==6357==by 0x4861515: reg_diff_load (patchfile.c:353) ==6357==by 0x4861CD3: reg_diff_apply (patchfile.c:542) ==6357==by 0x10ADF9: main (regpatch.c:114) ==6357== Address 0x70f79d2 is 2 bytes inside a block of size 5 free'd ==6357==at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==6357==by 0x4AF38B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2) ==6357==by 0x4AF45D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2) ==6357==by 0x10ADCF: main (regpatch.c:111) ==6357== Block was alloc'd at ==6357==at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==6357==by 0x4AF52EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2) ==6357==by 0x10ACBD: main (regpatch.c:79) ==6357== Error reading registry patch file `file' BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205 Signed-off-by: Noel Power Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Oct 14 13:38:55 UTC 2022 on sn-devel-184 commit 4b15d8c2a5c8547b84e7926fed9890b5676b8bc3 Author: Noel Power Date: Fri Oct 14 11:45:13 2022 +0100 s3/utils: Fix use after free with popt 1.19 popt1.19 fixes a leak that exposes a use as free, make sure we duplicate return of poptGetArg if poptFreeContext is called before we use it. ==6055== Command: ./bin/testparm /etc/samba/smb.conf ==6055== ==6055== Invalid read of size 1 ==6055==at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==6055==by 0x4C1E50F: __vfprintf_internal (in /usr/lib64/libc.so.6) ==6055==by 0x4C1EB74: buffered_vfprintf (in /usr/lib64/libc.so.6) ==6055==by 0x4C119E9: fprintf (in /usr/lib64/libc.so.6) ==6055==by 0x10EBFA: main (testparm.c:862) ==6055== Address 0x72dab70 is 0 bytes inside a block of size 20 free'd ==6055==at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==6055==by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2) ==6055==by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2) ==6055==by 0x10EBAC: main (testparm.c:854) ==6055== Block was alloc'd at ==6055==at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==6055==by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2) ==6055==by 0x10EB2E: main (testparm.c:830) ==6055== ==6055== Invalid read of size 1 ==6055==at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==6055==by 0x4C1E50F: __vfprintf_internal (in /usr/lib64/libc.so.6) ==6055==by 0x4C1EB74: buffered_vfprintf (in /usr/lib64/libc.so.6) ==6055==by 0x4C119E9: fprintf (in /usr/lib64/libc.so.6) ==6055==by 0x10EBFA: main (testparm.c:862) ==6055== Address 0x72dab71 is 1 bytes inside a block of size 20 free'd ==6055==at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==6055==by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2) ==6055==by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2) ==6055==by 0x10EBAC: main (testparm.c:854) ==6055== Block was alloc'd at ==6055==at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==6055==by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2) ==6055==by 0x10EB2E: main (testparm.c:830) ==6055== ==6055== Invalid read of size 1 ==6055==at 0x4C44DD0: _IO_default_xsputn (in /usr/l
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 266bcedc18e s4:messaging: let imessaging_client_init() use imessaging_init_discard_incoming() via 32df5e4961c s3:auth_samba4: make use of imessaging_init_discard_incoming() via a120fb1c724 s4:messaging: add imessaging_init_discard_incoming() via 5d91ecf01dc vfs_glusterfs: Add path based fallback mechanism for SMB_VFS_FNTIMES via 5d66d5b84f8 smbXsrv_client: handle NAME_NOT_FOUND from smb2srv_client_connection_{pass,drop}() via 8c8d8cf01e0 smbXsrv_client: make sure we only wait for smb2srv_client_mc_negprot_filter once and only when needed via 56c597bc2b2 smbXsrv_client: call smb2srv_client_connection_{pass,drop}() before dbwrap_watched_watch_send() via acb3d821dea smbXsrv_client: fix a debug message in smbXsrv_client_global_verify_record() via 636ec45c93a smbXsrv_client: ignore NAME_NOT_FOUND from smb2srv_client_connection_passed from cc397175cb9 vfs_glusterfs: Simplify SMB_VFS_FDOPENDIR implementation https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 266bcedc18efc52e29efde6bad220623a5423e30 Author: Stefan Metzmacher Date: Wed Sep 28 14:27:09 2022 +0200 s4:messaging: let imessaging_client_init() use imessaging_init_discard_incoming() imessaging_client_init() is for temporary stuff only, so we should drop (unexpected) incoming messages unless we expect irpc responses. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15201 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Thu Oct 13 13:32:30 UTC 2022 on sn-devel-184 commit 32df5e4961cf064b72bb496157cc6092126d9b8e Author: Stefan Metzmacher Date: Wed Sep 28 14:14:41 2022 +0200 s3:auth_samba4: make use of imessaging_init_discard_incoming() Otherwise we'll generate a memory leak of imessaging_post_state/ tevent_immediate structures per incoming message! BUG: https://bugzilla.samba.org/show_bug.cgi?id=15201 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit a120fb1c724dfaed5a99e34aaf979502586f17c0 Author: Stefan Metzmacher Date: Wed Sep 28 13:47:13 2022 +0200 s4:messaging: add imessaging_init_discard_incoming() We often create imessaging contexts just for sending messages, but we'll never process incoming messages because a temporary event context was used and we just queue a lot of imessaging_post_state structures with immediate events. With imessaging_init_discard_incoming() we'll discard any incoming messages unless we have pending irpc requests. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15201 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit 5d91ecf01dce95400da5d6ac181144df1e32ca35 Author: Anoop C S Date: Thu Oct 13 15:54:10 2022 +0530 vfs_glusterfs: Add path based fallback mechanism for SMB_VFS_FNTIMES Fallback mechanism was missing in vfs_gluster_fntimes() for path based call. Therefore adding a similar mechanism as seen with other calls like vfs_gluster_fsetxattr, vfs_gluster_fgetxattr etc. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15198 Signed-off-by: Anoop C S Reviewed-by: Ralph Boehme commit 5d66d5b84f87267243dcd5223210906ce589af91 Author: Stefan Metzmacher Date: Wed Oct 12 14:57:18 2022 +0200 smbXsrv_client: handle NAME_NOT_FOUND from smb2srv_client_connection_{pass,drop}() If we get NT_STATUS_OBJECT_NOT_FOUND from smb2srv_client_connection_{pass,drop}() we should just keep the connection and overwrite the stale record in smbXsrv_client_global.tdb. It's basically a race with serverid_exists() and a process that doesn't cleanly teardown. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15200 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit 8c8d8cf01e01c2726d03fa1c81e0ce9992ee736c Author: Stefan Metzmacher Date: Wed Oct 12 14:15:53 2022 +0200 smbXsrv_client: make sure we only wait for smb2srv_client_mc_negprot_filter once and only when needed This will simplify the following changes... BUG: https://bugzilla.samba.org/show_bug.cgi?id=15200 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit 56c597bc2b29dc3e555f737ba189f521d0e31e8c Author: Stefan Metzmacher Date: Wed Oct 12 13:54:41 2022 +0200 smbXsrv_client: call smb2srv_client_connection_{pass,drop}() before dbwrap_watched_watch_send() dbwrap_watched_watch_send() should typically be the last thing to call before the db record is unlocked, as it's not that easy to undo. In future we want to recover from smb2srv_client_connection_{pass,drop}() returning NT_STATUS_OBJECT_N
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via cc397175cb9 vfs_glusterfs: Simplify SMB_VFS_FDOPENDIR implementation via 7af4bfe8285 vfs_glusterfs: Add path based fallback mechanism for SMB_VFS_FGETXATTR via 6a6bd1a0530 vfs_glusterfs: Do not use glfs_fgetxattr() for SMB_VFS_GET_REAL_FILENAME_AT via 8cbd9e63724 vfs_glusterfs: Simplify SMB_VFS_GET_REAL_FILENAME_AT implementation from 0bf8d136769 docs-xml: some fixes to acl parameter documentation https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit cc397175cb9a1b06f268ecf6b3d62f621947cbba Author: Anoop C S Date: Tue Oct 11 23:02:48 2022 +0530 vfs_glusterfs: Simplify SMB_VFS_FDOPENDIR implementation It was unnecessary to construct full directory path as "dir/." which is same as "dir". We could just directly use fsp->fsp_name->base_name and return directory stream obtained from glfs_opendir(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=15198 Signed-off-by: Anoop C S Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Oct 12 12:48:50 UTC 2022 on sn-devel-184 commit 7af4bfe8285714c137b6347b17305c9cd0702bdd Author: Anoop C S Date: Mon Oct 10 20:29:13 2022 +0530 vfs_glusterfs: Add path based fallback mechanism for SMB_VFS_FGETXATTR Fallback mechanism was missing in vfs_gluster_fgetxattr() for path based call. Therefore adding a similar mechanism as seen with other calls like vfs_gluster_fsetxattr, vfs_gluster_flistxattr etc. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15198 Signed-off-by: Anoop C S Reviewed-by: Ralph Boehme commit 6a6bd1a0530424def64d2d462b54e4c1f4f9bebb Author: Anoop C S Date: Tue Oct 11 23:27:37 2022 +0530 vfs_glusterfs: Do not use glfs_fgetxattr() for SMB_VFS_GET_REAL_FILENAME_AT glfs_fgetxattr() or generally fgetxattr() will return EBADF as dirfsp here is a pathref fsp. GlusterFS client log had following entries indicating the error: W [MSGID: 114031] [client-rpc-fops_v2.c:993:client4_0_fgetxattr_cbk] \ 0-vol-client-0: remote operation failed. [{errno=9}, {error=Bad file descriptor}] Therefore use glfs_getxattr() only for implementing get_real_filename_at logic. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15198 Signed-off-by: Anoop C S Reviewed-by: Ralph Boehme commit 8cbd9e63724d80c06565d0c90bd107166dfd9bbe Author: Anoop C S Date: Tue Oct 11 23:25:46 2022 +0530 vfs_glusterfs: Simplify SMB_VFS_GET_REAL_FILENAME_AT implementation It was unnecessary to construct full directory path as "dir/." which is same as "dir". We could just directly use dirfsp->fsp_name->base_name for glfs_getxattr() and return the result. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15198 Signed-off-by: Anoop C S Reviewed-by: Ralph Boehme --- Summary of changes: source3/modules/vfs_glusterfs.c | 89 ++--- 1 file changed, 21 insertions(+), 68 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c index 4284d7dea1d..4b309de1377 100644 --- a/source3/modules/vfs_glusterfs.c +++ b/source3/modules/vfs_glusterfs.c @@ -627,38 +627,12 @@ static DIR *vfs_gluster_fdopendir(struct vfs_handle_struct *handle, uint32_t attributes) { glfs_fd_t *glfd = NULL; - struct smb_filename *full_fname = NULL; - struct smb_filename *smb_fname_dot = NULL; - - smb_fname_dot = synthetic_smb_fname(fsp->fsp_name, - ".", - NULL, - NULL, - 0, - 0); - - if (smb_fname_dot == NULL) { - return NULL; - } - - full_fname = full_path_from_dirfsp_atname(talloc_tos(), - fsp, - smb_fname_dot); - if (full_fname == NULL) { - TALLOC_FREE(smb_fname_dot); - return NULL; - } - glfd = glfs_opendir(handle->data, full_fname->base_name); + glfd = glfs_opendir(handle->data, fsp->fsp_name->base_name); if (glfd == NULL) { - TALLOC_FREE(full_fname); - TALLOC_FREE(smb_fname_dot); return NULL; } - TALLOC_FREE(full_fname); - TALLOC_FREE(smb_fname_dot); - return (DIR *)glfd; } @@ -2267,12 +2241,6 @@ static NTSTATUS vfs_gluster_get_real_filenam
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 9a8bc67f4a5 vfs_glusterfs: Remove special handling of O_CREAT flag from 3ad0fa69255 pyldb: Fix typos in function names https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9a8bc67f4a5e4afecd648523f43a8e97584fcfd0 Author: Anoop C S Date: Mon Oct 3 15:36:13 2022 +0530 vfs_glusterfs: Remove special handling of O_CREAT flag Special handling of O_CREAT flag in SMB_VFS_OPENAT code path was the only option to ensure correctness due to a bug in libgfapi as detailed in issue #3838[1] from GlusterFS upstream. This has been fixed recently so that O_CREAT is handled correctly within glfs_openat() enbaling us to remove the corresponding special case from vfs_gluster_openat(). [1] https://github.com/gluster/glusterfs/issues/3838 Signed-off-by: Anoop C S Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Thu Oct 6 08:34:56 UTC 2022 on sn-devel-184 --- Summary of changes: source3/modules/vfs_glusterfs.c | 78 - 1 file changed, 30 insertions(+), 48 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c index 33f941aaca9..4284d7dea1d 100644 --- a/source3/modules/vfs_glusterfs.c +++ b/source3/modules/vfs_glusterfs.c @@ -825,61 +825,43 @@ static int vfs_gluster_openat(struct vfs_handle_struct *handle, became_root = true; } - /* -* O_CREAT flag in open is handled differently in a way which is *NOT* -* safe against symlink race situations. We use glfs_creat() instead -* for correctness as glfs_openat() is broken with O_CREAT present -* in open flags. -*/ - if (flags & O_CREAT) { - if (fsp_get_pathref_fd(dirfsp) != AT_FDCWD) { - /* -* Replace smb_fname with full_path constructed above. -*/ - smb_fname = full_fname; + if (fsp_get_pathref_fd(dirfsp) != AT_FDCWD) { +#ifdef HAVE_GFAPI_VER_7_11 + /* +* Fetch Gluster fd for parent directory using dirfsp +* before calling glfs_openat(); +*/ + pglfd = vfs_gluster_fetch_glfd(handle, dirfsp); + if (pglfd == NULL) { + END_PROFILE(syscall_openat); + DBG_ERR("Failed to fetch gluster fd\n"); + return -1; } + glfd = glfs_openat(pglfd, + smb_fname->base_name, + flags, + how->mode); +#else + /* +* Replace smb_fname with full_path constructed above. +*/ + smb_fname = full_fname; +#endif + } + + if (pglfd == NULL) { /* * smb_fname can either be a full_path or the same one * as received from the caller. In the latter case we * are operating at current working directory. */ - glfd = glfs_creat(handle->data, - smb_fname->base_name, - flags, - how->mode); - } else { - if (fsp_get_pathref_fd(dirfsp) != AT_FDCWD) { -#ifdef HAVE_GFAPI_VER_7_11 - /* -* Fetch Gluster fd for parent directory using dirfsp -* before calling glfs_openat(); -*/ - pglfd = vfs_gluster_fetch_glfd(handle, dirfsp); - if (pglfd == NULL) { - END_PROFILE(syscall_openat); - DBG_ERR("Failed to fetch gluster fd\n"); - return -1; - } - - glfd = glfs_openat(pglfd, - smb_fname->base_name, - flags, - how->mode); -#else - /* -* Replace smb_fname with full_path constructed above. -*/ - smb_fname = full_fname; -#endif - } - - if (pglfd == NULL) { - /* -* smb_fname can either be a full_path or the same one -* as received from the caller. In the latter case we -* are operating at current working directory. -
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3a37e4155c3 smbd: Catch streams on non-stream shares via 201e1969bf3 smbd: return NT_STATUS_OBJECT_NAME_INVALID if a share doesn't support streams via 3dcdab86f13 smbtorture: add a test trying to create a stream on share without streams support from a5156649d58 tests: Test basic handling of SMB2_CREATE_TAG_POSIX https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3a37e4155c3cd82388652f89b611f2c46fee8525 Author: Volker Lendecke Date: Fri Sep 2 11:46:53 2022 +0200 smbd: Catch streams on non-stream shares BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15161 Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Sep 2 15:56:56 UTC 2022 on sn-devel-184 commit 201e1969bf31af07e8bd52876ff7f4d72b48a848 Author: Ralph Boehme Date: Fri Sep 2 12:09:53 2022 +0200 smbd: return NT_STATUS_OBJECT_NAME_INVALID if a share doesn't support streams This is what a Windows server returns. Tested with a share residing on a FAT formatted drive, a Windows filesystem that doesn't support streams. Combinations tested: file::$DATA file:stream file:stream:$DATA All three fail with NT_STATUS_OBJECT_NAME_INVALID. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15161 Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke commit 3dcdab86f13fabb7a8c6ce71c59a565287d11244 Author: Ralph Boehme Date: Thu Sep 1 18:55:23 2022 +0200 smbtorture: add a test trying to create a stream on share without streams support BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15161 Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke --- Summary of changes: source3/selftest/tests.py | 2 ++ source3/smbd/filename.c | 6 ++ source3/smbd/files.c | 10 +++-- source3/smbd/open.c | 2 +- source4/selftest/tests.py | 1 + source4/torture/smb2/create.c | 48 +++ source4/torture/smb2/smb2.c | 1 + 7 files changed, 67 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index 25f8fa56c58..82f24dbdfab 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -1097,6 +1097,8 @@ for t in tests: elif t == "smb2.twrp": # This is being driven by samba3.blackbox.shadow_copy_torture pass +elif t == "smb2.create_no_streams": +plansmbtorture4testsuite(t, "fileserver", '//$SERVER_IP/nfs4acl_simple_40 -U$USERNAME%$PASSWORD') elif t == "rpc.wkssvc": plansmbtorture4testsuite(t, "ad_member", '//$SERVER/tmp -U$DC_USERNAME%$DC_PASSWORD') elif t == "rpc.srvsvc": diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c index ca94b7ec7f9..0be8e320ffa 100644 --- a/source3/smbd/filename.c +++ b/source3/smbd/filename.c @@ -1120,6 +1120,12 @@ static NTSTATUS filename_convert_dirfsp_nosymlink( goto fail; } + if ((streamname != NULL) && + ((conn->fs_capabilities & FILE_NAMED_STREAMS) == 0)) { + status = NT_STATUS_OBJECT_NAME_INVALID; + goto fail; + } + if (!posix) { bool name_has_wild = ms_has_wild(dirname); name_has_wild |= ms_has_wild(fname_rel); diff --git a/source3/smbd/files.c b/source3/smbd/files.c index 095a01723b1..e7c83505328 100644 --- a/source3/smbd/files.c +++ b/source3/smbd/files.c @@ -565,8 +565,14 @@ NTSTATUS openat_pathref_fsp(const struct files_struct *dirfsp, return NT_STATUS_OK; } - if (!(conn->fs_capabilities & FILE_NAMED_STREAMS) || - !is_named_stream(smb_fname)) { + if (is_named_stream(smb_fname) && + ((conn->fs_capabilities & FILE_NAMED_STREAMS) == 0)) { + DBG_DEBUG("stream open [%s] on non-stream share\n", + smb_fname_str_dbg(smb_fname)); + return NT_STATUS_OBJECT_NAME_INVALID; + } + + if (!is_named_stream(smb_fname)) { /* * openat_pathref_fullname() will make "full_fname" a * talloc child of the smb_fname->fsp. Don't use diff --git a/source3/smbd/open.c b/source3/smbd/open.c index db0cb47d34d..d443a0291f9 100644 --- a/source3/smbd/open.c +++ b
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a5156649d58 tests: Test basic handling of SMB2_CREATE_TAG_POSIX via eaaa7425b56 smbd: Handle SMB2_CREATE_TAG_POSIX at the smb2 layer via 95657d40f08 smbd: Introduce helper var in smbd_smb2_create_fetch_create_ctx() via cb0381ddc69 pylibsmb: Add create_ex() via 68ba30215da pylibsmb: Add smb2 create tag strings via 51f99b7f191 tests: Test invalid smb3 unix negotiate contexts via b833431b5ca pylibsmb: Allow passing negotiate contexts via 5d95de0637c libsmb: Allow smb2 neg ctx in cli_full_connection_creds_send() via 887facd3738 tests: Add smb3 posix negotiate tests via 0f75963cf4c param: Add "smb3 unix extensions" via 0bd31c71ab1 pylibsmb: Add "have_posix" function via b9eff7b90c5 pylibsmb: Allow requesting Posix extensions via 2711521b5f6 libsmb: Allow to request SMB311 posix in source3/libsmb via ae5dc52d236 smbXcli: Detect the SMB311 posix negotiate context via d7e928794e4 smbd: Convert store_smb2_posix_info() to use an existing blob via efc81874ef3 smbd: Convert smb2_posix_cc_info() to use an existing blob via 43811868d1d smbd: Introduce "conn" helper var in smbd_smb2_create_after_exec() from 1788b59bc0a s3/winbindd: Fix bad access to sid array (with debug level >= info) https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a5156649d58df07f58e479076ea8a0b41b450ea4 Author: Volker Lendecke Date: Wed Aug 31 12:38:23 2022 +0200 tests: Test basic handling of SMB2_CREATE_TAG_POSIX Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Sep 2 14:31:25 UTC 2022 on sn-devel-184 commit eaaa7425b563c6fa88210ff23d5c5d7f0d46b9f5 Author: Volker Lendecke Date: Thu Sep 1 12:17:44 2022 +0200 smbd: Handle SMB2_CREATE_TAG_POSIX at the smb2 layer We're not doing anything with this yet, this is just to provide a test counterpart. Protected by -DDEVELOPER and "smb3 unix extensions = yes" Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 95657d40f08a7fc7468690b86e8b49333e9eabc3 Author: Volker Lendecke Date: Wed Aug 31 15:37:03 2022 +0200 smbd: Introduce helper var in smbd_smb2_create_fetch_create_ctx() xconn will be used in another place soon Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit cb0381ddc692efdff7dd1d7007e161628b8132af Author: Volker Lendecke Date: Mon Aug 29 17:02:25 2022 +0200 pylibsmb: Add create_ex() This is an extension of the create() function allowing smb2 create contexts to be passed back and forth and also returning the smb_create_returns. A new function seemed necessary for me because we need to return not just the fnum. So I chose a 3-tuple, see the test for an example how to use this. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 68ba30215da2623edd0bdb6b92e576d616cee0f3 Author: Volker Lendecke Date: Wed Aug 31 11:37:54 2022 +0200 pylibsmb: Add smb2 create tag strings Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 51f99b7f191b18c4aabc632e4e32bfa8fc8a3ee7 Author: Volker Lendecke Date: Fri Aug 26 16:29:32 2022 +0200 tests: Test invalid smb3 unix negotiate contexts Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit b833431b5ca40d6c6b9a46f93a625aff02415113 Author: Volker Lendecke Date: Fri Aug 26 15:38:04 2022 +0200 pylibsmb: Allow passing negotiate contexts Pass in a list of tuples with (type, bytes) Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 5d95de0637cbf978ba9603e4074ccd3ce37fba9b Author: Volker Lendecke Date: Fri Aug 26 14:17:26 2022 +0200 libsmb: Allow smb2 neg ctx in cli_full_connection_creds_send() Will be used to test smb3 posix contexts Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 887facd37384ba932a93393e135cf82af66cb058 Author: Volker Lendecke Date: Fri Aug 26 14:00:28 2022 +0200 tests: Add smb3 posix negotiate tests Make sure we do and don't announce posix depending on "smb3 unix extensions" parameter Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 0f75963cf4c3b0d1b67ce7fc9513c0b578ec86f6 Author: Volker Lendecke Date: Thu Aug 25 16:42:37 2022 +0200 param: Add "smb3 unix extensions" Only available in DEVELOPER builds. Adding now to get some testing step by step done. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 0bd31c71ab114930dcfa220faa1f03dbd4e7c059 Author: Volker Lendecke Date: Thu Aug 25 16:28:04 2
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f99fb9aa120 python:tests: Allocate OID range for testing to avoid collisions via 672ec6135f9 schema_samba4.ldif: Allocate previously added OIDs from 6d493a9d568 smbd: implement access checks for SMB2-GETINFO as per MS-SMB2 3.3.5.20.1 https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f99fb9aa120c5a7d499bff717b812d81ddd7e9f1 Author: Joseph Sutton Date: Thu Aug 25 20:21:01 2022 +1200 python:tests: Allocate OID range for testing to avoid collisions sid_strings.py used the same OID range as ldap_schema.py, which occasionally led to test failures when the same OID was generated twice. Using a different range, and making use of the expected RID if we have it, should reduce the likelihood of collisions. Signed-off-by: Joseph Sutton Reviewed-by: Douglas Bagnall Reviewed-by: Stefan Metzmacher Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Thu Aug 25 13:55:47 UTC 2022 on sn-devel-184 commit 672ec6135f9ae3d7b5439523a4f456c19fb03a88 Author: Joseph Sutton Date: Thu Aug 25 20:15:33 2022 +1200 schema_samba4.ldif: Allocate previously added OIDs DSDB_CONTROL_FORCE_ALLOW_VALIDATED_DNS_HOSTNAME_SPN_WRITE_OID was added to source4/dsdb/samdb/samdb.h in commit c2ab1f4696fa3f52918a126d0b37993a07f68bcb. DSDB_EXTENDED_SCHEMA_LOAD was added in commit 1fd4cdfafaa6a41c824d1b3d76635bf3e446de0f. Signed-off-by: Joseph Sutton Reviewed-by: Douglas Bagnall Reviewed-by: Stefan Metzmacher --- Summary of changes: python/samba/tests/sid_strings.py | 8 +++- source4/setup/schema_samba4.ldif | 3 +++ 2 files changed, 10 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/python/samba/tests/sid_strings.py b/python/samba/tests/sid_strings.py index ece35c12bfc..71b7756d235 100644 --- a/python/samba/tests/sid_strings.py +++ b/python/samba/tests/sid_strings.py @@ -88,11 +88,17 @@ class SidStringTests(TestCase): class_dn = f'CN={class_name},{self.schema_dn}' +governs_id = f'1.3.6.1.4.1.7165.4.6.2.9.{random_suffix}' +if expected_sid is not None: +# Append the RID to our OID to ensure more uniqueness. +rid = expected_sid.rsplit('-', 1)[1] +governs_id += f'.{rid}' + ldif = f''' dn: {class_dn} objectClass: classSchema cn: {class_name} -governsId: 1.3.6.1.4.1.7165.4.6.2.6.3.{random_suffix} +governsId: {governs_id} subClassOf: top possSuperiors: domainDNS defaultSecurityDescriptor: O:{code} diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif index a31b67750d4..d3a1f1c9ad7 100644 --- a/source4/setup/schema_samba4.ldif +++ b/source4/setup/schema_samba4.ldif @@ -32,6 +32,7 @@ ## 1.3.6.1.4.1.7165.4.6.2.6.x - ldap_schema.py ## 1.3.6.1.4.1.7165.4.6.2.7.x - dsdb_schema_info.py ## 1.3.6.1.4.1.7165.4.6.2.8.x - getnc_schema.py +## 1.3.6.1.4.1.7165.4.6.2.9.x - sid_strings.py ## 1.3.6.1.4.1.7165.4.255.x - mapped OIDs due to conflicts between AD and standards-track # @@ -231,6 +232,7 @@ #Allocated: DSDB_CONTROL_INVALID_NOT_IMPLEMENTED 1.3.6.1.4.1.7165.4.3.32 #Allocated: DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID 1.3.6.1.4.1.7165.4.3.33 #Allocated: DSDB_CONTROL_TRANSACTION_IDENTIFIER_OID 1.3.6.1.4.1.7165.4.3.34 +#Allocated: DSDB_CONTROL_FORCE_ALLOW_VALIDATED_DNS_HOSTNAME_SPN_WRITE_OID 1.3.6.1.4.1.7165.4.3.35 # Extended 1.3.6.1.4.1.7165.4.4.x @@ -243,6 +245,7 @@ #Allocated: DSDB_EXTENDED_SEC_DESC_PROPAGATION_OID 1.3.6.1.4.1.7165.4.4.7 #Allocated: DSDB_EXTENDED_CREATE_OWN_RID_SET 1.3.6.1.4.1.7165.4.4.8 #Allocated: DSDB_EXTENDED_ALLOCATE_RID 1.3.6.1.4.1.7165.4.4.9 +#Allocated: DSDB_EXTENDED_SCHEMA_LOAD 1.3.6.1.4.1.7165.4.4.10 -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6d493a9d568 smbd: implement access checks for SMB2-GETINFO as per MS-SMB2 3.3.5.20.1 via 9b2d2815710 smbtorture: check required access for SMB2-GETINFO via 66e40690bdd s4/libcli/smb2: avoid using smb2_composite_setpathinfo() in smb2_util_setatr() from 339e78f2075 gitlab-ci: Add a shellcheck runner https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6d493a9d568c08cfe5242821ccbd5a5ee1fe5284 Author: Ralph Boehme Date: Sun Aug 14 18:46:24 2022 +0200 smbd: implement access checks for SMB2-GETINFO as per MS-SMB2 3.3.5.20.1 The spec lists the following as requiring special access: - for requiring FILE_READ_ATTRIBUTES: FileBasicInformation FileAllInformation FileNetworkOpenInformation FileAttributeTagInformation - for requiring FILE_READ_EA: FileFullEaInformation All other infolevels are unrestricted. We ignore the IPC related infolevels: FilePipeInformation FilePipeLocalInformation FilePipeRemoteInformation BUG: https://bugzilla.samba.org/show_bug.cgi?id=15153 RN: Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Tue Aug 23 12:54:08 UTC 2022 on sn-devel-184 commit 9b2d28157107602fcbe659664cf9ca25f08bb30b Author: Ralph Boehme Date: Fri Aug 19 17:29:55 2022 +0200 smbtorture: check required access for SMB2-GETINFO BUG: https://bugzilla.samba.org/show_bug.cgi?id=15153 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit 66e40690bdd41800a01333ce4243bd62ee2b1894 Author: Ralph Boehme Date: Sun Aug 14 18:51:30 2022 +0200 s4/libcli/smb2: avoid using smb2_composite_setpathinfo() in smb2_util_setatr() smb2_composite_setpathinfo() uses SEC_FLAG_MAXIMUM_ALLOWED which can have unwanted side effects like breaking oplocks if the effective access includes [READ|WRITE]_DATA. For changing the DOS attributes we only need SEC_FILE_WRITE_ATTRIBUTE. With this change test_smb2_oplock_batch25() doesn't trigger an oplock break anymore. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15153 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher --- Summary of changes: selftest/knownfail | 3 +- source3/smbd/smb2_getinfo.c| 28 source4/libcli/smb2/util.c | 37 +-- source4/torture/smb2/getinfo.c | 147 + source4/torture/smb2/oplock.c | 10 +-- 5 files changed, 208 insertions(+), 17 deletions(-) Changeset truncated at 500 lines: diff --git a/selftest/knownfail b/selftest/knownfail index 0b4c5a44a7f..82dd7e1e8b4 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -176,6 +176,7 @@ ^samba4.smb2.oplock.stream1 # samba 4 oplocks are a mess ^samba4.smb2.oplock.statopen1\(ad_dc_ntvfs\)$ # fails with ACCESS_DENIED on a SYNCHRONIZE_ACCESS open ^samba4.smb2.getinfo.complex # streams on directories does not work +^samba4.smb2.getinfo.getinfo_access\(ad_dc_ntvfs\) # Access checks not implemented ^samba4.smb2.getinfo.qfs_buffercheck # S4 does not do the INFO_LENGTH_MISMATCH/BUFFER_OVERFLOW thingy ^samba4.smb2.getinfo.qfile_buffercheck # S4 does not do the INFO_LENGTH_MISMATCH/BUFFER_OVERFLOW thingy ^samba4.smb2.getinfo.qsec_buffercheck # S4 does not do the BUFFER_TOO_SMALL thingy @@ -207,10 +208,8 @@ ^samba3.smb2.oplock.stream1 ^samba3.smb2.streams.rename ^samba3.smb2.streams.rename2 -^samba3.smb2.streams.attributes1\(.*\) ^samba3.smb2.streams streams_xattr.rename\(nt4_dc\) ^samba3.smb2.streams streams_xattr.rename2\(nt4_dc\) -^samba3.smb2.streams streams_xattr.attributes1\(nt4_dc\) ^samba3.smb2.getinfo.complex ^samba3.smb2.getinfo.fsinfo # quotas don't work yet ^samba3.smb2.setinfo.setinfo diff --git a/source3/smbd/smb2_getinfo.c b/source3/smbd/smb2_getinfo.c index 0320dcc5fde..23322e7b85f 100644 --- a/source3/smbd/smb2_getinfo.c +++ b/source3/smbd/smb2_getinfo.c @@ -303,6 +303,34 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx, ZERO_STRUCT(write_time_ts); + /* +* MS-SMB2 3.3.5.20.1 "Handling SMB2_0_INFO_FILE" +* +* FileBasicInformation, FileAllInformation, +* FileNetworkOpenInformation, FileAttributeTagInformation +* require FILE_READ_ATTRIBUTES. +* +* FileFullEaInformation requires FILE_READ_EA. +*/ + switch (in_file_info_class) { + case FSCC_FILE_BASIC_INFORMATION: + case FSCC_
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 766151bf5b7 lib:replace: Only include on non-Linux systems via 9459f85511a Revert "lib:replace: Remove from filesys.h" from 3aecd6e7b50 ctdb-common: CID 1507498: Control flow issues (DEADCODE) https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 766151bf5b7ef95ae4c8c98b8994e5c21c5bbec0 Author: Andreas Schneider Date: Tue Aug 2 07:55:46 2022 +0200 lib:replace: Only include on non-Linux systems Details at: https://sourceware.org/glibc/wiki/Release/2.36#Usage_of_.3Clinux.2Fmount.h.3E_and_.3Csys.2Fmount.h.3E BUG: https://bugzilla.samba.org/show_bug.cgi?id=15132 Signed-off-by: Andreas Schneider Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Tue Aug 2 11:05:14 UTC 2022 on sn-devel-184 commit 9459f85511a11d9a159fc8c7bb3c2d781555f87d Author: Andreas Schneider Date: Tue Aug 2 07:55:11 2022 +0200 Revert "lib:replace: Remove from filesys.h" This reverts commit 7a6bd2279897ed389d10f09e5b315a7bca96e7d4. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15132 Signed-off-by: Andreas Schneider Reviewed-by: Ralph Boehme --- Summary of changes: lib/replace/system/filesys.h | 6 ++ lib/replace/wscript | 3 +++ 2 files changed, 9 insertions(+) Changeset truncated at 500 lines: diff --git a/lib/replace/system/filesys.h b/lib/replace/system/filesys.h index 190c6b90f93..bb9482c69af 100644 --- a/lib/replace/system/filesys.h +++ b/lib/replace/system/filesys.h @@ -36,10 +36,16 @@ #include #endif +/* This include is required on UNIX (*BSD, AIX, ...) for statfs() */ +#if !defined(LINUX) && defined(HAVE_SYS_MOUNT_H) +#include +#endif + #ifdef HAVE_MNTENT_H #include #endif +/* This include is required on Linux for statfs() */ #ifdef HAVE_SYS_VFS_H #include #endif diff --git a/lib/replace/wscript b/lib/replace/wscript index 4c774d9f0c3..dd9b19219a1 100644 --- a/lib/replace/wscript +++ b/lib/replace/wscript @@ -31,6 +31,9 @@ def configure(conf): conf.env.standalone_replace = conf.IN_LAUNCH_DIR() +if sys.platform.rfind('linux') > -1: +conf.DEFINE('LINUX', '1') + conf.DEFINE('BOOL_DEFINED', 1) conf.DEFINE('HAVE_LIBREPLACE', 1) conf.DEFINE('LIBREPLACE_NETWORK_CHECKS', 1) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
x27; \ --option="torture:timelimit=60" \ --option="torture:nprocs=256" From some like this: open[num/s=8800,avslat=0.021445,minlat=0.95,maxlat=0.179786] close[num/s=8800,avslat=0.021658,minlat=0.44,maxlat=0.179819] to: open[num/s=10223,avslat=0.017922,minlat=0.83,maxlat=0.106759] close[num/s=10223,avslat=0.017694,minlat=0.40,maxlat=0.107345] BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Tue Jul 26 14:32:35 UTC 2022 on sn-devel-184 commit 9d9991166322477781f20372ffd7c19d1632276c Author: Stefan Metzmacher Date: Sun Jun 26 12:57:06 2022 + s3:dbwrap_watch: only notify the first waiter In case of a highly contended record we will have a lot of watchers, which will all race to get g_lock_lock() to finish. If g_lock_unlock() wakes them all, e.g. 250 of them, we get a thundering herd, were 249 will only find that one of them as able to get the lock and re-add their watcher entry (not unlikely in a different order). With this commit we only wake the first watcher and let it remove itself once it no longer wants to monitor the record content (at that time it will wake the new first watcher). It means the woken watcher doesn't have to race with all others and also means order of watchers is kept, which means that we most likely get a fair latency distribution for all watchers. The following test with 256 commections all looping with open/close on the same inode (share root) is improved drastically: smbtorture //127.0.0.1/m -Uroot%test smb2.create.bench-path-contention-shared \ --option='torture:bench_path=' \ --option="torture:timelimit=60" \ --option="torture:nprocs=256" From some like this: open[num/s=80,avslat=2.793862,minlat=0.004097,maxlat=46.597053] close[num/s=80,avslat=2.387326,minlat=0.023875,maxlat=50.878165] to: open[num/s=8800,avslat=0.021445,minlat=0.95,maxlat=0.179786] close[num/s=8800,avslat=0.021658,minlat=0.44,maxlat=0.179819] BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison Reviewed-by: Ralph Boehme commit 6e701d02ee2d0fc304157395c451d3b972128cfc Author: Stefan Metzmacher Date: Tue Jul 5 16:05:15 2022 +0200 s3:smbXsrv_session: only change the dbwrap_watch instance when the record has changed This will become important in the following commits when the dbwrap_watch layer will only wake up one watcher at a time and each woken watcher will wakeup the next one. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit 98269bd5f31a2521b756e0a20fba82e9122582f7 Author: Stefan Metzmacher Date: Mon Jul 25 22:28:27 2022 +0200 s3:smbXsrv_session: introduce smb2srv_session_close_previous_cleanup() This makes sure we cleanup the locked record in all cases. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit 67af3586d989be9d6a8fe7e7789250451b03f2bb Author: Stefan Metzmacher Date: Tue Jul 5 16:04:09 2022 +0200 s3:smbXsrv_client: only change the dbwrap_watch instance when the record has changed This will become important in the following commits when the dbwrap_watch layer will only wake up one watcher at a time and each woken watcher will wakeup the next one. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit e33143099b37a4d79a1cd45ca43a5a5d9d63b261 Author: Stefan Metzmacher Date: Sun Jun 26 16:16:38 2022 + s3:g_lock: try to keep the watch instance during g_lock_watch_data() Unless the unique_lock_epoch changes via g_lock_lock()/g_lock_unlock() we try to keep our existing watch instance alive while waiting for unique_data_epoch to change. This will become important in the following commits when the dbwrap_watch layer will only wake up one watcher at a time and each woken watcher will wakeup the next one. Without this commit we would trigger an endless loop as none of the watchers will ever change unique_data_epoch. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit 20f3fd021911a118228815cb32d436069b0273d1 Author: Stefan Metzmacher Date: Sun Jun 26 16:16:38 2022 + s3:g_lock: remember an unique_lock_epoch similar
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 8ff2fe33bda smbd: Userspace symlink eval in filename_convert_dirfsp() via 9fc4659215a smbd: Take care of @GMT in SMB1's reply_ntcreate_and_X() via 7bb8af3f74c vfs_error_inject: Ignore openat() from openat_pathref_dirfsp_nosymlink() via d6fcae23f47 smbd: Add openat_pathref_dirfsp_nosymlink() via 9826da77b90 smbd: Make get_real_filename_at public via 87f0e8b smbd: Some more assert in fd_openat() via f292b1ae002 smbd: Simplify open_stream_pathref_fsp() via 348f19d35b3 smbd: open_stream_pathref_fsp() does not need a dirfsp via 52ecf98688d smbd: Simplify openat_pathref_fullname() via afe1b94b230 smbd: Open openat_pathref_fullname() for streams via 45168bffe02 smbd: Hand full_fname from openat_pathref_nostream() via 37fd029e6ff smbd: A stream open does not need O_NOFOLLOW via 8420f62c01a smbd: Simplify openat_pathref_fsp() via 7295377a41c smbd: Simplify non_widelink_open() via c267c9839eb VFS: NULL dirfsp for openat on stream opens via 0c8d55ed899 vfs_shadow_copy2: Don't reference dirfsp for streams via dd5e10d6013 smbd: Make fsp_attach_smb_fname() talloc_move() the name to the fsp via d67c7c091fe smbd: Update fsp->fsp_flags.is_directory in vfs_stat_fsp() via 217e7c162c2 libcli: Modernize a few DEBUG statements via d2e5c9c96be test3: Fix a debug message via 5c702e03f52 smbd: Factor out extract_snapshot_token() from canonicalize_snapshot_path() via b5c17b79364 smbd: Simplify canonicalize_snapshot_path() via 53f9b32a95b smbd: Don't create a fsp->base_fsp for a "::$DATA" stream via 08f4ee6cabb torture3: Fix an error check in torture_delete_fn() via 3fc5f9f409e registry3: Align an integer type via 138fdfaa40e registry3: Align function types to what is returned via 1d02c462f01 lib: Simplify canonicalize_absolute_path() via e2d30fd5b76 lib: Remove a few #include "includes.h" via b4a3c22acd5 smbd: Avoid a "? True : False" via 58d7b76a0ac smbd: Open up openat_internal_dir_from_pathref() for general dirs from 930426db02e lib: On FreeBSD util_paths.c does not find struct stat https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8ff2fe33bdad605a2abfb5f3fac28b32f3211b96 Author: Volker Lendecke Date: Thu Jul 14 19:47:23 2022 +0200 smbd: Userspace symlink eval in filename_convert_dirfsp() This converts filename_convert_dirfsp to do symlink evaluation in user space. It uses openat_pathref_dirfsp_nosymlink() to open the dirpath and looks at the proper NT_STATUS_STOPPED_ON_SYMLINK response. Using this avoids filename_convert() and thus unix_convert() completely for the SMB2_CREATE case. The tests samba3.blackbox.smbclient_s3.NT1.plain.Recursive ls across MS-DFS links now correctly stop the symlink lookup recursion with NT_STATUS_OBJECT_PATH_NOT_FOUND. Previously we did not correcly pass up the ELOOP coming back from the stat-call. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Mon Jul 25 12:56:08 UTC 2022 on sn-devel-184 commit 9fc4659215ac6586003d43c1552e79915093fb58 Author: Volker Lendecke Date: Tue Jul 12 17:48:25 2022 +0200 smbd: Take care of @GMT in SMB1's reply_ntcreate_and_X() Next we want to avoid filename_convert() to take care of this. The SMB2 code has a proper TWRP token anyway, so let's push the @GMT-handling to the SMB1 code that will be converted to filename_convert_dirfsp(). Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 7bb8af3f74cb6a2e3a9836bb36bbad5e1d1e6a6d Author: Volker Lendecke Date: Sun Jul 24 16:47:37 2022 +0200 vfs_error_inject: Ignore openat() from openat_pathref_dirfsp_nosymlink() Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit d6fcae23f4757d3684862c45ff43155613060ae4 Author: Volker Lendecke Date: Thu Jul 14 19:44:04 2022 +0200 smbd: Add openat_pathref_dirfsp_nosymlink() This does a step-by-step path resolution for a directory by splitting up the path into individual components and does a loop like that for component in components: fd = openat(dirfd, component, O_NOFOLLOW); close(dirfd); dirfd = fd and it will report any symlink it finds in a way that will be indirectly consumable for the smb2 symlink error response. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 9826da77b90a4b4d93c0d8e89ad3821c30cc8571 Author: Volker Lendecke Date: Thu Jul 14 19:37:30 2022 +0200 smbd: Make get_real_filename_
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3d95220a571 Add a .clang-format file from 4c12840e42b testprogs: Reformat common_test_fns.inc https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3d95220a5710731a32a6678ad2878ef6af94b9bb Author: Andreas Schneider Date: Tue Jul 19 15:38:27 2022 +0200 Add a .clang-format file How to use: Install 'git-format-clang' which is part of the clang suite (Fedora: git-clang-format, openSUSE: clang-tools). Now do your changes and stage them with `git add`. Once they are staged format the code using `git clang-format` before you commit. Now the formatting changed can be viewed with `git diff` against the staged changes. Signed-off-by: Andreas Schneider Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Jul 20 18:23:49 UTC 2022 on sn-devel-184 --- Summary of changes: .clang-format| 26 ++ README.Coding.md | 20 2 files changed, 34 insertions(+), 12 deletions(-) create mode 100644 .clang-format Changeset truncated at 500 lines: diff --git a/.clang-format b/.clang-format new file mode 100644 index 000..5385807bc1c --- /dev/null +++ b/.clang-format @@ -0,0 +1,26 @@ +# https://clang.llvm.org/docs/ClangFormatStyleOptions.html +BasedOnStyle: LLVM +IndentWidth: 8 +ContinuationIndentWidth: 8 +UseTab: true +BreakBeforeBraces: Custom +BraceWrapping: +AfterEnum: false +AfterFunction: true +AfterStruct: false +AfterUnion: false +AfterExternBlock: true +BeforeElse: false +BeforeWhile: false +AllowShortIfStatementsOnASingleLine: false +ColumnLimit: 80 +IndentCaseLabels: false +AlignAfterOpenBracket: Align +BinPackParameters: false +BinPackArguments: false +AllowAllParametersOfDeclarationOnNextLine: false +AllowAllArgumentsOnNextLine: false +AllowShortFunctionsOnASingleLine: Empty +AlwaysBreakAfterReturnType: None +AlignEscapedNewlines: Left +SortIncludes: false diff --git a/README.Coding.md b/README.Coding.md index b87580f5f85..09a13283e05 100644 --- a/README.Coding.md +++ b/README.Coding.md @@ -88,20 +88,16 @@ displaying trailing whitespace: autocmd BufNewFile,BufRead *.c,*.h exec 'match Todo /\%>' . &textwidth . 'v.\+/' ``` -### clang-format +### How to use clang-format -``` -BasedOnStyle: LLVM -IndentWidth: 8 -UseTab: true -BreakBeforeBraces: Linux -AllowShortIfStatementsOnASingleLine: false -IndentCaseLabels: false -BinPackParameters: false -BinPackArguments: false -SortIncludes: false -``` +Install 'git-format-clang' which is part of the clang suite (Fedora: +git-clang-format, openSUSE: clang-tools). + +Now do your changes and stage them with `git add`. Once they are staged +format the code using `git clang-format` before you commit. +Now the formatting changed can be viewed with `git diff` against the +staged changes. ## FAQ & Statement Reference -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 130283cbae0 s3:winbind: Add additional debug level check to wb_xids2sids_recv() via 934bc0c5835 s3:winbind: Fix pointer access in wb_xids2sids_recv() via e824ee6b5ae s3:winbind: Add additional debug level check to wb_lookupusergroups_recv() via 450b8da8345 s3:winbind: Fix pointer access in wb_lookupusergroups_recv() from b17cae66e75 s3:winbind: Change max_users, num_users from int to uint32_t in winbindd_getpwent_state https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 130283cbae0f894cd335875ba10d92ea249259d0 Author: Andreas Schneider Date: Mon Jul 18 13:28:50 2022 +0200 s3:winbind: Add additional debug level check to wb_xids2sids_recv() Signed-off-by: Andreas Schneider Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Mon Jul 18 14:44:07 UTC 2022 on sn-devel-184 commit 934bc0c583534884d1d56e3538c27b5102b869e7 Author: Andreas Schneider Date: Mon Jul 18 09:20:22 2022 +0200 s3:winbind: Fix pointer access in wb_xids2sids_recv() CID 1507348 CID 1507349 Signed-off-by: Andreas Schneider Reviewed-by: Ralph Boehme Reviewed-by: Ralph Boehme commit e824ee6b5aed6fb5b1d251598e0357aacb2b143c Author: Andreas Schneider Date: Mon Jul 18 13:26:58 2022 +0200 s3:winbind: Add additional debug level check to wb_lookupusergroups_recv() Signed-off-by: Andreas Schneider Reviewed-by: Ralph Boehme commit 450b8da8345303b6b4458e412cfd9e6f5cd5d132 Author: Andreas Schneider Date: Mon Jul 18 09:18:59 2022 +0200 s3:winbind: Fix pointer access in wb_lookupusergroups_recv() Fixes CID 1507350 Signed-off-by: Andreas Schneider Reviewed-by: Ralph Boehme Reviewed-by: Ralph Boehme --- Summary of changes: source3/winbindd/wb_lookupusergroups.c | 8 +--- source3/winbindd/wb_xids2sids.c| 14 -- 2 files changed, 13 insertions(+), 9 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/wb_lookupusergroups.c b/source3/winbindd/wb_lookupusergroups.c index 3ec25b49393..c4ac1be8078 100644 --- a/source3/winbindd/wb_lookupusergroups.c +++ b/source3/winbindd/wb_lookupusergroups.c @@ -109,9 +109,11 @@ NTSTATUS wb_lookupusergroups_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, D_INFO("WB command lookupusergroups end.\nReceived %u SID(s).\n", *num_sids); - for (i = 0; i < *num_sids; i++) { - struct dom_sid_buf buf; - D_INFO("%u: %s\n", i, dom_sid_str_buf(&*sids[i], &buf)); + if (CHECK_DEBUGLVL(DBGLVL_INFO)) { + for (i = 0; i < *num_sids; i++) { + struct dom_sid_buf buf; + D_INFO("%u: %s\n", i, dom_sid_str_buf(&((*sids)[i]), &buf)); + } } return NT_STATUS_OK; } diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c index 17e612b7368..c873cc2443b 100644 --- a/source3/winbindd/wb_xids2sids.c +++ b/source3/winbindd/wb_xids2sids.c @@ -404,12 +404,14 @@ NTSTATUS wb_xids2sids_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, } *sids = talloc_move(mem_ctx, &state->sids); - for (i = 0; i < state->num_xids; i++) { - struct dom_sid_buf buf; - D_INFO("%lu: XID %u mapped to SID %s\n", - i, - state->xids[i].id, - dom_sid_str_buf(&*sids[i], &buf)); + if (CHECK_DEBUGLVL(DBGLVL_INFO)) { + for (i = 0; i < state->num_xids; i++) { + struct dom_sid_buf buf; + D_INFO("%lu: XID %u mapped to SID %s\n", + i, + state->xids[i].id, + dom_sid_str_buf(&((*sids)[i]), &buf)); + } } return NT_STATUS_OK; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 2ec93ac6f34 smbd: follow-up fix for "if close fails just log it, don't crash" from c4c086ecc00 s4:utils: Reformat shell scripts https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2ec93ac6f34fda745912be648148f79d2a2b0671 Author: Ralph Boehme Date: Fri Jul 8 17:08:05 2022 +0200 smbd: follow-up fix for "if close fails just log it, don't crash" Signed-off-by: Ralph Boehme Reviewed-by: Björn Baumbach Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Sat Jul 9 09:04:46 UTC 2022 on sn-devel-184 --- Summary of changes: source3/smbd/files.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/files.c b/source3/smbd/files.c index 45cc7ffd79f..b56130f4f04 100644 --- a/source3/smbd/files.c +++ b/source3/smbd/files.c @@ -424,7 +424,7 @@ static int smb_fname_fsp_destructor(struct smb_filename *smb_fname) fsp_set_base_fsp(fsp, NULL); status = fd_close(tmp_base_fsp); - if (NT_STATUS_IS_OK(status)) { + if (!NT_STATUS_IS_OK(status)) { DBG_ERR("Closing fd for fsp [%s] failed: %s. " "Please check your filesystem!!!\n", fsp_str_dbg(fsp), nt_errstr(status)); @@ -433,7 +433,7 @@ static int smb_fname_fsp_destructor(struct smb_filename *smb_fname) } status = fd_close(fsp); - if (NT_STATUS_IS_OK(status)) { + if (!NT_STATUS_IS_OK(status)) { DBG_ERR("Closing fd for fsp [%s] failed: %s. " "Please check your filesystem!!!\n", fsp_str_dbg(fsp), nt_errstr(status)); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4f5faa806e8 docs-xml:manpages: update vfs_fileid.8.xml for the recent changes via a63087f527e s3:vfs_fileid: add 'fileid:nolock_all_inodes = BOOL' via dc478f4897f s3:vfs_fileid: add 'fileid:nolock_all_dirs = BOOL' via d0d9732acd3 s3:vfs_fileid: introduce 'fileid:nolock_paths' via c040b811eb2 s3:vfs_fileid: introduce 'fileid:nolock_max_slots' via f99b617c0c0 s3:vfs_fileid: also imply the generic nolock logic to the legacy 'hostname' algorithm via 48403b0ebba s3:vfs_fileid: also handle 'fsname_nodirs' via fileid_is_nolock_inode() via 72419736bda s3:vfs_fileid: always add the 'nolock' behavior via file_id.extid via a1882538299 s3:vfs_fileid: introduce algorithm 'next_module' via 2668700f1e8 s3:vfs_fileid: maintain an array of nolock inodes via 3ec4dddb54c s3:vfs_fileid: move to a single mapping_fn() returning struct file_id via 2dfb334f8cb s4:torture/smb2: add smb2.bench.path-contention-shared via 090c46a5473 s4:torture/smb2: rename 'smb2.bench-oplock' to 'smb2.bench.oplock' from 96a649efd8d s3: libads: Fix coverity false positive. https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4f5faa806e8cdb1c979ca4fd71e04504eeb53cb0 Author: Stefan Metzmacher Date: Tue Jun 28 16:25:46 2022 + docs-xml:manpages: update vfs_fileid.8.xml for the recent changes Signed-off-by: Stefan Metzmacher Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Tue Jul 5 16:01:10 UTC 2022 on sn-devel-184 commit a63087f527eceeba1def358435dc3e5fb8059b26 Author: Stefan Metzmacher Date: Wed Jun 29 17:50:08 2022 +0200 s3:vfs_fileid: add 'fileid:nolock_all_inodes = BOOL' This adds the feature of the 'hostname' algorithm, but provides it for all algorithms, including 'next_module'. This can be used to deliberately break lock coherency, but keep the devid/inode pair untouched, as this will only alter file_id.extid: vfs objects = fileid fileid:algorithm = next_module fileid:nolock_all_inodes = yes This should be preferred unless someone is already using the 'hostname' algorithm. Note this is only for testing (or read only shares if at all...) Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit dc478f4897fe5b8b1ca941f44d1b025a3130ae0a Author: Stefan Metzmacher Date: Wed Jun 29 17:50:08 2022 +0200 s3:vfs_fileid: add 'fileid:nolock_all_dirs = BOOL' This adds the feature of the 'fsname_nodirs' algorithm, but provides it for all algorithms, including 'next_module'. This can be used to deliberately break lock coherency, but keep the devid/inode pair untouched, e.g. vfs objects = fileid fileid:algorithm = next_module fileid:nolock_all_dirs = yes Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit d0d9732acd3dff2511f5a9c0a80aba372b6255e2 Author: Stefan Metzmacher Date: Wed Jun 29 17:14:22 2022 +0200 s3:vfs_fileid: introduce 'fileid:nolock_paths' This brings much more flexibility compared to: - 'fsname_norootdir', 'fsname_norootdir_ext', which only allow the nolock behavior for the share root - 'fileid:nolockinode', which only gets a single inode number, and ignores the devide id completely. You can specify path names, which are relative to the shareroot or absolute. These names are only evaluated at SMB_VFS_CONNECT() time, where they are converted into devide and inode pairs. It means they are completely ignored if the path doesn't exist yet, or is replaced by a new inode later. This allows: - 'fileid:algorithm = fsname_norootdir' to be replaced by: 'fileid:algorithm = fsname' (the default) 'fileid:nolock_paths = .' - 'fileid:algorithm = fsname_norootdir_ext' to be replaced by: 'fileid:algorithm = fsname' (the default) 'fileid:nolock_paths = .' 'fileid:nolock_max_slots = 18446744073709551615' And 'fileid:nolockinode = 1234567' and be replaced by 'fileid:nolock_paths = Very/Contended/Path' or 'fileid:nolock_paths = . Very/Contended/Path1 /data/conteded.dir', if the share root and two additional inodes should be handled by the 'nolock' behavior. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit c040b811eb2b866184cde18145b4a14f249792c9 Author: Stefan Metzmacher Da
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via fe7daae8c46 s3: smbd: Allow a durable handle on a leased stat-open. via bb329d4de50 s4: torture: Add a new test - samba3.smb2.durable-open.stat-open. from 07081d03da2 script/autobuild.py: allow to run from within git rebase -i https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit fe7daae8c4692b99ff08d4e3e48034d59ddee245 Author: Jeremy Allison Date: Wed Apr 27 14:08:13 2022 -0700 s3: smbd: Allow a durable handle on a leased stat-open. Remove knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15042 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Apr 29 15:50:21 UTC 2022 on sn-devel-184 commit bb329d4de505d2c01ba45a06311c9dc6d87f8dec Author: Jeremy Allison Date: Wed Apr 27 12:50:59 2022 -0700 s4: torture: Add a new test - samba3.smb2.durable-open.stat-open. Passes against Windows. Shows that Windows allows a durable handle on a leased open for READ_ATTRUBUTES only (a stat open). Mark as knownfail for now. NB. Not sure why we are testing smb2.durable-open against ad_dc as that provisioning has "smb2 leases = no" which precludes granting durable handles. Not changing for this bug but this should be looked at in future. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15042 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme --- Summary of changes: selftest/knownfail | 1 + source3/smbd/durable.c | 4 --- source4/torture/smb2/durable_open.c | 63 + 3 files changed, 64 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/selftest/knownfail b/selftest/knownfail index 99c8768485b..173286a96a0 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -194,6 +194,7 @@ ^samba3.smb2.durable-open.delete_on_close2 ^samba3.smb2.durable-v2-open.app-instance ^samba3.smb2.durable-open.reopen1a-lease\(ad_dc\)$ +^samba3.smb2.durable-open.stat-open\(ad_dc\)$ ^samba3.smb2.durable-v2-open.reopen1a-lease\(ad_dc\)$ ^samba4.smb2.ioctl.req_resume_key\(ad_dc_ntvfs\) # not supported by s4 ntvfs server ^samba4.smb2.ioctl.req_two_resume_keys\(ad_dc_ntvfs\) # not supported by s4 ntvfs server diff --git a/source3/smbd/durable.c b/source3/smbd/durable.c index e5dc86a5a7d..838a5ddef05 100644 --- a/source3/smbd/durable.c +++ b/source3/smbd/durable.c @@ -75,10 +75,6 @@ NTSTATUS vfs_default_durable_cookie(struct files_struct *fsp, return NT_STATUS_NOT_SUPPORTED; } - if (fsp_get_io_fd(fsp) == -1) { - return NT_STATUS_NOT_SUPPORTED; - } - if (fsp_is_alternate_stream(fsp)) { /* * We do not support durable handles diff --git a/source4/torture/smb2/durable_open.c b/source4/torture/smb2/durable_open.c index 3d78a35d92c..9cd4d88af39 100644 --- a/source4/torture/smb2/durable_open.c +++ b/source4/torture/smb2/durable_open.c @@ -2751,6 +2751,67 @@ done: return ret; } +/** + * durable stat open with lease. + */ +static bool test_durable_open_stat_open(struct torture_context *tctx, + struct smb2_tree *tree) +{ + TALLOC_CTX *mem_ctx = talloc_new(tctx); + struct smb2_create io; + struct smb2_handle _h; + struct smb2_handle *h = NULL; + struct smb2_lease ls; + NTSTATUS status; + char fname[256]; + bool ret = true; + uint64_t lease; + + snprintf(fname, 256, "durable_open_stat_open_%s.dat", +generate_random_str(mem_ctx, 8)); + + /* Ensure file doesn't exist. */ + smb2_util_unlink(tree, fname); + + /* Create a normal file. */ + smb2_oplock_create(&io, fname, SMB2_OPLOCK_LEVEL_NONE); + status = smb2_create(tree, mem_ctx, &io); + CHECK_STATUS(status, NT_STATUS_OK); + _h = io.out.file.handle; + h = &_h; + CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE); + /* Close. */ + smb2_util_close(tree, *h); + h = NULL; + + /* Now try a leased, durable handle stat open. */ + lease = random(); + /* Create with lease */ + smb2_lease_create(&io, + &ls, + false /* dir */, + fname, + lease, + smb2_util_lease_state("RH")); + io.in.durable_open = true; + io.in.desired_access = SEC_FILE_READ_ATTRIBUTE; + io.in.create_disposition = NTCREATEX_DISP_OPEN; + + status = smb2_create(tree, mem_ctx, &io); + CHECK_STATUS(status, NT_STATUS_
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 922261d77ae smbd: Use filename_convert_dirfsp() in smbd_smb2_create_send() via 5efa2ddde32 smbd: Use filename_convert_dirfsp() in reply_ntcreate_and_X() via fde4363f589 smbd: Add filename_convert_dirfsp() via 29fa2f51c36 smbd: Only create an artificial dirfsp when necessary via c1a3104a2ab smbd: Pass dirfsp to create_file_unixpath() via eb3c47ac330 CI: use native Python functions to detect system and release via 6086a73f4e5 Revert "vfs: remove dirfsp arg from SMB_VFS_CREATE_FILE()" via de9986fb9b7 vfs: Remove name-based SMB_VFS_GET_REAL_FILENAME() via 89bffa149dd smbd: Use SMB_VFS_GET_REAL_FILENAME_AT() in dptr_ReadDirName() via 2c05ebe9736 vfs: Implement snapper_gmt_get_real_filename_at() via 2e1d2083f54 vfs: Implement shadow_copy2_get_real_filename_at() via b21cd4c8d21 vfs: Implement vfs_gpfs_get_real_filename_at() via 5aca0056abf vfs: Implement vfs_gluster_get_real_filename_at() via ba6f7cfe805 vfs: Implement vfs_gluster_fuse_get_real_filename_at() via cf60c51dc0d vfs: Implement ceph_snap_gmt_get_real_filename_at() via c4d4fa68d61 smbd: Add get_real_filename_at() via dcdc2585095 smbd: Introduce get_real_filename_full_scan_at() via 973212e8c11 smbd: Add OpenDir_from_pathref via df29512b72f smbd: Add openat_internal_dir_from_pathref() via 02f6130c907 vfs: Add SMB_VFS_GET_REAL_FILENAME_AT via 804a19ca5d6 smbd: Pass up stat-info from openat_pathref_fsp() on error from 03d0dd2651c vfs_gpfs: Ignore pathref fds for gpfs:recalls check https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 922261d77ae9190aada81e97ce8a41c5306acd9c Author: Volker Lendecke Date: Fri Apr 8 13:27:39 2022 +0200 smbd: Use filename_convert_dirfsp() in smbd_smb2_create_send() Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Thu Apr 28 14:02:53 UTC 2022 on sn-devel-184 commit 5efa2ddde3231b389111b57e99b0ccff338ac609 Author: Volker Lendecke Date: Fri Apr 8 13:27:20 2022 +0200 smbd: Use filename_convert_dirfsp() in reply_ntcreate_and_X() Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit fde4363f589d5ac47aba5ad63e964d42006565d5 Author: Volker Lendecke Date: Wed Dec 8 07:08:10 2021 +0100 smbd: Add filename_convert_dirfsp() As part of the filename_convert() process, keep a pathref dirfsp of the containing directory for later use. This avoids having to do another non_widelink_open() on every SMB2_CREATE and ntcreate&x in later patches. Future work will be to go through other filename_convert() calls and make them use filename_convert_dirfsp(). If we manage to convert all of them except the one in filename_convert_dirfsp() itself, we can simplify filename_convert() and unix_convert() significantly. Too large a patch, but I don't know how to split this up into smaller logic pieces. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 29fa2f51c367bce871262e4b53617567d2fe67fb Author: Volker Lendecke Date: Fri Apr 8 13:10:15 2022 +0200 smbd: Only create an artificial dirfsp when necessary parent_pathref() is expensive, and we should avoid it if possible. Not effective at this point, we always pass in NULL, but will be used soon. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit c1a3104a2ab2ea29059b1aa5b4515d1f39e276ad Author: Volker Lendecke Date: Thu Apr 7 11:50:52 2022 +0200 smbd: Pass dirfsp to create_file_unixpath() Will be used soon. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit eb3c47ac3301ef533086e41e980d7f0b15cf530c Author: Ralph Boehme Date: Wed Mar 2 16:10:28 2022 +0100 CI: use native Python functions to detect system and release This ensures we detect the runtime system and release, not the ones when Samba was build. It's necessary to detect the correct kernel version we're running on because for kernels before 5.3.1 O_PATH opens unnecessarily broke kernel oplocks, which breaks our tests. And in gitlab it can happen that we build on kernels after 5.3.1 and later run on older kernels. In this situation we can't run kernel oplock tests. Signed-off-by: Ralph Boehme Reviewed-by: Ralph Boehme commit 6086a73f4e50fc12db1155e52f026a4ca0f8fc40 Author: Volker Lendecke Date: Tue Nov 23 12:29:17 2021 +0100 Revert "vfs: remove dirfsp arg from SMB_VFS_CREATE_FILE()" This reverts commit 322574834f1e71bc01f21be9059ca4d386517c84. Not strictly a revert anymore, but for future work we do need
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 03d0dd2651c vfs_gpfs: Ignore pathref fds for gpfs:recalls check from eed6869da75 smbd: Slightly simplify call_trans2qpipeinfo() https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 03d0dd2651c9e6552d6c3d9513810e581339ac08 Author: Christof Schmitt Date: Wed Apr 27 15:37:18 2022 -0700 vfs_gpfs: Ignore pathref fds for gpfs:recalls check Setting gpfs:recalls=no should prevent data access to offline files. Since Samba 4.14, the VFS openat function is also called with O_PATH to get a reference to the path. These accesses should not be blocked, otherwise this would prevent offline files from being included in directory listings. Fix this by skipping the check for pathref fds. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15055 Signed-off-by: Christof Schmitt Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Thu Apr 28 07:59:47 UTC 2022 on sn-devel-184 --- Summary of changes: source3/modules/vfs_gpfs.c | 1 + 1 file changed, 1 insertion(+) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c index 5c2b2c3705e..0f31896b724 100644 --- a/source3/modules/vfs_gpfs.c +++ b/source3/modules/vfs_gpfs.c @@ -2335,6 +2335,7 @@ static int vfs_gpfs_openat(struct vfs_handle_struct *handle, return -1); if (config->hsm && !config->recalls && + !fsp->fsp_flags.is_pathref && vfs_gpfs_fsp_is_offline(handle, fsp)) { DBG_DEBUG("Refusing access to offline file %s\n", -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 68710e6 NEWS[SambaXP2022]: shorten snip from fb768a2 NEWS[SambaXP2022]: SambaXP 2022 https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 68710e6407204028b308aed8be49b9862fdcd0a7 Author: Ralph Boehme Date: Thu Apr 7 10:55:48 2022 +0200 NEWS[SambaXP2022]: shorten snip --- Summary of changes: posted_news/20220407-081336.SambaXP2022.snip.html | 16 1 file changed, 16 deletions(-) Changeset truncated at 500 lines: diff --git a/posted_news/20220407-081336.SambaXP2022.snip.html b/posted_news/20220407-081336.SambaXP2022.snip.html index 3b203d4..b8f91a7 100644 --- a/posted_news/20220407-081336.SambaXP2022.snip.html +++ b/posted_news/20220407-081336.SambaXP2022.snip.html @@ -4,21 +4,5 @@ Agenda for sambaXP 2022 published â get your ticket now! - -The program for the 21st sambaXP from May 31 to June 2, 2022 is -set. The Orga Committee has published the schedule for the event on -the conference page -at https://sambaxp.org";>https://sambaxp.org. Tickets, -which are free of charge, are also available there - please register -to get all relevant information for participation. The agenda is -filled with exciting talks for developers and users. Special thanks go -to this year's sponsors Google, Microsoft and SerNet. - - -sambaXP will again be held purely virtually in 2022 in order to allow -as many people as possible worldwide to participate. For this reason - -and to take into account the different time zones - the presentations -will each start at 3 pm (CEST). - (Read more) -- Samba Website Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via fb768a2 NEWS[SambaXP2022]: SambaXP 2022 from 0f75f0b add sdc logo and link in box_beyond_samba.html https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit fb768a2776efe54f22f0ec54c1836d988aa2a51e Author: Ralph Boehme Date: Thu Apr 7 10:21:39 2022 +0200 NEWS[SambaXP2022]: SambaXP 2022 Signed-off-by: Ralph Boehme --- Summary of changes: posted_news/20220407-081336.SambaXP2022.body.html | 36 ++ .../20220407-081336.SambaXP2022.headline.html | 3 ++ posted_news/20220407-081336.SambaXP2022.snip.html | 24 +++ 3 files changed, 63 insertions(+) create mode 100644 posted_news/20220407-081336.SambaXP2022.body.html create mode 100644 posted_news/20220407-081336.SambaXP2022.headline.html create mode 100644 posted_news/20220407-081336.SambaXP2022.snip.html Changeset truncated at 500 lines: diff --git a/posted_news/20220407-081336.SambaXP2022.body.html b/posted_news/20220407-081336.SambaXP2022.body.html new file mode 100644 index 000..8255c38 --- /dev/null +++ b/posted_news/20220407-081336.SambaXP2022.body.html @@ -0,0 +1,36 @@ + +07 April 2022 +SambaXP 2022 + +Agenda for sambaXP 2022 published â get your ticket now! + + +The program for the 21st sambaXP from May 31 to June 2, 2022 is +set. The Orga Committee has published the schedule for the event on +the conference page +at https://sambaxp.org";>https://sambaxp.org. Tickets, +which are free of charge, are also available there - please register +to get all relevant information for participation. The agenda is +filled with exciting talks for developers and users. Special thanks go +to this year's sponsors Google, Microsoft and SerNet. + + +sambaXP will again be held purely virtually in 2022 in order to allow +as many people as possible worldwide to participate. For this reason - +and to take into account the different time zones - the presentations +will each start at 3 pm (CEST). + + + +The kick-off on May 31 belongs again to the traditional samba workshop +by Stefan Kania. His tutorial (3 pm to 9:30 pm CEST) will cover the +topics Setting up GPOs with Samba and Disaster recovery of an +Active Directory at once. The actual conference will be opened by +Jeremy Allison, chairman of sambaXP, and Ralph Böhme (team leader of +SerNet's Samba team) on June 1st from 3 pm. + + +Detailed abstracts on all presentations can be found at +https://sambaxp.org";>https://sambaxp.org. + + diff --git a/posted_news/20220407-081336.SambaXP2022.headline.html b/posted_news/20220407-081336.SambaXP2022.headline.html new file mode 100644 index 000..ed27f63 --- /dev/null +++ b/posted_news/20220407-081336.SambaXP2022.headline.html @@ -0,0 +1,3 @@ + + 07 April 2022 SambaXP 2022 + diff --git a/posted_news/20220407-081336.SambaXP2022.snip.html b/posted_news/20220407-081336.SambaXP2022.snip.html new file mode 100644 index 000..3b203d4 --- /dev/null +++ b/posted_news/20220407-081336.SambaXP2022.snip.html @@ -0,0 +1,24 @@ + +07 April 2022 +SambaXP 2022 + +Agenda for sambaXP 2022 published â get your ticket now! + + +The program for the 21st sambaXP from May 31 to June 2, 2022 is +set. The Orga Committee has published the schedule for the event on +the conference page +at https://sambaxp.org";>https://sambaxp.org. Tickets, +which are free of charge, are also available there - please register +to get all relevant information for participation. The agenda is +filled with exciting talks for developers and users. Special thanks go +to this year's sponsors Google, Microsoft and SerNet. + + +sambaXP will again be held purely virtually in 2022 in order to allow +as many people as possible worldwide to participate. For this reason - +and to take into account the different time zones - the presentations +will each start at 3 pm (CEST). + +(Read more) + -- Samba Website Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 06bfac2125d s3: smbd: Preserve the fsp->fsp_name->st buf across a MSG_SMB_FILE_RENAME message. via 5e1aa469ae6 s3: smbd: Preserve the fsp->fsp_name->st bufs across rename_open_files() via 1301e646139 s4: torture: Add test_smb2_close_full_information() test to smb2.rename. via 4725ef5c963 s4: torture: Add CHECK_CREATED macro to smb2/rename.c. Not yet used. via e862a2d9ec4 s4: torture: Add CHECK_VAL macro to smb2/rename.c. Not yet used. via e01c5992b06 s3: tests.py: Only run smb2.rename against fileserver. from f7f65ceb46d s4:dsdb/descriptor: skip duplicates in descriptor_sd_propagation_object() https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 06bfac2125da5e4d37a596d1213912f0c698e69e Author: Jeremy Allison Date: Mon Mar 28 18:39:55 2022 -0700 s3: smbd: Preserve the fsp->fsp_name->st buf across a MSG_SMB_FILE_RENAME message. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Mar 30 15:07:09 UTC 2022 on sn-devel-184 commit 5e1aa469ae61af0442f432e0a2e3bf8c8709616a Author: Jeremy Allison Date: Mon Mar 28 18:42:18 2022 -0700 s3: smbd: Preserve the fsp->fsp_name->st bufs across rename_open_files() BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit 1301e6461393601a4d43cfc465a05114e6ae4662 Author: Jeremy Allison Date: Mon Mar 28 18:25:54 2022 -0700 s4: torture: Add test_smb2_close_full_information() test to smb2.rename. Creates a file, opens it again on two different connections and then renames it. When we close and ask for SMB2_CLOSE_FLAGS_FULL_INFORMATION we expect this to succeed and return valid data on the handles that did not do the rename request. This currently succeeds by accident on master, so we are not adding a knownfail.d/ file here. When we back-port this test to 4.16.next, 4.15.next we will add a knownfail.d file. The rename request zeros out the fsp->fsp_name->st field on the handles that are open but are not being renamed, marking them as INVALID_STAT. This should not happen on any open handle. Fix to follow will preserve the field on rename in both the local connection and different connection case. Master gets away with this as in this branch, openat_pathref_fsp(), which we use in the setup_close_full_information() call to fetch the SMB2_CLOSE_FLAGS_FULL_INFORMATION data doesn't require an existing VALID_STAT struct in order to open the file. This hides the fact the rename zeroed out fsp->fsp_name->st. 4.16.x and 4.15.x don't have this fix, so expose the bug. Regardless, even in master we should not zero out any fsp->fsp_name->st values on rename. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit 4725ef5c96395dc2f48fab1160a3312d95e21416 Author: Jeremy Allison Date: Mon Mar 28 18:24:27 2022 -0700 s4: torture: Add CHECK_CREATED macro to smb2/rename.c. Not yet used. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit e862a2d9ec4e7bec1dd58490e9dee47d543b9154 Author: Jeremy Allison Date: Mon Mar 28 18:23:05 2022 -0700 s4: torture: Add CHECK_VAL macro to smb2/rename.c. Not yet used. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit e01c5992b061d8ed54645fff52a73418013340ab Author: Jeremy Allison Date: Mon Mar 28 18:09:20 2022 -0700 s3: tests.py: Only run smb2.rename against fileserver. No need to run this against nt4_dc or ad_dc. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme --- Summary of changes: source3/selftest/tests.py | 2 + source3/smbd/open.c | 20 ++ source3/smbd/reply.c | 15 + source4/torture/smb2/rename.c | 147 ++ 4 files changed, 184 insertions(+) Changeset truncated at 500 lines: diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index 2bfb38fdfff..cae09571fe1 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -1017,6 +1017,8 @@ for t in tests: plansmbtorture4testsuite("smb2.async_dosmode", "simpleserver",
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 127f728d58e vfs_gpfs: Initialize litemask to 0 from 0bd4bc40f4a samba-tool: Check specified domain and realm against our own https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 127f728d58e79a42f8826500e3b15c486e88e556 Author: Christof Schmitt Date: Mon Mar 21 09:26:41 2022 -0700 vfs_gpfs: Initialize litemask to 0 The change from commit fb13c7c94f to query exact values for atime, mtime, ctime and size is not necessary, as none of these are used in this codepath. Initiale litemask to 0 instead. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15027 Signed-off-by: Christof Schmitt Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Mon Mar 28 09:10:58 UTC 2022 on sn-devel-184 --- Summary of changes: source3/modules/vfs_gpfs.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c index 004c74cd43a..5ef1f5f2e73 100644 --- a/source3/modules/vfs_gpfs.c +++ b/source3/modules/vfs_gpfs.c @@ -1482,7 +1482,7 @@ static NTSTATUS vfs_gpfs_fget_dos_attributes(struct vfs_handle_struct *handle, char buf[PATH_MAX]; const char *p = NULL; struct gpfs_iattr64 iattr = { }; - unsigned int litemask = GPFS_SLITE_EXACT_BITS; + unsigned int litemask = 0; struct timespec ts; uint64_t file_id; NTSTATUS status; @@ -1988,7 +1988,7 @@ static int vfs_gpfs_check_pathref_fstat_x(struct gpfs_config_data *config, struct connection_struct *conn) { struct gpfs_iattr64 iattr = {0}; - unsigned int litemask = GPFS_SLITE_EXACT_BITS; + unsigned int litemask = 0; int saved_errno; int fd; int ret; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d8e966da1c8 smbd: Remove a few vfs_stat() calls via de439cd0304 smbd: Return ISLNK from non_widelink_open() in smb_fname via e7b933100ee smbd: Don't require a valid stat for openat_pathref_fsp() via 2bbdaca8da8 smbd: No need to set O_DIRECTORY in openat_pathref_fsp() via 4e70b754a9c smbd: Mark fsp as directory after calling fstat() via 93d2defa426 smbd: Always use O_NONBLOCK in openat_pathref_fsp() via e316f82bb73 smbd: Pass "dirfsp" and "smb_fname" to reopen_from_fsp() via 0fedcf5939a smbd: Pass dirfsp instead of fname to inherit_new_acl via 749c62ed2b2 smbd: Simplify dos_mode_from_name() with ISDOT()/ISDOTDOT() via 469a7ebf760 smbd: Simplify dos_mode_check_compressed() via 0e4cc565e67 smbd: get_acl_group_bits() needs a fsp, not a name via 8cee31c687f smbd: Fix a typo via 0dda30408fd smbd: Avoid an else via 7153c2c4454 smbd: Avoid two else statements via 1b304efef28 vfs: Format a comment via ed9ee7ed895 printing: Fix a DBG message via 0c05ea15822 smbd: Avoid some casts from 9b48e7f7eda third_party/heimdal: import lorikeet-heimdal-202203101710 (commit df8d801544144949931cd742169be1207b239c3d) https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d8e966da1c80f959ad65596e51cd66127014052b Author: Volker Lendecke Date: Thu Dec 30 16:58:58 2021 +0100 smbd: Remove a few vfs_stat() calls openat_pathref_fsp() does not need them anymore Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Mar 11 19:19:21 UTC 2022 on sn-devel-184 commit de439cd0304773c59ebd33ddeddf675dd611944c Author: Volker Lendecke Date: Sat Jan 8 10:08:16 2022 +0100 smbd: Return ISLNK from non_widelink_open() in smb_fname Soon we want to not require stat() calls before entering openat_pathref_fsp() anymore but rely on the fstat on the O_PATH file handle (alternatively the call to fstatat(AT_SYMLINK_NOFOLLOW)) done properly from within fd_openat(). The callers of non_widelink_open() expect the stat information to be correct in "smb_fname". Copy it in case of not opening a symlink in the posix case. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit e7b933100ee487ae19cd2b3938f58056dca2115a Author: Volker Lendecke Date: Thu Dec 30 16:49:45 2021 +0100 smbd: Don't require a valid stat for openat_pathref_fsp() With the simplifications in non_widelink_open() (don't depend on the is_directory fsp flag) the main reason for requiring a valid stat struct in openat_pathref_fsp() is gone. With this change openat_pathref_fsp() is now capable of being the very first (and authoritative) name-referencing operation with openat(O_PATH) for a name. Without having the stat information around before calling openat_pathref_fsp(), the call to check_same_dev_ino() becomes obsolete here. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 2bbdaca8da8a0f4d4ff6bb5d4a98470db223b265 Author: Volker Lendecke Date: Tue Mar 8 14:31:32 2022 +0100 smbd: No need to set O_DIRECTORY in openat_pathref_fsp() If I read Linux' man 2 open right (and susv4 agrees), O_DIRECTORY is around to make sure opendir() is not raced against non-directory files. opendir() needs to make sure the underlying object is actually a directory. O_DIRECTORY is not required for opening directories in RDONLY mode, regardless of having O_PATH or not. At this point in openat_pathref_fsp() we don't care about the type of the underlying object, we do fstat() and distinguish between files and directories later according to the mode returned from fstat(). Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 4e70b754a9cabb5d31d78e7d4a3f18028db07e99 Author: Volker Lendecke Date: Tue Mar 8 12:57:13 2022 +0100 smbd: Mark fsp as directory after calling fstat() Everything else is racy, and this is cheap to check. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 93d2defa42683cd151b7a11075396aa911dbf0ae Author: Volker Lendecke Date: Tue Mar 8 12:44:33 2022 +0100 smbd: Always use O_NONBLOCK in openat_pathref_fsp() There's no reason why we would ever want to block on open(O_PATH). The only cases that to me right now seem relevant is oplock breaks and FIFOs, which can block forever. Oplock breaks don't happen for O_PATH (hopefully...) but for the non-O_PATH case we don't want to block either but we do handle this higher up. We're handling EWOULDBLOCK for the oplock
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3f977cd6f83 s3:lib: Fix possible 32-bit arithmetic overflow from df7efdf0465 s3: smbd: Cleanup - Make rmdir_internals() use NTSTATUS internally without depending on errno. https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3f977cd6f839fd904529f12ef2ee5caae88af0ab Author: Pavel Filipenský Date: Mon Feb 28 23:33:22 2022 +0100 s3:lib: Fix possible 32-bit arithmetic overflow Reported by covscan. Potentially overflowing expression "glue->gtimeout * 1000" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "uint64_t" (64 bits, unsigned). Signed-off-by: Pavel Filipenský Reviewed-by: Ralph Boehme Reviewed-by: Jeremy Allison Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Sat Mar 5 08:04:28 UTC 2022 on sn-devel-184 --- Summary of changes: source3/lib/tevent_glib_glue.c | 6 ++ 1 file changed, 2 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/tevent_glib_glue.c b/source3/lib/tevent_glib_glue.c index b83f2036d9a..1e1d62e585c 100644 --- a/source3/lib/tevent_glib_glue.c +++ b/source3/lib/tevent_glib_glue.c @@ -538,7 +538,6 @@ static bool get_glib_fds_and_timeout(struct tevent_glib_glue *glue) static bool tevent_glib_update_events(struct tevent_glib_glue *glue) { - uint64_t microsec; struct timeval tv; bool ok; @@ -580,9 +579,8 @@ static bool tevent_glib_update_events(struct tevent_glib_glue *glue) return true; } - microsec = glue->gtimeout * 1000; - tv = tevent_timeval_current_ofs(microsec / 100, - microsec % 100); + tv = tevent_timeval_current_ofs(glue->gtimeout / 1000, + (glue->gtimeout % 1000) * 1000); glue->timer = tevent_add_timer(glue->ev, glue, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via df7efdf0465 s3: smbd: Cleanup - Make rmdir_internals() use NTSTATUS internally without depending on errno. via 28522bb3771 s3: smbd: Cleanup - make recursive_rmdir() return a more expressive NTSTATUS not bool. via b3514a57e9b smbd: Make complex if-expression in file_set_dosmode() easier to read via ab692aa6e70 smbd: Fix indentation in rename_internals_fsp() via 5567d5bca29 smbd: Save a few lines in file_set_dosmode() with "goto done;" via 2976177005f smbd: Remove unused "lret" variable from file_set_dosmode() via f60ca2e2f35 smbd: Pass dirfsp instead of a parent filename to unix_mode via be6cc4cc23f smbd: Log close_file_free() failure in copy_internals() via fbb4bd365f1 smbd: Pass dirfsp instead of an fname to open_file() via fd1dca2d175 smbd: Inherit acl from an fsp instead of a fname via d1a0862327f smbd: Remove a deref forgotten in c2ac6a9cd7b from e25d6c89bef WHATSNEW: Bronze bit, S4U and RBDC support with MIT Kerberos 1.20 https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit df7efdf046504aa2392a53f8fd96de9c207f854c Author: Jeremy Allison Date: Thu Mar 3 09:49:15 2022 -0800 s3: smbd: Cleanup - Make rmdir_internals() use NTSTATUS internally without depending on errno. As we already need to return NTSTATUS, map errno to NTSTATUS directly at point of failure and don't depend on keeping it around. No change in client-visible behavior but makes rmdir_internals() easier to understand (for me at least). Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Mar 4 18:39:48 UTC 2022 on sn-devel-184 commit 28522bb3771245ae69d7c9e279214b1f8ad2c526 Author: Jeremy Allison Date: Thu Mar 3 09:34:45 2022 -0800 s3: smbd: Cleanup - make recursive_rmdir() return a more expressive NTSTATUS not bool. Next cleanup the internals of rmdir_internals() to do an early map of errno -> NTSTATUS to avoid mapping back and forth. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit b3514a57e9b9b35bc9983d997191c575eeebcf85 Author: Volker Lendecke Date: Fri Mar 4 08:39:01 2022 +0100 smbd: Make complex if-expression in file_set_dosmode() easier to read Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit ab692aa6e706a23722e1d3f538582d8394507adb Author: Volker Lendecke Date: Fri Mar 4 08:36:04 2022 +0100 smbd: Fix indentation in rename_internals_fsp() This one space character makes it more obvious where in the copmlex if-expression lp_store_dos_attributes() lives. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 5567d5bca2963534dcc4fb1728f83f18d42c9691 Author: Volker Lendecke Date: Thu Mar 3 21:49:47 2022 +0100 smbd: Save a few lines in file_set_dosmode() with "goto done;" Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 2976177005feff38f6ef6da1ae0733041849be2b Author: Volker Lendecke Date: Thu Mar 3 21:48:26 2022 +0100 smbd: Remove unused "lret" variable from file_set_dosmode() Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit f60ca2e2f35666583f2e8cd11cb507406bb17393 Author: Volker Lendecke Date: Thu Mar 3 11:52:12 2022 +0100 smbd: Pass dirfsp instead of a parent filename to unix_mode This converts a STAT (with potential symlink race problems) into an FSTAT on the O_PATH fd we have for the directory Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit be6cc4cc23f61d4c44796621daf726733f718a1a Author: Volker Lendecke Date: Thu Mar 3 20:13:25 2022 +0100 smbd: Log close_file_free() failure in copy_internals() Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit fbb4bd365f156fef89e96f7b79040443f0d70d0a Author: Volker Lendecke Date: Thu Mar 3 11:32:20 2022 +0100 smbd: Pass dirfsp instead of an fname to open_file() Moving slowly towards passing directory handles instead of names, representing the idea that we hold a O_PATH file descriptor on directories. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit fd1dca2d175291f2258f7963419b16ea3f5c4e31 Author: Volker Lendecke Date: Thu Mar 3 11:32:20 2022 +0100 smbd: Inherit acl from an fsp instead of a fname Moving slowly towards passing directory handles instead of names, representing the idea that we hold a O_PATH file descriptor on directories. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit d1a0862327f37f2edd1042b3b66c2e85234b1e94 Author: Volker Lendecke Date: Thu Mar 3 11:28:57 2022 +0100
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 5030bba13ae samba-dcerpcd: Silence a DEBUG message via 1912a0d65cb smbd: We have the fsp available, use fsp_is_alternate_stream() via 118b63bb2c2 smbd: Fix a typo via 5204da2ac5a smbd: Convert get_real_filename_full_scan() to OpenDir_ntstatus() via f143eeae169 smbd: Initialize a pointer via 7e3c51ee431 vfs: walk_streams() returns NTSTATUS via 9027cc357a0 smbd: can_delete_directory_fsp() returns NTSTATUS via be201475167 smbd: Factor out OpenDir_ntstatus() via afd037df111 smbd: Make OpenDir_fsp() return NTSTATUS via 2cef24a5fa6 smbd: Initialize a pointer from a2590298b03 util: CID 1499409: Memory - corruptions (OVERLAPPING_COPY) https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5030bba13aee6dc5cc1507c063acf19e4e091cf2 Author: Volker Lendecke Date: Tue Feb 22 10:02:57 2022 +0100 samba-dcerpcd: Silence a DEBUG message This is not worth a debuglevel 1 message Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Tue Feb 22 10:16:44 UTC 2022 on sn-devel-184 commit 1912a0d65cb286ebf76c008bfbc9b0b60024859d Author: Volker Lendecke Date: Fri Feb 11 18:49:53 2022 +0100 smbd: We have the fsp available, use fsp_is_alternate_stream() Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 118b63bb2c2ed9d3d91eb6ab59f9d267adf5c954 Author: Volker Lendecke Date: Mon Feb 21 15:26:06 2022 +0100 smbd: Fix a typo Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 5204da2ac5ace4d62a8665544780453469b885fa Author: Volker Lendecke Date: Mon Feb 21 17:43:17 2022 +0100 smbd: Convert get_real_filename_full_scan() to OpenDir_ntstatus() Get us a better error message without going through the lossy errno. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit f143eeae1690dd0084789859d0898291fe6b75a8 Author: Volker Lendecke Date: Mon Feb 21 17:30:29 2022 +0100 smbd: Initialize a pointer Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 7e3c51ee431f5070f87f3596b11da1b7a1c19e9a Author: Volker Lendecke Date: Mon Feb 21 17:19:49 2022 +0100 vfs: walk_streams() returns NTSTATUS Don't go via errno Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 9027cc357a0db4fe08b3abc93ce2d7a9d729d815 Author: Volker Lendecke Date: Mon Feb 21 17:19:49 2022 +0100 smbd: can_delete_directory_fsp() returns NTSTATUS Don't go via errno Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit be201475167afaeb7824cbb40034b3dde4a182bb Author: Volker Lendecke Date: Mon Feb 21 17:17:24 2022 +0100 smbd: Factor out OpenDir_ntstatus() We might have callers interested in the exact NTSTATUS error code. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit afd037df202adefa49d1b746ec18d522dcd1 Author: Volker Lendecke Date: Mon Feb 21 17:12:05 2022 +0100 smbd: Make OpenDir_fsp() return NTSTATUS Preparation for making OpenDir return NTSTATUS Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 2cef24a5fa681840147509e1f97d8ce19e0f533d Author: Volker Lendecke Date: Mon Feb 21 17:09:36 2022 +0100 smbd: Initialize a pointer Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme --- Summary of changes: source3/modules/vfs_streams_depot.c | 8 +-- source3/rpc_server/rpc_host.c | 8 +-- source3/smbd/close.c| 2 +- source3/smbd/dir.c | 102 +++- source3/smbd/filename.c | 12 +++-- source3/smbd/proto.h| 6 +++ source3/smbd/reply.c| 2 +- 7 files changed, 91 insertions(+), 49 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_streams_depot.c b/source3/modules/vfs_streams_depot.c index ae73ba965a5..f1ec5b9748a 100644 --- a/source3/modules/vfs_streams_depot.c +++ b/source3/modules/vfs_streams_depot.c @@ -551,6 +551,7 @@ static NTSTATUS walk_streams(vfs_handle_struct *handle, const char *dname = NULL; long offset = 0; char *talloced = NULL; + NTSTATUS status; dirname = stream_dir(handle, smb_fname_base, &smb_fname_base->st, false); @@ -594,13 +595,14 @@ static NTSTATUS walk_streams(vfs_handle_struct *handle, orig_connectpath = handle->conn->connectpath; handle->conn->connectpath = rootdir; - dir_hnd = OpenDir(talloc_tos(), handle->conn, dir_smb_fname, NULL, 0); - if (d
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via e34ef99 CVE-2021-44142.html: fix CVE version from f5017ed Add credits to the CVE-2021-44142 advisory https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit e34ef99fc28950a69d6be7f26061e4c7945c0203 Author: Ralph Boehme Date: Tue Feb 1 17:12:47 2022 +0100 CVE-2021-44142.html: fix CVE version Signed-off-by: Ralph Boehme --- Summary of changes: security/CVE-2021-44142.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/security/CVE-2021-44142.html b/security/CVE-2021-44142.html index 7e972e5..d2fe264 100644 --- a/security/CVE-2021-44142.html +++ b/security/CVE-2021-44142.html @@ -8,7 +8,7 @@ - CVE-2022-44142.html: + CVE-2021-44142.html: -- Samba Website Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via f5017ed Add credits to the CVE-2021-44142 advisory from 0c959c8 NEWS[4.16.0rc2]: Samba 4.16.0rc2 Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit f5017ed77c193406fb2adb68cd685b06297c8b71 Author: Ralph Boehme Date: Tue Feb 1 15:07:49 2022 +0100 Add credits to the CVE-2021-44142 advisory Signed-off-by: Ralph Boehme --- Summary of changes: security/CVE-2021-44142.html | 2 ++ 1 file changed, 2 insertions(+) Changeset truncated at 500 lines: diff --git a/security/CVE-2021-44142.html b/security/CVE-2021-44142.html index 8c7e491..7e972e5 100644 --- a/security/CVE-2021-44142.html +++ b/security/CVE-2021-44142.html @@ -85,6 +85,8 @@ Credits === Originally reported by Orange Tsai from DEVCORE. +Nguyen Hoang Thach and Billy Jheng Bing-Jhong of STAR Labs working with Trend Micro Zero Day Initiative +Lucas Leong of Trend Micro Zero Day Initiative Patches provided by Ralph Böhme of the Samba team. -- Samba Website Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 96b10702295 smbd: Assert we don't leak fd's in struct fd_handle via 529e6718c09 smbd: Replace SMB_VFS_CLOSE() calls with fd_close() via e6c8b38ecf1 vfs_commit: Reset fsp->fd->fd to -1 after SMB_VFS_CLOSE via 28e09580b05 pysmbd: Fix file descriptor leaks via 5988607d7fa smbd: Fix a fd leak when closing a print file from 9d2bf015378 s3:libsmb: fix signing regression SMBC_server_internal() https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 96b1070229545a7c7e223dddadb9e8503d7d8b6a Author: Volker Lendecke Date: Mon Dec 27 11:17:22 2021 +0100 smbd: Assert we don't leak fd's in struct fd_handle Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Thu Dec 30 11:54:17 UTC 2021 on sn-devel-184 commit 529e6718c0944ce2e31ba5c72799bedd8569541c Author: Volker Lendecke Date: Tue Dec 28 12:25:59 2021 +0100 smbd: Replace SMB_VFS_CLOSE() calls with fd_close() fd_close() mostly wraps SMB_VFS_CLOSE() but also takes care of refcounting fsp->fh properly and also makes sure that fsp->fh->fd is set to -1 after close. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit e6c8b38ecf1f040630a91a859d5f5bf528ceffbd Author: Volker Lendecke Date: Tue Dec 28 18:42:00 2021 +0100 vfs_commit: Reset fsp->fd->fd to -1 after SMB_VFS_CLOSE Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 28e09580b05951d2c1f5a6c57a1287b51e034e35 Author: Volker Lendecke Date: Tue Dec 28 18:34:20 2021 +0100 pysmbd: Fix file descriptor leaks Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 5988607d7fa3f5f62cf7e0f9517b471c1db19aee Author: Volker Lendecke Date: Tue Dec 28 12:25:40 2021 +0100 smbd: Fix a fd leak when closing a print file Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme --- Summary of changes: source3/modules/vfs_commit.c | 1 + source3/smbd/close.c | 1 + source3/smbd/durable.c | 48 +++- source3/smbd/fd_handle.c | 9 + source3/smbd/open.c | 17 ++-- source3/smbd/pysmbd.c| 32 +++-- source3/torture/cmd_vfs.c| 19 +- 7 files changed, 74 insertions(+), 53 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_commit.c b/source3/modules/vfs_commit.c index a933a5982e5..6d64896c7e0 100644 --- a/source3/modules/vfs_commit.c +++ b/source3/modules/vfs_commit.c @@ -244,6 +244,7 @@ static int commit_openat(struct vfs_handle_struct *handle, if (SMB_VFS_FSTAT(fsp, &st) == -1) { int saved_errno = errno; SMB_VFS_CLOSE(fsp); + fsp_set_fd(fsp, -1); errno = saved_errno; return -1; } diff --git a/source3/smbd/close.c b/source3/smbd/close.c index 0ea0f096fea..610450d086f 100644 --- a/source3/smbd/close.c +++ b/source3/smbd/close.c @@ -1542,6 +1542,7 @@ NTSTATUS close_file(struct smb_request *req, files_struct *fsp, } else if (fsp->print_file != NULL) { /* FIXME: return spool errors */ print_spool_end(fsp, close_type); + fd_close(fsp); file_free(req, fsp); status = NT_STATUS_OK; } else if (!fsp->fsp_flags.is_fsa) { diff --git a/source3/smbd/durable.c b/source3/smbd/durable.c index 88e0b70d137..a49bca6fd61 100644 --- a/source3/smbd/durable.c +++ b/source3/smbd/durable.c @@ -837,15 +837,15 @@ NTSTATUS vfs_default_durable_reconnect(struct connection_struct *conn, ret = SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st); if (ret == -1) { + NTSTATUS close_status; status = map_nt_error_from_unix_common(errno); DEBUG(1, ("Unable to fstat stream: %s => %s\n", smb_fname_str_dbg(smb_fname), nt_errstr(status))); - ret = SMB_VFS_CLOSE(fsp); - if (ret == -1) { - DEBUG(0, ("vfs_default_durable_reconnect: " - "SMB_VFS_CLOSE failed (%s) - leaking file " - "descriptor\n", strerror(errno))); + close_status = fd_close(fsp); + if (!NT_STATUS_IS_OK(close_status)) { + DBG_ERR("fd_close failed (%s) - leaking file " + "descriptor\n", nt_errstr(close_sta
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via b5e7e7b65ae s3: smbtorture3: Fix POSIX-BLOCKING-LOCK to actually negotiate SMB1+POSIX before using POSIX calls. via 89f284af616 s3: tests: Fix the samba3.blackbox.acl_xattr test to actually negotiate SMB1+POSIX before using POSIX calls. via e7f2cfb5442 s3: tests: Fix the samba3.blackbox.inherit_owner test to actually negotiate SMB1+POSIX before using POSIX calls. via 6453e5aac45 s4: torture: Fix unix.info2 test to actually negotiate SMB1+POSIX before using POSIX calls. via 397cc7599b9 s4: torture: Fix raw.search:test_one_file() by using the SMB1+POSIX connection for POSIX info levels. via aaa6d09f6fa s4: torture: raw.search: Add setup_smb1_posix(). Call it on the second connection in test_one_file(). via d681a4b0585 s4: torture: In raw.search:test_one_file() add a second connection. via 4bd1f7609fa s3: smbclient: Give a message if we try and use any POSIX command without negotiating POSIX first. via 59fa3806c94 s3: smbd: Tighten up info level checks for SMB1+POSIX to make sure POSIX was negotiated first. via 00fd039c904 s4: torture: In raw.search:test_one_file() remove the leading '\' in the test filenames. via 57c56d89be0 s4: torture: Fix raw.search:test_one_file() to use torture_result() instead of printf. from 25c87b70c07 s3: smbd: Remove 'struct uc_state' name_has_wildcard element. https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b5e7e7b65ae3251e128bbb41e7bbd0bfaeef4c7b Author: Jeremy Allison Date: Thu Nov 18 12:16:44 2021 -0800 s3: smbtorture3: Fix POSIX-BLOCKING-LOCK to actually negotiate SMB1+POSIX before using POSIX calls. This must be done before doing POSIX calls on a connection. Remove the final entry in knownfail.d/posix_infolevel_fails samba3.smbtorture_s3.plain.POSIX-BLOCKING-LOCK.smbtorture\(nt4_dc_smb1\) And remove the file knownfail.d/posix_infolevel_fails itself. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Sat Dec 11 12:03:36 UTC 2021 on sn-devel-184 commit 89f284af616e63b4ebc8bf00aed289cc7faf372e Author: Jeremy Allison Date: Fri Nov 19 00:05:35 2021 -0800 s3: tests: Fix the samba3.blackbox.acl_xattr test to actually negotiate SMB1+POSIX before using POSIX calls. Remove the following entries in knownfail.d/posix_infolevel_fails. samba3.blackbox.acl_xattr.NT1.nt_affects_posix.* samba3.blackbox.acl_xattr.NT1.nt_affects_chown.* samba3.blackbox.acl_xattr.NT1.nt_affects_chgrp.* Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit e7f2cfb5442f50c25c9a127dc1676360cab78b50 Author: Jeremy Allison Date: Fri Nov 19 12:12:36 2021 -0800 s3: tests: Fix the samba3.blackbox.inherit_owner test to actually negotiate SMB1+POSIX before using POSIX calls. Remove the following entry in knownfail.d/posix_infolevel_fails. samba3.blackbox.inherit_owner.*.NT1.*verify.*unix\ owner.* Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit 6453e5aac45a41b21c5cad989bad34caa47d7e53 Author: Jeremy Allison Date: Fri Nov 19 12:15:06 2021 -0800 s4: torture: Fix unix.info2 test to actually negotiate SMB1+POSIX before using POSIX calls. Cope with the minor difference in wildcard search return when we're actually using SMB1+POSIX on the server (SMB1+POSIX treats all directory search paths as wildcards). Remove the following entries in knownfail.d/posix_infolevel_fails. samba3.unix.info2.info2\(nt4_dc_smb1\) samba3.unix.info2.info2\(ad_dc_smb1\) Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit 397cc7599b91cec10aa79570e29e9ced72a1690f Author: Jeremy Allison Date: Fri Nov 19 14:51:39 2021 -0800 s4: torture: Fix raw.search:test_one_file() by using the SMB1+POSIX connection for POSIX info levels. Remove the following entry in knownfail.d/posix_infolevel_fails. ^samba3.raw.search.one\ file\ search.* from knownfail.d/posix_infolevel_fails Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit aaa6d09f6fa376926237f90168c2dbc22fcf2e39 Author: Jeremy Allison Date: Fri Nov 19 14:48:20 2021 -0800 s4: torture: raw.search: Add setup_smb1_posix(). Call it on the second connection in test_one_file(). Not yet used. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit d681a4b058522211e2db3095653dddf53a1f3caf Author: Jeremy Allison Date: Fri Nov 19 14:44:05 2021 -0800 s4: torture: In raw.search:test_one_file() add a second connection. Change from torture_suite_add_1smb_test() to torture_suite_add_2smb
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 25c87b70c07 s3: smbd: Remove 'struct uc_state' name_has_wildcard element. via 0ecb5e3e3fb s3: smbd: In unix_convert_step_stat() remove use of state->name_was_wildcard. via e6f0269817e s3: smbd: In unix_convert_step() remove all use of 'state->name_was_wildcard' via ce6b3ba4099 s3: smbd: In unix_convert() remove the now unneeded block indentation. via b21ba035bf3 s3: smbd: In unix_convert(), remove all references to state->name_has_wildcard. via 1d52a4a4677 s3: smbd: Inside unix_convert(), never set state->name_is_wildcard. via 6493d39b679 s3: smbd: UCF_ALWAYS_ALLOW_WCARD_LCOMP 0x0002 is no longer used. via 6f15f8b68a5 s3: smbd: We no longer need determine_path_error(). via e1cc3e3a673 s3: smbd: Inside 'struct uc_state', remove allow_wcard_last_component. via da1417fb37b s3: smbd: filename_convert() no longer deals with wildcards. via 24002be5883 s3: smbd: parse_dfs_path() can ignore wildcards. via 52ca4bf6d5a s3: smbd: Remove 'bool search_wcard_flag' from parse_dfs_path(). via 18125747483 s3: smbd: dfs_path_lookup() no longer deals with wildcards. via fa45c91cb45 s3: smbd: Fix call_trans2findfirst() to use filename_convert_smb1_search_path(). via 1658fad32cb s3: smbd: Convert reply_search() to use filename_convert_smb1_search_path(). via 3ca82218643 s3: smbd: Add filename_convert_smb1_search_path() - deals with SMB1 search pathnames. via addbf4cc3ba s3: smbd: Allow dfs_redirect() to return a TWRP token it got from a parsed pathname. via a568e92e51a s3: smbd: In dfs_path_lookup(). If we have a DFS path including a @GMT-token, don't throw away the twrp value when parsing the path. via 14e0dd43d56 s3: smbd: filename_convert() is now a one-to-one wrapper around filename_convert_internal(). via 5425f2aa43d s3: smbd: Remove now unused check_reduced_name_with_privilege(). via 02f840308d5 s3: smbd: Remove unused check_name_with_privilege(). via b18c2abae99 s3: smbd: In filename_convert_internal(), remove call to check_name_with_privilege(). via 59b7101ac9e s3: smbd: Remove filename_convert_with_privilege(). No longer used. via 18a1cc632b4 s3: smbd: In call_trans2findfirst() we don't need filename_convert_with_privilege() anymore. via a3acb8698bb s3: smbd: Remove split_fname_dir_mask(). via a325cb09552 s3: smbd: In rename_internals(), remove the name spliting and re-combining code. via 449aa4153a6 s3: smbd: check_name() is now static to filename.c via 07df94ade1e s3: smbd: In rename_internals_fsp(), remove unneeded call to check_name(). via d58b9094f7b s3: smbd: Handling SMB_FILE_RENAME_INFORMATION, the destination name is a single component. via 6db08012e99 s3: smbd: Remove the old unlink_internals() implementation. via b2a0664d4c1 s3: smbd: Comment out the old unlink_internals(). Rename do_unlink() -> unlink_internals(). via e60360c4868 s3: smbd: Move to modern debug calls inside do_unlink(). via 048239d s3: smbd: Move setting of dirtype if FILE_ATTRIBUTE_NORMAL to do_unlink(). from f7e1a81cc05 s3:torture: Initialize pointer with NULL https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 25c87b70c07647896c9e7c4c1132835dbe318b61 Author: Jeremy Allison Date: Fri Dec 3 13:06:27 2021 -0800 s3: smbd: Remove 'struct uc_state' name_has_wildcard element. It is never set or looked at. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Sat Dec 11 08:07:14 UTC 2021 on sn-devel-184 commit 0ecb5e3e3fb45c119c9cb933cc8479b6d33de1ad Author: Jeremy Allison Date: Fri Dec 3 13:05:55 2021 -0800 s3: smbd: In unix_convert_step_stat() remove use of state->name_was_wildcard. It can never be true. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit e6f0269817ef121f55b212bcec8ed9fad40a6ffd Author: Jeremy Allison Date: Fri Dec 3 13:03:47 2021 -0800 s3: smbd: In unix_convert_step() remove all use of 'state->name_was_wildcard' We know it is never true. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit ce6b3ba4099cf1fd35ccd5b85c59f1e76918fb3b Author: Jeremy Allison Date: Fri Dec 3 12:59:50 2021 -0800 s3: smbd: In unix_convert() remove the now unneeded block indentation. We removed the 'if (state->name_has_wildcard) {' clause, so the block no longer needs indenting. Best seen with git show -b. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit b21ba035bf364400
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via bd98e040d4a Update WHATSNEW.txt with removal of wildcard copy, rename and unlink. via 4ac91bd065c s3: smbd: Remove 'const char *src_original_lcomp' from reply_mv(). via 5190a8bd821 s3: smbd: Remove 'const char *src_original_lcomp' parameter from rename_internals(). via 7ac844ce92a s3: smbd: Inside rename_internals() remove '{ ... }' block around singleton rename code. via fe92aaa962a s3: smbd: Remove the commented out resolve_wildcards(). via ff722c0fdfb s3: smbd: Remove all wildcard code from rename_internals(). via 3cb5ef1c798 s3: smbd: Remove dest_has_wild and all associated code from rename_internals() via 885a982b9fd s3: smbd: Prepare to remove wildcard matching from rename_internals(). via de90620bec5 s3: smbd: In reply_ntrename() remove 'bool dest_has_wcard' and all uses. via f44fc91505a s3: smbd: In reply_ntrename(), never set dest_has_wcard. via e66148c8741 s3: smbd: In reply_ntrename() remove the UCF_ALWAYS_ALLOW_WCARD_LCOMP flag for destination lookups. via ff4bbb1279a s3: smbd: In SMBntrename (0xa5) prevent wildcards in destination name. via f67f25bcf02 s3: smbd: In smb_file_rename_information() (SMB_FILE_RENAME_INFORMATION info level) prevent destination wildcards. via 4cfe055ca7e s3: smbd: Remove UCF_ALWAYS_ALLOW_WCARD_LCOMP flag from pathname processing in reply_mv(). via 098d63a219c s3: smbd: Remove 'bool has_wild' parameter from unlink_internals(). via 42985702df0 s3: smbd: Change unlink_internals() to ignore has_wild parameter. via f46445cb6ae s3: smbd: In reply_unlink() remove the possibility of receiving a wildcard name. via 7f61ff777b1 s3: smbd: Remove support for SMBcopy SMB_COM_COPY (0x29) via d2aae105c61 s3: torture: Remove the wildcard unlink test code. via fb4e998346d s4: torture: Remove the wildcard rename test code. via 3c9a33ca346 s4: torture: Remove the wildcard unlink test code. via ef1d9d31bc3 s3: torture: In run_smb1_wild_mangle_unlink_test() use a valid pathname for rename target. via 78ee275c734 s3: torture: In torture_mangle(), use torture_deltree() for setup and cleanup. via 6cb9f127e1f s3: torture: In test_mask(), use torture_deltree() for setup. via 9398655cfdd s3: torture: In run_streamerror(), use torture_deltree() for setup. via 5a802ae2d31 s3: torture: In torture_chkpath_test(), use torture_deltree() for setup and cleanup. via 1eeabbf8401 s3: torture: In torture_casetable(), use torture_deltree() for setup and cleanup. via 498b3d923cd s3: torture: In torture_utable(), use torture_deltree() for setup. via 7ffc03d5e7d s3: torture: In run_smb1_wild_mangle_rename_test() use torture_deltree() for setup and cleanup. via 3a73178fe48 s3: torture: In run_smb1_wild_mangle_unlink_test() use torture_deltree() for setup and cleanup. via a0bfb37b4be s3: torture: Add torture_deltree() for setup and teardown. via 770d8375fca s4: libcli: smbcli_unlink() is no longer used with wildcard patterns. via 3a42b351364 s4: torture: Use smbcli_unlink_wcard() to setup and cleanup in masktest. via 367dc3cb597 s4: torture: Use smbcli_unlink_wcard() in base.casetable test. via c697ad1e389 s4: torture: Use smbcli_unlink_wcard() to cleanup in base.mangle test. via 78102894931 s4: torture: Use smbcli_unlink_wcard() to remove wildcards in base.chkpath test. via 35d8b146655 s4: torture: In raw.notify test use smbcli_unlink_wcard() in place of smbcli_unlink(). via 5b7ff5a9d00 s4: libcli: In smbcli_deltree() use smbcli_unlink_wcard() in place of smbcli_unlink(). via 3d0857c9ec2 s4: libcli: Add smbcli_unlink_wcard(). from e2b7a2f7811 s4-auth: Remove unused headers https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit bd98e040d4a4a24cc2be5bb9cfde5ebbe575ce52 Author: Jeremy Allison Date: Tue Dec 7 10:25:38 2021 -0800 Update WHATSNEW.txt with removal of wildcard copy, rename and unlink. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Thu Dec 9 18:57:15 UTC 2021 on sn-devel-184 commit 4ac91bd065cee699cdb4daeff719d02464d75326 Author: Jeremy Allison Date: Wed Dec 1 16:40:55 2021 -0800 s3: smbd: Remove 'const char *src_original_lcomp' from reply_mv(). No longer used. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit 5190a8bd8211f93b11409ae2ba5fbe365b1a8390 Author: Jeremy Allison Date: Wed Dec 1 16:39:42 2021 -0800 s3: smbd: Remove 'const char *src_original_lcomp' parameter from rename_internals(). No longe
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f4d0bb164f0 smb2_server: skip tcon check and chdir_current_service() for FSCTL_QUERY_NETWORK_INTERFACE_INFO via 629d161b8f5 s4:torture/smb2: FSCTL_QUERY_NETWORK_INTERFACE_INFO should work on noperm share via 1744dd8c5bc smb2_server: don't let SMB2_OP_IOCTL force FILE_CLOSED for invalid file ids via fb33f145ff5 s4:torture/smb2: FSCTL_QUERY_NETWORK_INTERFACE_INFO gives INVALID_PARAMETER with invalid file ids via aab54050343 smb2_ioctl: return BUFFER_TOO_SMALL in smbd_smb2_request_ioctl_done() via b3212b359ed s4:torture/smb2: test FSCTL_QUERY_NETWORK_INTERFACE_INFO with BUFFER_TOO_SMALL via c850ce96fd3 smb2_server: skip tcon check and chdir_current_service() for FSCTL_VALIDATE_NEGOTIATE_INFO via bd3ba3c96e6 smb2_server: decouple IOCTL check from signing/encryption states via 1cd948d8520 smb2_server: make sure in_ctl_code = IVAL(body, 0x04); reads valid bytes via 735fc34682c s4:torture/smb2: add smb2.ioctl.bug14788.VALIDATE_NEGOTIATE via 04a79139a42 libcli/smb: split out smb2cli_raw_tcon* from smb2cli_tcon* from 0991946ab2e heimdal_build: Remove memset_s from roken, already in libreplace https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f4d0bb164f028da46eab766135bb38175c117deb Author: Stefan Metzmacher Date: Wed Sep 15 19:29:40 2021 +0200 smb2_server: skip tcon check and chdir_current_service() for FSCTL_QUERY_NETWORK_INTERFACE_INFO We should not fail this just because the user doesn't have permissions on the share root. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Dec 1 11:51:50 UTC 2021 on sn-devel-184 commit 629d161b8f579bc24acfaf3fe02612a5237345b4 Author: Stefan Metzmacher Date: Mon Nov 29 19:56:20 2021 +0100 s4:torture/smb2: FSCTL_QUERY_NETWORK_INTERFACE_INFO should work on noperm share Demonstrate that smbd fails FSCTL_QUERY_NETWORK_INTERFACE_INFO only because the user doesn't have permissions on the share root. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit 1744dd8c5bc342a74e397951506468636275fe45 Author: Stefan Metzmacher Date: Wed Sep 15 20:27:12 2021 +0200 smb2_server: don't let SMB2_OP_IOCTL force FILE_CLOSED for invalid file ids smbd_smb2_request_process_ioctl() already detailed checks for file_ids, which not reached before. .allow_invalid_fileid = true was only used for SMB2_OP_IOCTL. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit fb33f145ff598b03a08098b7f12f3c53491f6c04 Author: Stefan Metzmacher Date: Mon Nov 29 19:56:20 2021 +0100 s4:torture/smb2: FSCTL_QUERY_NETWORK_INTERFACE_INFO gives INVALID_PARAMETER with invalid file ids An invalid file id for FSCTL_QUERY_NETWORK_INTERFACE_INFO gives INVALID_PARAMETER instead of FILE_CLOSED. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit aab540503434817cc6b2de1d9c507f9d0b3ad980 Author: Stefan Metzmacher Date: Wed Sep 15 20:26:58 2021 +0200 smb2_ioctl: return BUFFER_TOO_SMALL in smbd_smb2_request_ioctl_done() We should not send more data than the client requested. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit b3212b359edb78d4c60fed377fa18478c8e75d9a Author: Stefan Metzmacher Date: Mon Nov 29 19:44:12 2021 +0100 s4:torture/smb2: test FSCTL_QUERY_NETWORK_INTERFACE_INFO with BUFFER_TOO_SMALL It seems that we currently don't have BUFFER_TOO_SMALL handling for FSCTL/IOCTL calls. FSCTL_QUERY_NETWORK_INTERFACE_INFO is just an easy example to demonstrate it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit c850ce96fd32ea91d8a31223bb09dd5b8b98d99e Author: Stefan Metzmacher Date: Mon Aug 16 17:28:05 2021 +0200 smb2_server: skip tcon check and chdir_current_service() for FSCTL_VALIDATE_NEGOTIATE_INFO We should not fail this just because the user doesn't have permissions on the share root. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit bd3ba3c96e6ba811afd5898ff5470188557a6e33 Author: Stefan Metzmacher Date: Wed Sep 15 17:25:53 2021 +0200 smb2_server: decouple IOCTL check from signing/encr
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via cdc0268c198 cmdline: Make -P work in clustered mode via 63c80f25da8 cmdline: Add a callback to set the machine account details via d6270525699 lib: Add required includes to source3/include/secrets.h via 9faa3173193 selftest: Add reproducer for bug 14908 from 2868b803649 lib/replace/timegm: use utf-8 https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit cdc0268c1987f36ab400ea01df88d55c02dccfdb Author: Volker Lendecke Date: Wed Nov 17 12:27:27 2021 +0100 cmdline: Make -P work in clustered mode Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908 Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Nov 17 18:29:09 UTC 2021 on sn-devel-184 commit 63c80f25da8829a7bd3244afea29c13f699efac1 Author: Volker Lendecke Date: Wed Nov 17 12:25:58 2021 +0100 cmdline: Add a callback to set the machine account details source3 clients need to work in clustered mode, the default cli_credentials_set_machine_account() only looks at the local secrets.tdb file Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908 Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit d6270525699fbc856b217cf18ece7f1d063b144d Author: Volker Lendecke Date: Wed Nov 17 12:25:05 2021 +0100 lib: Add required includes to source3/include/secrets.h Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908 Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 9faa3173193ddcb95905993d960cc10d4366524e Author: Volker Lendecke Date: Wed Nov 17 16:34:07 2021 +0100 selftest: Add reproducer for bug 14908 Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908 Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme --- Summary of changes: lib/cmdline/cmdline.c| 16 -- lib/cmdline/cmdline.h| 4 lib/cmdline/cmdline_s3.c | 28 lib/cmdline/wscript | 2 +- source3/include/secrets.h| 3 +++ source3/script/tests/test_net_machine_account.sh | 22 +++ source3/selftest/tests.py| 9 7 files changed, 81 insertions(+), 3 deletions(-) create mode 100755 source3/script/tests/test_net_machine_account.sh Changeset truncated at 500 lines: diff --git a/lib/cmdline/cmdline.c b/lib/cmdline/cmdline.c index 753cec27c3f..33d0c94e3b1 100644 --- a/lib/cmdline/cmdline.c +++ b/lib/cmdline/cmdline.c @@ -30,6 +30,11 @@ static struct cli_credentials *cmdline_creds; static samba_cmdline_load_config cmdline_load_config_fn; static struct samba_cmdline_daemon_cfg cmdline_daemon_cfg; +static NTSTATUS (*cli_credentials_set_machine_account_fn)( + struct cli_credentials *cred, + struct loadparm_context *lp_ctx) = + cli_credentials_set_machine_account; + /* PRIVATE */ bool samba_cmdline_set_talloc_ctx(TALLOC_CTX *mem_ctx) { @@ -122,6 +127,13 @@ struct samba_cmdline_daemon_cfg *samba_cmdline_get_daemon_cfg(void) return &cmdline_daemon_cfg; } +void samba_cmdline_set_machine_account_fn( + NTSTATUS (*fn) (struct cli_credentials *cred, + struct loadparm_context *lp_ctx)) +{ + cli_credentials_set_machine_account_fn = fn; +} + void samba_cmdline_burn(int argc, char *argv[]) { bool found = false; @@ -792,8 +804,8 @@ static void popt_common_credentials_callback(poptContext popt_ctx, if (machine_account_pending) { NTSTATUS status; - status = cli_credentials_set_machine_account(creds, -lp_ctx); + status = cli_credentials_set_machine_account_fn( + creds, lp_ctx); if (!NT_STATUS_IS_OK(status)) { fprintf(stderr, "Failed to set machine account: %s\n", diff --git a/lib/cmdline/cmdline.h b/lib/cmdline/cmdline.h index 1f85da0099e..5cd58c3ddbb 100644 --- a/lib/cmdline/cmdline.h +++ b/lib/cmdline/cmdline.h @@ -131,6 +131,10 @@ struct poptOption *samba_cmdline_get_popt(enum smb_cmdline_popt_options opt); */ struct samba_cmdline_daemon_cfg *samba_cmdline_get_daemon_cfg(void); +void samba_cmdline_set_machine_account_fn( + NTSTATUS (*fn) (struct cli_credentials *cred, + struct loadparm_context *lp_ctx)); + /** * @brief Burn secrets on the command line. * diff --git a/lib/cmdline/cmdline_s3.c b/lib/cmdline/cmdline_s3.c index 639d403aed3..6e2c
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 2868b803649 lib/replace/timegm: use utf-8 via 039f876c4e9 s4/auth/gensec/gensec_krb5_heimdal: use utf-8 via 6ced906e2be test/blackbox/test_samba-tool_ntacl: use utf-8 via 4c85693f553 s3/modules/vfs_acl_common.h: use utf-8 via c3194d0d65d test/bad_chars: ensure our tests could fail via fccb105e079 pytests: check that we don't have bad format characters from 1c8ea2448ea s3: smbd: In SMB1 call_trans2findnext() add and use a helper variable to ensure we don't call mangle_is_mangled() with a posix name. https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2868b8036498e7fa0c7ae3615f5d97b42b360da2 Author: Douglas Bagnall Date: Wed Nov 17 09:47:18 2021 +1300 lib/replace/timegm: use utf-8 Signed-off-by: Douglas Bagnall Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Nov 17 05:27:39 UTC 2021 on sn-devel-184 commit 039f876c4e9f635b207f3b16c99662297a93dd5e Author: Douglas Bagnall Date: Wed Nov 17 09:48:37 2021 +1300 s4/auth/gensec/gensec_krb5_heimdal: use utf-8 Signed-off-by: Douglas Bagnall Reviewed-by: Ralph Boehme commit 6ced906e2be66fb324aa012a06c8d3b10bbf78b2 Author: Douglas Bagnall Date: Wed Nov 17 09:49:05 2021 +1300 test/blackbox/test_samba-tool_ntacl: use utf-8 Signed-off-by: Douglas Bagnall Reviewed-by: Ralph Boehme commit 4c85693f55341344117f0b6d2bb7498099828dab Author: Douglas Bagnall Date: Wed Nov 17 09:47:52 2021 +1300 s3/modules/vfs_acl_common.h: use utf-8 Signed-off-by: Douglas Bagnall Reviewed-by: Ralph Boehme commit c3194d0d65d838b79cb5345a9d9433704b2f95ba Author: Douglas Bagnall Date: Wed Nov 17 10:23:02 2021 +1300 test/bad_chars: ensure our tests could fail Signed-off-by: Douglas Bagnall Reviewed-by: Ralph Boehme commit fccb105e079df7bfe22b6887262128ab9e81064d Author: Douglas Bagnall Date: Tue Nov 16 20:23:04 2021 + pytests: check that we don't have bad format characters Unicode has format control characters that affect the appearance — including the apparent order — of other characters. Some of these, like the bidi controls (for mixing left-to-right scripts with right-to-left scripts) can be used make text that means one thing look very much like it means another thing. The potential for duplicity using these characters has recently been publicised under the name “Trojan Source”, and CVE-2021-42694. A specific example, as it affects the Rust language is CVE-2021-42574. We don't have many format control characters in our code — in fact, just the non-breaking space (\u200b) and the redundant BOM thing (\ufeff), and this test aims to ensure we keep it that way. The test uses a series of allow-lists and deny-lists to check most text files for unknown format control characters. The filtering is fairly conservative but not exhaustive. For example, XML and text files are checked, but UTF-16 files are not. Signed-off-by: Douglas Bagnall Reviewed-by: Ralph Boehme --- Summary of changes: lib/replace/timegm.c| 2 +- python/samba/tests/source_chars.py | 261 selftest/tests.py | 2 + source3/modules/vfs_acl_common.h| 2 +- source4/auth/gensec/gensec_krb5_heimdal.c | 2 +- testdata/source-chars-bad.c | 23 +++ testprogs/blackbox/test_samba-tool_ntacl.sh | 2 +- 7 files changed, 290 insertions(+), 4 deletions(-) create mode 100644 python/samba/tests/source_chars.py create mode 100644 testdata/source-chars-bad.c Changeset truncated at 500 lines: diff --git a/lib/replace/timegm.c b/lib/replace/timegm.c index 395c684e117..93263a2d182 100644 --- a/lib/replace/timegm.c +++ b/lib/replace/timegm.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 Kungliga Tekniska H�gskolan + * Copyright (c) 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * diff --git a/python/samba/tests/source_chars.py b/python/samba/tests/source_chars.py new file mode 100644 index 000..f60dc5899af --- /dev/null +++ b/python/samba/tests/source_chars.py @@ -0,0 +1,261 @@ +# Unix SMB/CIFS implementation. +# +# Copyright (C) Catalyst.Net Ltd. 2021 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; with
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1c8ea2448ea s3: smbd: In SMB1 call_trans2findnext() add and use a helper variable to ensure we don't call mangle_is_mangled() with a posix name. via 761c9190454 s3: smbd: In unlink_internals() ensure we never call mangle_is_mangled for a posix path. via e2c45a09263 s3: smbd: SMB1 reply_copy(). Posix pathnames always means case_sensitive = true. via e3c40250fb1 s3: smbd: SMB1 reply_copy(). Posix pathnames should never call into mangle_is_mangled(). via d0d8f32d8f7 s3: smbd: In SMB1 reply_copy(), make req->posix_pathnames a helper variable. via 826ae5c8069 s3: smbd: Add and use helper variables for case_sensitive, case_preserve, short_case_preserve to rename_internals(). via 395acac7b46 s3: smbd: Ensure we never call mangle_is_mangled() for a posix path. via 23be0565dc7 s3: smbd: Add and use helper variable posix_pathname in rename_internals(). via 026b4318967 s3: smbd: Add and use helper variables case_sensitive, case_preserve in rename_internals_fsp(). via 836d6f8a226 s3: smbd: Add and use case_sensitive helper variable to unlink_internals(). via 89d986ec130 s3: smbd: Use a helper variable in smbd_smb2_query_directory_send(). via db6902a3c58 s3: smbd: In open_file() use the helper variable to select correct case_sensitive setting to is_in_path(). via 51b582546b5 s3: smbd: In open_file(), use a helper variable instead of always checking sp->posix_flags & FSP_POSIX_FLAGS_OPEN. via df8abb5aa76 s3: smbd: Use dptr_case_sensitive() in directory listing code. via e163f22e81d s3: smbd: Add dptr_case_sensitive(). Not yet used. via ab1e97f87b1 s3: smbd: In OpenDir_fsp(), set dir_hnd->case_sensitive to true if FSP_POSIX_FLAGS_OPEN is set. via ede3a45dfca s3: smbd: Use dir_hnd->case_sensitive instead of conn->case_sensitive. via af35c684a39 s3: smbd: Add case_sensitive to struct smb_Dir. via 1b130decc2b s3: smbd: Use state->case_sensitive instead of state->conn->case_sensitive. via 1240f741e66 s3: smbd: Add 'bool case_sensitive' to struct smbd_dirptr_lanman2_state. via 1cc5a394209 s3: smbd: In unix_convert() component_was_mangled is always false for posix. via 3911ca59f48 s3: smbd: In unix_convert_step_search_fail() ensure posix names don't call into name mangling functions. via d650d9ad8ae s3: smbd: Add comment to unix_convert() explaining why posix never calls into mangle_is_mangled() here. via 77f54fc14f2 s3: smbd: Turn on case sensitivity for a posix filename lookup. via f4354571d61 s3: smbd: Use state->short_case_preserve instead of state->conn->short_case_preserve. via 598c07b106e s3: smbd: Use state->case_preserve instead of state->conn->case_preserve. via 2910657694e s3: smbd: Use state->case_sensitive instead of state->conn->case_sensitive. via 35ee8a7b6c7 s3: smbd: Add case_sensitive, case_preserve, short_case_preserve to state struct. via b460c534272 s3: smbd: Ensure normalize_filename_case() doesn't modify posix names. via 86e42fb4841 s3: smbd: Add ucf_flags parameter to normalize_filename_case(). via 3f0935b369e s3: smbd: get_real_filename() is actually static to filename.c from a8c0c2c9e3a smbd: get rid of get_file_handle_for_metadata() https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1c8ea2448eaacb84c1c134e9597a5f873779b0a4 Author: Jeremy Allison Date: Tue Nov 9 14:57:18 2021 -0800 s3: smbd: In SMB1 call_trans2findnext() add and use a helper variable to ensure we don't call mangle_is_mangled() with a posix name. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Tue Nov 16 21:06:38 UTC 2021 on sn-devel-184 commit 761c9190454ce1704a041275723e23025bf62cf3 Author: Jeremy Allison Date: Tue Nov 9 14:55:05 2021 -0800 s3: smbd: In unlink_internals() ensure we never call mangle_is_mangled for a posix path. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit e2c45a092639c56d4a6b615fecef6d85f13b87eb Author: Jeremy Allison Date: Tue Nov 9 14:28:34 2021 -0800 s3: smbd: SMB1 reply_copy(). Posix pathnames always means case_sensitive = true. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit e3c40250fb1afafe833a02ff65474a76ea6e41eb Author: Jeremy Allison Date: Tue Nov 9 14:23:22 2021 -0800 s3: smbd: SMB1 reply_copy(). Posix pathnames should never call into mangle_is_mangled(). Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit d0d8f32d8f764bb2c9c00a3eda36367a7cd5a08f Author: Jeremy Allison Date: Tue Nov 9 14:21:
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0a546be0529 CVE-2020-25717: s3:auth: Fallback to a SID/UID based mapping if the named based lookup fails via 494bf7de6ff CVE-2020-25717: tests/krb5: Add a test for idmap_nss mapping users to SIDs via 8a9f2aa2c1c CVE-2020-25717: selftest: turn ad_member_no_nss_wb into ad_member_idmap_nss via fdbee5e074e CVE-2020-25717: nsswitch/nsstest.c: Lower 'non existent uid' to make room for new accounts via 5ea347d3673 CVE-2020-25717: tests/krb5: Add method to automatically obtain server credentials via bfd093648b4 CVE-2020-25727: idmap_nss: verify that the name of the sid belongs to the configured domain from c69b66f649c IPA DC: add missing checks https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0a546be05295a7e4a552f9f4f0c74aeb2e9a0d6e Author: Andrew Bartlett Date: Fri Nov 12 16:10:31 2021 +1300 CVE-2020-25717: s3:auth: Fallback to a SID/UID based mapping if the named based lookup fails Before the CVE-2020-25717 fixes we had a fallback from getpwnam('DOMAIN\user') to getpwnam('user') which was very dangerous and unpredictable. Now we do the fallback based on sid_to_uid() followed by getpwuid() on the returned uid. This obsoletes 'username map [script]' based workaround adviced for CVE-2020-25717, when nss_winbindd is not used or idmap_nss is actually used. In future we may decide to prefer or only do the SID/UID based lookup, but for now we want to keep this unchanged as much as possible. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901 Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Andrew Bartlett Signed-off-by: Stefan Metzmacher [me...@samba.org moved the new logic into the fallback codepath only in order to avoid behavior changes as much as possible] Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Mon Nov 15 19:01:56 UTC 2021 on sn-devel-184 commit 494bf7de6ff3e9abeb3753df0635737b80ce5bb7 Author: Joseph Sutton Date: Fri Nov 12 14:22:47 2021 +1300 CVE-2020-25717: tests/krb5: Add a test for idmap_nss mapping users to SIDs BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901 Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Joseph Sutton Signed-off-by: Stefan Metzmacher [me...@samba.org removed unused tests for a feature that was removed before merging] Reviewed-by: Ralph Boehme commit 8a9f2aa2c1cdfa72ad50d7c4f879220fe37654cd Author: Joseph Sutton Date: Fri Nov 12 14:20:45 2021 +1300 CVE-2020-25717: selftest: turn ad_member_no_nss_wb into ad_member_idmap_nss In reality environments without 'nss_winbind' make use of 'idmap_nss'. For testing, DOMAIN/bob is mapped to the local 'bob', while DOMAIN/jane gets the uid based on the local 'jane' vis idmap_nss. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901 Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Joseph Sutton Signed-off-by: Stefan Metzmacher [me...@samba.org avoid to create a new ad_member_idmap_nss environment and merge it with ad_member_no_nss_wb instead] Reviewed-by: Ralph Boehme commit fdbee5e074ebd76d659613b8b7114d70f938c38a Author: Joseph Sutton Date: Fri Nov 12 20:53:30 2021 +1300 CVE-2020-25717: nsswitch/nsstest.c: Lower 'non existent uid' to make room for new accounts BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901 Signed-off-by: Joseph Sutton Reviewed-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit 5ea347d3673e35891613c90ca837d1ce4833c1b0 Author: Joseph Sutton Date: Fri Nov 12 14:14:55 2021 +1300 CVE-2020-25717: tests/krb5: Add method to automatically obtain server credentials BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901 Signed-off-by: Joseph Sutton Reviewed-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit bfd093648b4af51d104096c0cb3535e8706671e5 Author: Stefan Metzmacher Date: Fri Nov 12 15:27:58 2021 +0100 CVE-2020-25727: idmap_nss: verify that the name of the sid belongs to the configured domain We already check the sid belongs to the domain, but checking the name too feels better and make it easier to understand. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme --- Summary of changes: nsswitch/nsstest.c| 2 +- python/samba/tests/krb5/kdc_base_test.py | 42 ++ python/samba/tests/krb5/test_idmap_nss.py | 232
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c89799beda6 docs-xml: Fix smbget manpage from 57c1e115ece smbd: reopen logs on SIGHUP for notifyd and cleanupd https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c89799beda6757c03045e3b103344adc15006a33 Author: Andreas Schneider Date: Thu Nov 11 14:46:15 2021 +0100 docs-xml: Fix smbget manpage There is no &stdarg.encrypt anymore. Signed-off-by: Andreas Schneider Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Thu Nov 11 16:27:12 UTC 2021 on sn-devel-184 --- Summary of changes: docs-xml/manpages/smbget.1.xml | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/smbget.1.xml b/docs-xml/manpages/smbget.1.xml index e91e5eb8cf4..64924ef9ca8 100644 --- a/docs-xml/manpages/smbget.1.xml +++ b/docs-xml/manpages/smbget.1.xml @@ -34,6 +34,7 @@ -b, --blocksize -O, --stdout -u, --update + -e, --encrypt -?, --help --usage smb://host/share/path/to/file @@ -145,7 +146,10 @@ Download only when remote file is newer than local file or local file is missing. - &stdarg.encrypt; + +-e, --encrypt + Enable SMB encryption. + -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 06ed4ccba6c lib/cmdline: setup default file logging for servers via 97592f16bfb lib/cmdline: remember config_type in samba_cmdline_init() via 120a598e531 lib/cmdline: fix indentation via fa9d9974d06 lib/debug: in debug_set_logfile() call reopen_logs_internal() via 948a82bd265 lib/debug: fix fd check before dup'ing to stderr via 117d45df47a winbindd: remove is_default_dyn_LOGFILEBASE() logic via 54f54fc2627 samba-bgqd: fix startup and logging via 25043ebb2e6 source3: move lib/substitute.c functions out of proto.h from c28be406746 auth:creds: Guess the username first via getpwuid(my_id) https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 06ed4ccba6cfe08aef061866f98b1d1da26682b8 Author: Ralph Boehme Date: Mon Nov 8 12:09:43 2021 +0100 lib/cmdline: setup default file logging for servers BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897 RN: samba process doesn't log to logfile Signed-off-by: Ralph Boehme Reviewed-by: Andreas Schneider Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Thu Nov 11 14:42:13 UTC 2021 on sn-devel-184 commit 97592f16bfb8590efbd2ed31fc9883d747ec650f Author: Ralph Boehme Date: Mon Nov 8 12:09:16 2021 +0100 lib/cmdline: remember config_type in samba_cmdline_init() BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897 Signed-off-by: Ralph Boehme Reviewed-by: Andreas Schneider commit 120a598e53173aacc0994318223bdac33dac4fbd Author: Ralph Boehme Date: Mon Nov 8 12:08:47 2021 +0100 lib/cmdline: fix indentation s/whitespace/tab/ BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897 Signed-off-by: Ralph Boehme Reviewed-by: Andreas Schneider commit fa9d9974d068897d35539e5316f606a15e8b38de Author: Ralph Boehme Date: Mon Nov 8 19:41:50 2021 +0100 lib/debug: in debug_set_logfile() call reopen_logs_internal() This simplifies the logging API for callers that typically would want to set logging by just setup_logging() once without bothering that typically configuration is loaded (via some lpcfg_load*() or lp_load*() varient) which will only then pick up the configured logfile from smb.conf without actually applying the new logifle to the logging subsytem. Therefor our daemons will additionally call reopen_logs() explicitly in their startup code after config is loaded, eg setup_logging(getprogname(), DEBUG_FILE); ... lpcfg_load(lp_ctx, config_file); ... reopen_logs(); By calling reopen_logs_internal() implicitly from debug_set_logfile() there's no need to call reopen_logs() explicitly anymore to apply the logfile. As reopen_logs() will also apply other logging configuration options, we have to keep the explicit calls in the daemon code. But at least this allows consistent logging setup wrt to the logfile in the new cmdline library. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897 Signed-off-by: Ralph Boehme Reviewed-by: Andreas Schneider commit 948a82bd2651e73e4e669a89dc77ba93abbb9b2f Author: Ralph Boehme Date: Wed Nov 10 14:13:11 2021 +0100 lib/debug: fix fd check before dup'ing to stderr Before I added per-class logfile and we had only one fd for the logfile the code looked like this: /* Take over stderr to catch output into logs */ if (state.fd > 0) { if (dup2(state.fd, 2) == -1) { /* Close stderr too, if dup2 can't point it - at the logfile. There really isn't much that can be done on such a fundamental failure... */ close_low_fd(2); } } In the current code the equivalent to state.fd is dbgc_config[DBGC_ALL].fd. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897 Signed-off-by: Ralph Boehme Reviewed-by: Andreas Schneider commit 117d45df47a1f3206bc38aaeaa11f2b327e43530 Author: Ralph Boehme Date: Wed Nov 10 18:27:08 2021 +0100 winbindd: remove is_default_dyn_LOGFILEBASE() logic Handling of -l commandline parameter is already implemented by lib/cmdline/. is_default_dyn_LOGFILEBASE() == true is the default case and this causes us to temporarily overwrite the configured logfile with LOGFILEBASE/log.winbindd until winbindd_reload_services_file() restores it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897 Signed-off-by: Ralph Boehme Reviewed-by: Andreas Schneider commit 54f54fc2627acbf5fac5e1fa86ab9f743741f3c4 Author: Ralph Boehme Date:
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 141f3f5f9a5 s3: smbd: Ensure in the directory scanning loops inside rmdir_internals() we don't overwrite the 'ret' variable. via adfad639096 s3: smbtorture3: Add test for setting delete on close on a directory, then creating a file within to see if delete succeeds. from b919798f575 smbd: early out in is_visible_fsp() https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 141f3f5f9a5ef556cc7864b2afbf8ad48b7ebe77 Author: Jeremy Allison Date: Wed Nov 3 19:02:36 2021 -0700 s3: smbd: Ensure in the directory scanning loops inside rmdir_internals() we don't overwrite the 'ret' variable. If we overwrite with ret=0, we return NT_STATUS_OK even when we goto err. This function should be restructured to use NT_STATUS internally, and make 'int ret' transitory, but that's a patch for another time. Remove knownfail. BUG: BUG: https://bugzilla.samba.org/show_bug.cgi?id=14892 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Thu Nov 4 09:10:27 UTC 2021 on sn-devel-184 commit adfad6390962022277cc6aacaa388af86e46b71c Author: Jeremy Allison Date: Wed Nov 3 16:50:10 2021 -0700 s3: smbtorture3: Add test for setting delete on close on a directory, then creating a file within to see if delete succeeds. Exposes an existing problem where "ret" is overwritten in the directory scan. Add knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14892 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme --- Summary of changes: source3/selftest/tests.py | 15 + source3/smbd/close.c| 13 +++-- source3/torture/proto.h | 1 + source3/torture/test_smb2.c | 136 source3/torture/torture.c | 4 ++ 5 files changed, 163 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index 5aba11c11b1..41ed728a03e 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -256,6 +256,21 @@ plantestsuite("samba3.smbtorture_s3.plain.%s" % "SMB2-LIST-DIR-ASYNC", smbtorture3, "", "-l $LOCAL_PATH"]) +# +# SMB2-DEL-ON-CLOSE-NONEMPTY needs to run against a special fileserver share veto_files_delete +# +plantestsuite("samba3.smbtorture_s3.plain.%s" % "SMB2-DEL-ON-CLOSE-NONEMPTY", +"fileserver", +[os.path.join(samba3srcdir, + "script/tests/test_smbtorture_s3.sh"), +'SMB2-DEL-ON-CLOSE-NONEMPTY', +'//$SERVER_IP/veto_files_delete', +'$USERNAME', +'$PASSWORD', +smbtorture3, +"", +"-l $LOCAL_PATH"]) + shares = [ diff --git a/source3/smbd/close.c b/source3/smbd/close.c index ad10215a4fa..e6272376739 100644 --- a/source3/smbd/close.c +++ b/source3/smbd/close.c @@ -1058,6 +1058,7 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct files_struct *fsp) struct smb_filename *smb_dname_full = NULL; struct smb_filename *direntry_fname = NULL; char *fullname = NULL; + int retval; if (ISDOT(dname) || ISDOTDOT(dname)) { TALLOC_FREE(talloced); @@ -1092,8 +1093,8 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct files_struct *fsp) goto err; } - ret = SMB_VFS_LSTAT(conn, smb_dname_full); - if (ret != 0) { + retval = SMB_VFS_LSTAT(conn, smb_dname_full); + if (retval != 0) { int saved_errno = errno; TALLOC_FREE(talloced); TALLOC_FREE(fullname); @@ -1136,8 +1137,8 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct files_struct *fsp) } /* Not a DFS link - could it be a dangling symlink ? */ - ret = SMB_VFS_STAT(conn, smb_dname_full); - if (ret == -1 && (errno == ENOENT || errno == ELOOP)) { + retval = SMB_VFS_STAT(conn, smb_dname_full); + if (retval == -1 && (errno == ENOENT || errno == ELOOP)) { /* * Dangling symlink.
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via bbdcd66c048 s3: smbd: dirfsp is being used uninitialized inside rmdir_internals(). from a8a0667263d s3:librpc: Improve calling of krb5_kt_end_seq_get() https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit bbdcd66c048fee39629aeff450b50d049806e2f7 Author: Jeremy Allison Date: Tue Nov 2 10:44:44 2021 -0700 s3: smbd: dirfsp is being used uninitialized inside rmdir_internals(). Not caught be the tests in bugs 14878, 14879 as can_delete_directory_fsp() doesn't have the same bug. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14892 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Nov 3 14:33:49 UTC 2021 on sn-devel-184 --- Summary of changes: source3/smbd/close.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/close.c b/source3/smbd/close.c index eae276b2e9c..ad10215a4fa 100644 --- a/source3/smbd/close.c +++ b/source3/smbd/close.c @@ -1052,6 +1052,8 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct files_struct *fsp) goto err; } + dirfsp = dir_hnd_fetch_fsp(dir_hnd); + while ((dname = ReadDirName(dir_hnd, &dirpos, &st, &talloced)) != NULL) { struct smb_filename *smb_dname_full = NULL; struct smb_filename *direntry_fname = NULL; @@ -1200,7 +1202,6 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct files_struct *fsp) /* Do a recursive delete. */ RewindDir(dir_hnd,&dirpos); - dirfsp = dir_hnd_fetch_fsp(dir_hnd); while ((dname = ReadDirName(dir_hnd, &dirpos, &st, &talloced)) != NULL) { struct smb_filename *direntry_fname = NULL; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 494eb0c22a6 debug: Add new smb.conf option "debug syslog format" via 5e1e9d74ab6 debug: Add debug_syslog_format setting from be3a47e22ad s3:modules:recycle - fix crash in recycle_unlink_internal https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 494eb0c22a67f0a9672a53f8941ad6fecf291a77 Author: Martin Schwenke Date: Sun Oct 31 11:59:30 2021 +1100 debug: Add new smb.conf option "debug syslog format" Signed-off-by: Martin Schwenke Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Mon Nov 1 07:29:47 UTC 2021 on sn-devel-184 commit 5e1e9d74ab6f59a62ac8dae3239299a0ef334708 Author: Martin Schwenke Date: Thu Oct 28 19:05:19 2021 +1100 debug: Add debug_syslog_format setting Without debug_hires_timestamp this produces a syslog style header containing: "MON DD HH:MM:SS HOSTNAME PROGNAME[PID] " With debug_hires_timestamp this produces a syslog style header containing: "RFC5424-TIMESTAMP HOSTNAME PROGNAME[PID] " All other settings are ignored. This will be made visible via smb.conf in a subsequent commit. This commit adds some simple hostname handling. It avoids using get_myname() from util.c because using that potentially pulls in all manner of dependencies. No real error handling is done. In the worst case debug_set_hostname() sets the hostname to a truncated version of the given string. Similarly, in an even weirder world, ensure_hostname() sets the hostname to a truncation of "unknown". Both of these are unlikely in all reasonable cases. Signed-off-by: Martin Schwenke Reviewed-by: Ralph Boehme --- Summary of changes: .../smbdotconf/logging/debughirestimestamp.xml | 3 +- docs-xml/smbdotconf/logging/debugsyslogformat.xml | 21 ++ lib/param/loadparm.c | 2 + lib/util/debug.c | 75 +- lib/util/debug.h | 2 + lib/util/debug_s3.c| 2 + source3/param/loadparm.c | 1 + 7 files changed, 104 insertions(+), 2 deletions(-) create mode 100644 docs-xml/smbdotconf/logging/debugsyslogformat.xml Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/logging/debughirestimestamp.xml b/docs-xml/smbdotconf/logging/debughirestimestamp.xml index 72598d757ca..79d928ab3d9 100644 --- a/docs-xml/smbdotconf/logging/debughirestimestamp.xml +++ b/docs-xml/smbdotconf/logging/debughirestimestamp.xml @@ -9,7 +9,8 @@ -Note that the parameter must be on for this to have an effect. +Note that the parameter or + must be on for this to have an effect. diff --git a/docs-xml/smbdotconf/logging/debugsyslogformat.xml b/docs-xml/smbdotconf/logging/debugsyslogformat.xml new file mode 100644 index 000..f943f3a5323 --- /dev/null +++ b/docs-xml/smbdotconf/logging/debugsyslogformat.xml @@ -0,0 +1,21 @@ +http://www.samba.org/samba/DTD/samba-doc";> + + +With this option enabled, debug messages are printed in a +single-line format like that traditionally produced by syslog. +The timestamp consists of an abbreviated month, space-padded date, +and time including seconds. This is followed by the hostname and +the program name, with the process-ID in square brackets. + + + +If is also enabled +then an RFC5424 timestamp is used instead. + + + +no + diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c index 2eac1ba7c38..9c725402758 100644 --- a/lib/param/loadparm.c +++ b/lib/param/loadparm.c @@ -2559,6 +2559,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx) lpcfg_do_global_parameter(lp_ctx, "debug timestamp", "Yes"); lpcfg_do_global_parameter(lp_ctx, "debug prefix timestamp", "No"); lpcfg_do_global_parameter(lp_ctx, "debug hires timestamp", "Yes"); + lpcfg_do_global_parameter(lp_ctx, "debug syslog format", "No"); lpcfg_do_global_parameter(lp_ctx, "debug pid", "No"); lpcfg_do_global_parameter(lp_ctx, "debug uid", "No"); lpcfg_do_global_parameter(lp_ctx, "debug class", "No"); @@ -3102,6 +3103,7 @@ static bool lpcfg_update(struct loadparm_context *lp_ctx) settings.timestamp_logs = lp_ctx->globals->timestamp_logs; settings.debug_prefix_timestamp = lp_ctx->globals->debug_prefix_timestamp; settings.debug_hires_timestamp = lp_ctx->globals-
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0b818c6b77e s3: docs-xml: Clarify the "delete veto files" paramter. via e9ef970eee5 s3: smbd: Fix logic in can_delete_directory_fsp() to cope with dangling symlinks. via 26fecad2e66 s3: smbd: Fix logic in rmdir_internals() to cope with dangling symlinks. via a37d16e7c55 s3: smbd: Fix rmdir_internals() to do an early return if lp_delete_veto_files() is not set. via f254be19d65 s3: VFS: xattr_tdb. Allow unlinkat to cope with dangling symlinks. via 295d7d026ba s3: VFS: streams_depot. Allow unlinkat to cope with dangling symlinks. via 942123b9592 s3: smbd: Add two tests showing the ability to delete a directory containing a dangling symlink over SMB2 depends on "delete veto files" setting. via 73de1194c3c s3: smbd: Fix recursive directory delete of a directory containing veto file and msdfs links. via ad0082d79a6 s3: smbd: Add two tests showing recursive directory delete of a directory containing veto file and msdfs links over SMB2. from 866c1633277 editorconfig: Heimdal has mixed spaces and tabs with different width https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0b818c6b77e972626d0b071bebcf4ce55619fb84 Author: Jeremy Allison Date: Mon Oct 25 12:42:02 2021 -0700 s3: docs-xml: Clarify the "delete veto files" paramter. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Oct 29 14:57:14 UTC 2021 on sn-devel-184 commit e9ef970eee5eca8ab3720279c54098e91d2dfda9 Author: Jeremy Allison Date: Mon Oct 25 12:36:57 2021 -0700 s3: smbd: Fix logic in can_delete_directory_fsp() to cope with dangling symlinks. Remove knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit 26fecad2e66e91a3913d88ee2e0889f266e91d89 Author: Jeremy Allison Date: Mon Oct 25 12:32:29 2021 -0700 s3: smbd: Fix logic in rmdir_internals() to cope with dangling symlinks. Still need to add the same logic in can_delete_directory_fsp() before we can delete the knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit a37d16e7c55f85e3f2c9c8614755ea6307092d5f Author: Jeremy Allison Date: Mon Oct 25 12:21:37 2021 -0700 s3: smbd: Fix rmdir_internals() to do an early return if lp_delete_veto_files() is not set. Fix the comments to match what the code actually does. The exit at the end of the scan directory loop if we find a client visible filename is a change in behavior, but the previous behavior (not exist on visible filename, but delete it) was a bug and in non-tested code. Now it's testd. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit f254be19d6501a4f573843af97963e350a9ee2ed Author: Jeremy Allison Date: Mon Oct 25 12:02:43 2021 -0700 s3: VFS: xattr_tdb. Allow unlinkat to cope with dangling symlinks. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit 295d7d026babe3cd5123d0f53adcb16868907f05 Author: Jeremy Allison Date: Mon Oct 25 12:01:58 2021 -0700 s3: VFS: streams_depot. Allow unlinkat to cope with dangling symlinks. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit 942123b95923f35a32df4196a072a3ed3468396a Author: Jeremy Allison Date: Thu Oct 21 16:37:27 2021 -0700 s3: smbd: Add two tests showing the ability to delete a directory containing a dangling symlink over SMB2 depends on "delete veto files" setting. Add knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit 73de1194c3c429ab93d722a852aa4f54213b112a Author: Jeremy Allison Date: Thu Oct 21 16:18:24 2021 -0700 s3: smbd: Fix recursive directory delete of a directory containing veto file and msdfs links. Remove knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14878 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit ad0082d79a681b981154747dcde5713e1933b88f Author: Jeremy Allison Date: Thu Oct 21 15:06:20 2021 -0700 s3: smbd: Add two tests showing recursive directory delete of a directory containing veto file and msdfs links over SMB2. Add knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14878 Signed-off-by:
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 16d43ccfddf lib:cmdline: Fix -k option which doesn't expect anything via 5c6640470aa testprogs: Use new cmdline option for kerberos from 2be0a19d448 Revert "samba-tool: Pick local host if calling samba-tool from DC" https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 16d43ccfddf0e67a0ae87e3f13b3114c858d64ac Author: Andreas Schneider Date: Wed Oct 27 13:45:15 2021 +0200 lib:cmdline: Fix -k option which doesn't expect anything BUG: https://bugzilla.samba.org/show_bug.cgi?id=14846 Signed-off-by: Andreas Schneider Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Thu Oct 28 13:23:34 UTC 2021 on sn-devel-184 commit 5c6640470aa845780fbf17961e67b0d9302c2fbc Author: Andreas Schneider Date: Wed Oct 27 15:30:20 2021 +0200 testprogs: Use new cmdline option for kerberos BUG: https://bugzilla.samba.org/show_bug.cgi?id=14846 Signed-off-by: Andreas Schneider Reviewed-by: Ralph Boehme --- Summary of changes: lib/cmdline/cmdline.c | 2 +- testprogs/blackbox/test_kpasswd_heimdal.sh | 6 +++--- testprogs/blackbox/test_kpasswd_mit.sh | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/cmdline/cmdline.c b/lib/cmdline/cmdline.c index 5dd543f244d..753cec27c3f 100644 --- a/lib/cmdline/cmdline.c +++ b/lib/cmdline/cmdline.c @@ -1251,7 +1251,7 @@ static struct poptOption popt_legacy_s3[] = { { .longName = "kerberos", .shortName = 'k', - .argInfo= POPT_ARG_STRING, + .argInfo= POPT_ARG_NONE, .val= 'k', .descrip= "DEPRECATED: Migrate to --use-kerberos", }, diff --git a/testprogs/blackbox/test_kpasswd_heimdal.sh b/testprogs/blackbox/test_kpasswd_heimdal.sh index 1cf61e5d07d..43f38b09de2 100755 --- a/testprogs/blackbox/test_kpasswd_heimdal.sh +++ b/testprogs/blackbox/test_kpasswd_heimdal.sh @@ -71,10 +71,10 @@ testit "kinit with user password" \ do_kinit $TEST_PRINCIPAL $TEST_PASSWORD || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache" \ - "ls" "$SMB_UNC" -k yes || failed=`expr $failed + 1` + "ls" "$SMB_UNC" --use-kerberos=required || failed=`expr $failed + 1` testit "change user password with 'samba-tool user password' (unforced)" \ - $VALGRIND $PYTHON $samba_tool user password -W$DOMAIN -U$TEST_USERNAME%$TEST_PASSWORD -k no --newpassword=$TEST_PASSWORD_NEW || failed=`expr $failed + 1` + $VALGRIND $PYTHON $samba_tool user password -W$DOMAIN -U$TEST_USERNAME%$TEST_PASSWORD --use-kerberos=off --newpassword=$TEST_PASSWORD_NEW || failed=`expr $failed + 1` TEST_PASSWORD_OLD=$TEST_PASSWORD TEST_PASSWORD=$TEST_PASSWORD_NEW @@ -84,7 +84,7 @@ testit "kinit with user password" \ do_kinit $TEST_PRINCIPAL $TEST_PASSWORD || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache" \ - "ls" "$SMB_UNC" -k yes || failed=`expr $failed + 1` + "ls" "$SMB_UNC" --use-kerberos=required || failed=`expr $failed + 1` ### ### check that a short password is rejected diff --git a/testprogs/blackbox/test_kpasswd_mit.sh b/testprogs/blackbox/test_kpasswd_mit.sh index 0d1dcf2eae4..df0f53e0041 100755 --- a/testprogs/blackbox/test_kpasswd_mit.sh +++ b/testprogs/blackbox/test_kpasswd_mit.sh @@ -74,7 +74,7 @@ test_smbclient "Test login with user kerberos ccache" \ "ls" "$SMB_UNC" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1` testit "change user password with 'samba-tool user password' (unforced)" \ - $VALGRIND $PYTHON $samba_tool user password -W$DOMAIN -U$TEST_USERNAME%$TEST_PASSWORD -k no --newpassword=$TEST_PASSWORD_NEW || failed=`expr $failed + 1` + $VALGRIND $PYTHON $samba_tool user password -W$DOMAIN -U$TEST_USERNAME%$TEST_PASSWORD --use-kerberos=off --newpassword=$TEST_PASSWORD_NEW || failed=`expr $failed + 1` TEST_PASSWORD_OLD=$TEST_PASSWORD TEST_PASSWORD=$TEST_PASSWORD_NEW -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 9718fc0 team: add Jule from 85550a3 support/globalsupport: update Sernet Samba team https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 9718fc0819294e7af681a90882fdd5aa8e4f8ddd Author: Ralph Boehme Date: Wed Oct 20 09:46:42 2021 +0200 team: add Jule --- Summary of changes: team/index.html | 1 + 1 file changed, 1 insertion(+) Changeset truncated at 500 lines: diff --git a/team/index.html b/team/index.html index 117259f..ec7e369 100755 --- a/team/index.html +++ b/team/index.html @@ -50,6 +50,7 @@ mailing list and start contributing to the development of Samba. https://www.samba.org/~obnox/";>Michael Adam (https://www.redhat.com/";>Red Hat) https://www.samba.org/~jra";>Jeremy Allison mailto:a...@samba.org";>Christian Ambach +mailto:jan...@samba.org";>Jule Anger (http://www.sernet.de/en/";>SerNet) mailto:aap...@samba.org";>Aurélien Aptel (https://www.suse.com/";>SUSE) http://halo.gen.nz/";>Douglas Bagnall (http://catalyst.net.nz/what-we-offer/enterprise-solutions/samba";>Catalyst) https://www.samba.org/~abartlet/";>Andrew Bartlett (http://catalyst.net.nz/what-we-offer/enterprise-solutions/samba";>Catalyst) -- Samba Website Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 85550a3 support/globalsupport: update Sernet Samba team from a149f34 Add Samba 4.14.8 https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 85550a3d9412f33e65397e430181b5ce1e541fe9 Author: Ralph Boehme Date: Wed Oct 20 07:57:14 2021 +0200 support/globalsupport: update Sernet Samba team --- Summary of changes: support/globalsupport.html | 2 -- 1 file changed, 2 deletions(-) Changeset truncated at 500 lines: diff --git a/support/globalsupport.html b/support/globalsupport.html index 1f733c1..765aadb 100644 --- a/support/globalsupport.html +++ b/support/globalsupport.html @@ -90,8 +90,6 @@ fixes numerous Samba bugs. mailto:me...@samba.org>Stefan Metzmacher works on ActiveDirectory and security, he is one of the main Samba 4 authors. -mailto:k...@samba.org>Karolin Seeger is member of the Samba Project Leadership committee. - Links: -- Samba Website Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 12d04d9a928 docs-xml: Update winbindd(8) manpage via b92589c31f0 s3:winbindd: Fix winbindd child logfile name handling from 4fe96583624 s3: smbd: Ensure when we change security context we delete any $cwd cache. https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 12d04d9a9288a9358d5f5aebaec126cc610952b1 Author: Pavel Filipenský Date: Fri Oct 8 13:16:05 2021 +0200 docs-xml: Update winbindd(8) manpage BUG: https://bugzilla.samba.org/show_bug.cgi?id=14852 Signed-off-by: Pavel Filipenský Reviewed-by: Ralph Boehme Reviewed-by: Andreas Schneider Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Tue Oct 12 09:30:02 UTC 2021 on sn-devel-184 commit b92589c31f0eb3eaf2b3b1867e10b759f6a2edda Author: Pavel Filipenský Date: Thu Oct 7 12:08:22 2021 +0200 s3:winbindd: Fix winbindd child logfile name handling BUG: https://bugzilla.samba.org/show_bug.cgi?id=14852 Handling of logfile name for main and child winbindd must ensure: 1) Log directory is selected in this order: * -l option of winbindd * "log file" parameter in smb.conf * compile time value '/usr/local/samba/var' 2) Log filename pattern * parent process uses log.winbindd * child uses log.wb- 3) Log reopen works for both parent and child (i.e. log filename is not changed) * kill -HUP * smbcontrol reload-config This commit removes 3 calls of is_default_dyn_LOGFILEBASE() to make sure that: - 1st removal: child uses log.wb- after the fork - 2nd removal: child after HUP signal, does not switch to log.winbindd - 3rd removal: child after smbcontrol reload-config, does not switch to log.winbindd Interesting commits: bfa1b2a8 1484b7f3 3b015a4c d1f7a371 Signed-off-by: Pavel Filipenský Reviewed-by: Ralph Boehme Reviewed-by: Andreas Schneider --- Summary of changes: docs-xml/manpages/winbindd.8.xml | 20 +++- source3/winbindd/winbindd_dual.c | 11 ++- 2 files changed, 25 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/winbindd.8.xml b/docs-xml/manpages/winbindd.8.xml index 3b7487c1b1c..7a643b8879c 100644 --- a/docs-xml/manpages/winbindd.8.xml +++ b/docs-xml/manpages/winbindd.8.xml @@ -195,7 +195,25 @@ hosts: files wins - &cmdline.common.samba.server; + &cmdline.common.debug.server; + &cmdline.common.config.server; + &cmdline.common.option; + + + -l|--log-basename=logdirectory + + + Base directory name for log/debug files. The parent process + uses filename log.winbindd, the child process uses filename + log.wb-<name>. The log file is never removed by winbindd. + + + + + &cmdline.common.samba.leakreport; + &cmdline.common.samba.leakreportfull; + &cmdline.version; + &popt.autohelp; diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c index e19dfafc52f..b275dfb128c 100644 --- a/source3/winbindd/winbindd_dual.c +++ b/source3/winbindd/winbindd_dual.c @@ -1544,15 +1544,16 @@ NTSTATUS winbindd_reinit_after_fork(const struct winbindd_child *myself, close_conns_after_fork(); - if (is_default_dyn_LOGFILEBASE() && logfilename) { + if (logfilename != NULL) { lp_set_logfile(logfilename); reopen_logs(); } - if (!winbindd_setup_sig_term_handler(false)) + if (!winbindd_setup_sig_term_handler(false)) { return NT_STATUS_NO_MEMORY; - if (!winbindd_setup_sig_hup_handler( - !is_default_dyn_LOGFILEBASE() ? NULL : logfilename)) { + } + + if (!winbindd_setup_sig_hup_handler(logfilename)) { return NT_STATUS_NO_MEMORY; } @@ -1777,7 +1778,7 @@ static bool fork_domain_child(struct winbindd_child *child) winbind_msg_disconnect_dc); messaging_register( global_messaging_context(), - !is_default_dyn_LOGFILEBASE() ? NULL : child->logfilename, + child->logfilename, MSG_SMB_CONF_UPDATED, winbindd_msg_reload_services_child); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4fe96583624 s3: smbd: Ensure when we change security context we delete any $cwd cache. via 954e637ddc6 s3: selftest: Add regression test to show the $cwd cache is misbehaving when we connect as a different user on a share. from 3268bcd8f56 vfs: add and use a few SMB_VFS_ODX defines https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4fe965836243928ac33eb95a67d3e889fdc15861 Author: Jeremy Allison Date: Thu Oct 7 14:11:25 2021 -0700 s3: smbd: Ensure when we change security context we delete any $cwd cache. This will ensure we *always* call into the VFS_SMB_CHDIR backends on security context switch. The $cwd was an optimization that was only looking at the raw filesystem path. We could delete it completely but that is a patch for another day. Remove knownfail on regression test. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14682 RN: vfs_shadow_copy2: core dump in make_relative_path Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Oct 8 21:28:04 UTC 2021 on sn-devel-184 commit 954e637ddc6f0f5291d0a15cdbcbc6a4f7a6cb13 Author: Jeremy Allison Date: Thu Oct 7 14:08:48 2021 -0700 s3: selftest: Add regression test to show the $cwd cache is misbehaving when we connect as a different user on a share. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14682 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme --- Summary of changes: source3/script/tests/test_chdir_cache.sh | 102 +++ source3/selftest/tests.py| 9 +++ source3/smbd/sec_ctx.c | 8 +++ 3 files changed, 119 insertions(+) create mode 100755 source3/script/tests/test_chdir_cache.sh Changeset truncated at 500 lines: diff --git a/source3/script/tests/test_chdir_cache.sh b/source3/script/tests/test_chdir_cache.sh new file mode 100755 index 000..6287d17354a --- /dev/null +++ b/source3/script/tests/test_chdir_cache.sh @@ -0,0 +1,102 @@ +#!/bin/bash +# +# Ensure we get a chdir_current_service error if CHDIR fails with EACCESS +# for an SMB2 request. +# +# BUG:https://bugzilla.samba.org/show_bug.cgi?id=14682 +# +# Copyright (C) 2021 Jeremy Allison + +if [ $# -lt 5 ]; then +echo Usage: test_chdir_user.sh \ +--configfile=SERVERCONFFILE SMBCLIENT SMBCONTROL SERVER SHARE +exit 1 +fi + +CONF=$1; shift 1 +SMBCLIENT=$1; shift 1 +SMBCONTROL=$1; shift 1 +SERVER=$1; shift 1 +SHARE=$1; shift 1 + +# Do not let deprecated option warnings muck this up +SAMBA_DEPRECATED_SUPPRESS=1 +export SAMBA_DEPRECATED_SUPPRESS + +conf_dir=$(dirname ${SERVERCONFFILE}) + +log_file=${conf_dir}/../smbd_test.log + +error_inject_conf=${conf_dir}/error_inject.conf +> ${error_inject_conf} + +incdir=$(dirname $0)/../../../testprogs/blackbox +. $incdir/subunit.sh + +failed=0 + +cd $SELFTEST_TMPDIR || exit 1 + +rm -f smbclient-stdin smbclient-stdout smbclient-stderr +mkfifo smbclient-stdin smbclient-stdout smbclient-stderr + +CLI_FORCE_INTERACTIVE=1; export CLI_FORCE_INTERACTIVE + +${SMBCLIENT} //${SERVER}/${SHARE} ${CONF} -U${USER}%${PASSWORD} \ +< smbclient-stdin > smbclient-stdout 2>smbclient-stderr & +CLIENT_PID=$! + +# Count the number of chdir_current_service: vfs_ChDir.*failed: Permission denied +# errors that are already in the log (should be zero). +num_errs=`grep "chdir_current_service: vfs_ChDir.*failed: Permission denied" ${log_file} | wc -l` + +sleep 1 + +exec 100>smbclient-stdin 101&100 + +# consume the smbclient output +head -n 4 <&101 + +# Now change user to user2, and connect to the share. +# This should leave us in the same share directory. +echo "logon user2 ${PASSWORD}" >&100 +echo "tcon ${SHARE}" >&100 + +# consume the smbclient output +head -n 4 <&101 + +# Ensure any chdir will give EACCESS. +echo "error_inject:chdir = EACCES" > ${error_inject_conf} +${SMBCONTROL} ${CONF} 0 reload-config + +sleep 1 + +# Do an 'ls' as user2. Changing users should have +# deleted the CHDIR cache, so we should now see +# a chdir_current_service: vfs_ChDir.*failed: Permission denied +# error message in the log. +echo 'ls' >&100 + +kill ${CLIENT_PID} +rm -f smbclient-stdin smbclient-stdout smbclient-stderr + +# Remove the chdir inject. +> ${error_inject_conf} +${SMBCONTROL} ${CONF} 0 reload-config + +# Now look for chdir_current_service: vfs_ChDir.*failed: Permission denied +# in the smb log. There should be one more than before. + +num_errs1=`grep "chdir_current_service: vfs_ChDir.*failed: Permission denied" ${log_file} | wc -l` + +testit "Verify we go
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 702ebb3d8c8 registry: skip root check when running with uid-wrapper enabled from ec95b3042bf tests/krb5: Add RodcPacEncryptionKey type allowing for RODC PAC signatures https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 702ebb3d8c8d9f7241bb264f9cb2a41a3dc46f32 Author: Ralph Boehme Date: Wed Aug 25 09:26:00 2021 +0200 registry: skip root check when running with uid-wrapper enabled Currently registry config is not used in the clustered testenv, so currently there's no problem. But once we do add that, the check would be triggered. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14787 Signed-off-by: Ralph Boehme Reviewed-by: Michael Adam Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Sep 22 16:57:25 UTC 2021 on sn-devel-184 --- Summary of changes: source3/registry/reg_backend_db.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/source3/registry/reg_backend_db.c b/source3/registry/reg_backend_db.c index 423b310fe8a..b1f6425d56a 100644 --- a/source3/registry/reg_backend_db.c +++ b/source3/registry/reg_backend_db.c @@ -737,7 +737,7 @@ WERROR regdb_init(void) * Clustered Samba can only work as root because we need messaging to * talk to ctdb which only works as root. */ -if (lp_clustering() && geteuid() != 0) { +if (!uid_wrapper_enabled() && lp_clustering() && geteuid() != 0) { DBG_ERR("Cluster mode requires running as root.\n"); return WERR_ACCESS_DENIED; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via b053bea0af2 s4/torture/masktest: don't ignore unknown options via 0c47f244312 s4/torture/locktest: don't ignore unknown options via f6be1c18bf7 s4/torture/gentest: don't ignore unknown options via ecb27e02e11 s4/regtree: don't ignore unknown options via ac86779fe49 s4/regshell: don't ignore unknown options via 604ce3d85a8 s4/regpatch: don't ignore unknown options via 5c75b5bdeb9 s4/regdiff: don't ignore unknown options via 08532b3d2e0 s4/cifsdd: don't ignore unknown options via ac292ec428e testparm: don't ignore unknown options via b851d48277f split_tokens: don't ignore unknown options via 5562674a218 smbtree: don't ignore unknown options via d841457aedd smbget: don't ignore unknown options via 46a0da16710 smbcquotas: don't ignore unknown options via 3755304b6ef smbcacls: don't ignore unknown options via 5a2b4ba0598 sharesec: don't ignore unknown options via 246d4f7b934 regedit: don't ignore unknown options via 372adfda9f0 profiles: don't ignore unknown options via bcc4756d829 pdbedit: don't ignore unknown options via 5536e7981c3 ntlm_auth: don't ignore unknown options via ff6a16806f6 nmblookup: don't ignore unknown options via c84916fef55 mvxattr: don't ignore unknown options via 72a6cf1a8a2 log2pcaphex: don't ignore unknown options via 4056bebf05f s3/async-tracker: don't ignore unknown options via 96ab7909bd9 vfstest: don't ignore unknown options via e3c5516dc57 pdbtest: don't ignore unknown options via 6afa1b3485c rpcclient: don't ignore unknown options via d5f36072334 s3/param: don't ignore unknown options via 08512e3a541 source3/lib/smbconf: don't ignore unknown options via 98c977f44b6 nmblookup: don't ignore unknown options via 6845051266a s4/smbclient: don't ignore unknown options via 4053a59d8dc smbstatus: don't ignore unknown options via c87cc09315a texpect: don't ignore unknown options via d179c4f49b3 smbclient: don't ignore unknown options via 09fd46aa1cb selftest: remove unsupported smbcacls option --get via 29910da882d lib/cmdline: restore s3 option name --max-protocol for MAXPROTOCOL from 4.14 via 9a3b7f1338e manpages: remove duplicate options from smbclient via fdfc475000f selftest: fix ---configfile option via 8f3ef4e6c5a lib/cmdline: fix --configfile handling of POPT_COMMON_CONFIG_ONLY used by ntlm_auth from efba2c445c5 gpo: Add Chromium Group Policy https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b053bea0af2b2f059d7ed2c920f283d82339022f Author: Ralph Boehme Date: Fri Sep 10 07:27:51 2021 +0200 s4/torture/masktest: don't ignore unknown options BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Sep 10 16:02:10 UTC 2021 on sn-devel-184 commit 0c47f244312f193c299d5b5b7b00db90364f8c8e Author: Ralph Boehme Date: Fri Sep 10 07:27:13 2021 +0200 s4/torture/locktest: don't ignore unknown options BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit f6be1c18bf78db9e45be953d95ef8581daed5b4b Author: Ralph Boehme Date: Fri Sep 10 07:26:01 2021 +0200 s4/torture/gentest: don't ignore unknown options BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit ecb27e02e113c597f952457e8a7803325c4c620e Author: Ralph Boehme Date: Fri Sep 10 07:25:30 2021 +0200 s4/regtree: don't ignore unknown options BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit ac86779fe490318a943ab90e5d117537e839b55f Author: Ralph Boehme Date: Fri Sep 10 07:23:59 2021 +0200 s4/regshell: don't ignore unknown options BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit 604ce3d85a879aa50c045b1f36c0580748b72eb7 Author: Ralph Boehme Date: Fri Sep 10 07:22:12 2021 +0200 s4/regpatch: don't ignore unknown options BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit 5c75b5bdeb9b39843f115fe07f1a44689af3fcc5 Author: Ralph Boehme Date: Fri Sep 10 07:21:31 2021 +
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 867c6ff9f3f docs-xml: use upper case for "{client,server} smb3 {signing,encryption} algorithms" values from 16e907f8415 Added russian translate file https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 867c6ff9f3f28ab4bfa0cb1660889f3f5be0d111 Author: Stefan Metzmacher Date: Wed Sep 8 15:10:14 2021 +0200 docs-xml: use upper case for "{client,server} smb3 {signing,encryption} algorithms" values This matches what smbstatus prints out. Note there's also the removal of an '-' in "hmac-sha-256" => HMAC-SHA256". BUG: https://bugzilla.samba.org/show_bug.cgi?id=14825 RN: "{client,server} smb3 {signing,encryption} algorithms" should use the same strings as smbstatus output Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Sep 8 16:37:07 UTC 2021 on sn-devel-184 --- Summary of changes: docs-xml/smbdotconf/security/clientsmbencryptionalgos.xml | 8 docs-xml/smbdotconf/security/clientsmbsigningalgos.xml| 10 +- docs-xml/smbdotconf/security/serversmbencryptionalgos.xml | 8 docs-xml/smbdotconf/security/serversmbsigningalgos.xml| 10 +- lib/param/loadparm.h | 4 ++-- libcli/smb/util.c | 14 +++--- 6 files changed, 27 insertions(+), 27 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/security/clientsmbencryptionalgos.xml b/docs-xml/smbdotconf/security/clientsmbencryptionalgos.xml index 27da51ad625..78df3f909e9 100644 --- a/docs-xml/smbdotconf/security/clientsmbencryptionalgos.xml +++ b/docs-xml/smbdotconf/security/clientsmbencryptionalgos.xml @@ -9,13 +9,13 @@ It is also possible to remove individual algorithms from the default list, by prefixing them with '-'. This can avoid having to specify a hardcoded list. - Note: that the removal of aes-128-ccm from the list will result + Note: that the removal of AES-128-CCM from the list will result in SMB3_00 and SMB3_02 being unavailable, as it is the default and only available algorithm for these dialects. -aes-128-gcm, aes-128-ccm, aes-256-gcm, aes-256-ccm -aes-256-gcm --aes-128-gcm -aes-128-ccm +AES-128-GCM, AES-128-CCM, AES-256-GCM, AES-256-CCM +AES-256-GCM +-AES-128-GCM -AES-128-CCM diff --git a/docs-xml/smbdotconf/security/clientsmbsigningalgos.xml b/docs-xml/smbdotconf/security/clientsmbsigningalgos.xml index 1ad6c09626f..f7c61f3e661 100644 --- a/docs-xml/smbdotconf/security/clientsmbsigningalgos.xml +++ b/docs-xml/smbdotconf/security/clientsmbsigningalgos.xml @@ -9,14 +9,14 @@ It is also possible to remove individual algorithms from the default list, by prefixing them with '-'. This can avoid having to specify a hardcoded list. - Note: that the removal of aes-128-cmac from the list will result - in SMB3_00 and SMB3_02 being unavailable, and the removal od hmac-sha-256 + Note: that the removal of AES-128-CMAC from the list will result + in SMB3_00 and SMB3_02 being unavailable, and the removal of HMAC-SHA256 will result in SMB2_02 and SMB2_10 being unavailable, as these are the default and only available algorithms for these dialects. -aes-128-gmac, aes-128-cmac, hmac-sha-256 -aes-128-cmac, hmac-sha-256 --aes-128-cmac +AES-128-GMAC, AES-128-CMAC, HMAC-SHA256 +AES-128-CMAC, HMAC-SHA256 +-AES-128-CMAC diff --git a/docs-xml/smbdotconf/security/serversmbencryptionalgos.xml b/docs-xml/smbdotconf/security/serversmbencryptionalgos.xml index 3217970d4e7..2dd2db98cc5 100644 --- a/docs-xml/smbdotconf/security/serversmbencryptionalgos.xml +++ b/docs-xml/smbdotconf/security/serversmbencryptionalgos.xml @@ -9,13 +9,13 @@ It is also possible to remove individual algorithms from the default list, by prefixing them with '-'. This can avoid having to specify a hardcoded list. - Note: that the removal of aes-128-ccm from the list will result + Note: that the removal of AES-128-CCM from the list will result in SMB3_00 and SMB3_02 being unavailable, as it is the default and only available algorithm for these dialects. -aes-128-gcm, aes-128-ccm, aes-256-gcm, aes-256-ccm -aes-256-gcm --aes-128-gcm -aes-128-ccm +AES-128-GCM, AES-128-CCM, AES-256-GCM, AES-256-CCM +AES-256-GCM +-AES-128-GCM -AES-128-CCM diff --git a/docs-xml/smbdotconf/security/serversmbsigningalgos.xml b/docs-xml/smbdotconf/security/serversmbsigningalgos.xml index e73d4f04242..7884e603b5b 100644 --
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 28686f87139 s4/samba: POPT_COMMON_DAEMON via 9d82454cdfc winbindd: use POPT_COMMON_DAEMON via a20f63b3847 nmbd: use POPT_COMMON_DAEMON via ae22442db43 smbd: use POPT_COMMON_DAEMON via 877183ac0b5 lib/cmdline: restore pre-4.15 logging behaviour for daemons via aaa3c6a4132 lib/cmdline: add POPT_COMMON_DAEMON daemon popt options from 2f2c53c4f8f s3: smbd: Fix openat_pathref_fsp() to cope with FIFO's in the filesystem. https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 28686f8713958726085bd38a0889aa7725c95371 Author: Ralph Boehme Date: Fri Sep 3 14:04:22 2021 +0200 s4/samba: POPT_COMMON_DAEMON Note: this also changes logging to go to stderr instead of stdout which is the same behaviour as smbd, nmbd and winbindd (starting with 4.15). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14803 RN: smbd/winbindd started in daemon mode generate output on stderr/stdout Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Mon Sep 6 14:23:15 UTC 2021 on sn-devel-184 commit 9d82454cdfc2b4b8007c7b54b3afd5686f49be19 Author: Ralph Boehme Date: Fri Sep 3 12:25:00 2021 +0200 winbindd: use POPT_COMMON_DAEMON Note: this also changes logging to go to stderr instead of stdout which is the same behaviour as smbd and nmbd (starting with 4.15). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14803 Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke commit a20f63b384750d389aeafd4bd5e229aed72cb271 Author: Ralph Boehme Date: Fri Sep 3 12:14:19 2021 +0200 nmbd: use POPT_COMMON_DAEMON BUG: https://bugzilla.samba.org/show_bug.cgi?id=14803 Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke commit ae22442db437061aada6427adde205cd13f1d202 Author: Ralph Boehme Date: Fri Sep 3 07:33:39 2021 +0200 smbd: use POPT_COMMON_DAEMON BUG: https://bugzilla.samba.org/show_bug.cgi?id=14803 Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke commit 877183ac0b57f5b2902446e41bb6ab3191f84fa6 Author: Ralph Boehme Date: Fri Sep 3 07:28:45 2021 +0200 lib/cmdline: restore pre-4.15 logging behaviour for daemons For servers ensure logging is configured to go to a logfile unless in interactive mode by calling setup_logging() before lp_load_global() is called. In 4.14 servers had the chance to call setup_logging(getprogname(), DEBUG_FILE) before they called lp_load_*() explicitly in the server. Now in 4.15 lp_load_*() is called internally when parsing the command line arguments triggered by the server running the poptGetNextOpt() loop, so it's too late when the server calls setup_logging(getprogname(), DEBUG_FILE) as lots of debugging from lp_load_()* was already written to DEBUG_DEFAULT_STDERR. Note that there's a chicken and egg problem *within* this patchset: this change here breaks stdout logging for servers until the servers are converted to use the new POPT_COMMON_DAEMON. The only way to address that would be squashing all changes into one patchset, but for the sake of reviewability (is that an actual english word? :)) I chose to split the changes. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14803 Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke commit aaa3c6a4132d2e739958e168e7dc3e78dfa4a72e Author: Ralph Boehme Date: Fri Sep 3 07:22:18 2021 +0200 lib/cmdline: add POPT_COMMON_DAEMON daemon popt options Note: interactive=true implies fork=false. This matches the semantics that currently 3/4 daemons implement manually. Not used so far, no change in behaviour. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14803 Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke --- Summary of changes: lib/cmdline/cmdline.c | 80 ++ lib/cmdline/cmdline.h | 29 +++ lib/cmdline/cmdline_private.h | 4 ++ lib/cmdline/cmdline_s3.c | 11 - source3/nmbd/nmbd.c | 103 +- source3/smbd/server.c | 112 +- source3/winbindd/winbindd.c | 88 + source4/samba/server.c| 88 - 8 files changed, 223 insertions(+), 292 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/cmdline/cmdline.c b/lib/cmdline/cmdline.c index a0a55f4dcfb..a299a229f69 100644 --- a/lib/cmdline/cmdline.c +++ b/lib/cmdline/cmdline.c @@ -28,6 +28,7 @@ static TALLOC_CTX *cmdline_m
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 2f2c53c4f8f s3: smbd: Fix openat_pathref_fsp() to cope with FIFO's in the filesystem. via a54d9ffc87e s3: smbd: Add fifo test for the DISABLE_OPATH case. from 6590bb0b77c selftest: Add prefix to new schema attributes to avoid flapping dsdb_schema_attributes https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2f2c53c4f8f59a497bc33a24e5e0fc15ea076876 Author: Jeremy Allison Date: Thu Sep 2 14:40:53 2021 -0700 s3: smbd: Fix openat_pathref_fsp() to cope with FIFO's in the filesystem. Remove skip test for the DISABLE_OPATH case. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14816 RN: Fix pathref open of a filesystem fifo in the DISABLE_OPATH build Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Mon Sep 6 09:51:54 UTC 2021 on sn-devel-184 commit a54d9ffc87ebe602a0e7c48e35643ed2ff1a00bc Author: Jeremy Allison Date: Thu Sep 2 15:32:27 2021 -0700 s3: smbd: Add fifo test for the DISABLE_OPATH case. Currently we hang when trying to list a directory containing a fifo when configured with DISABLE_OPATH. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14816 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme --- Summary of changes: source3/script/tests/test_fifo.sh | 83 +++ source3/selftest/tests.py | 3 ++ source3/smbd/files.c | 4 ++ 3 files changed, 90 insertions(+) create mode 100755 source3/script/tests/test_fifo.sh Changeset truncated at 500 lines: diff --git a/source3/script/tests/test_fifo.sh b/source3/script/tests/test_fifo.sh new file mode 100755 index 000..11741dcc038 --- /dev/null +++ b/source3/script/tests/test_fifo.sh @@ -0,0 +1,83 @@ +#!/bin/sh +# +# Check smbclient can list a directory containing a fifo. +# + +if [ $# -lt 7 ]; then +cat <https://bugzilla.samba.org/show_bug.cgi?id=14816 +# +test_fifo() +{ +local fifo_dir_path="$PREFIX/$TARGET_ENV/share/fifodir" +local fifo_path="$fifo_dir_path/fifo_name" + +local tmpfile=$PREFIX/smbclient.in.$$ + +cat > $tmpfile <st.st_ex_mode)) { + open_flags |= O_NONBLOCK; + } + status = fd_openat(dirfsp, smb_fname, fsp, open_flags, 0); if (!NT_STATUS_IS_OK(status)) { if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND) || -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via fead05a4555 vfs_gpfs: deal with pathrefs fsps in smbd_gpfs_set_times() via 93a48399f42 lib/gpfswrap: add gpfs_set_times_path() wrapper via 1bbdb81899b vfs_gpfs: remove ENOSYS fallback from vfs_gpfs_fntimes() via 9a237e168a4 vfs_gpfs: pass fsp to smbd_gpfs_set_times() via 443608ee812 vfs_gpfs: deal with pathref fsps in vfs_gpfs_fntimes() via 882a466ea5f vfs_gpfs: add sys_proc_fd_path() fallback to vfs_gpfs_fset_dos_attributes() via 3679f54f178 vfs_gpfs: remove ENOSYS fallback from vfs_gpfs_fset_dos_attributes() via fde1b981435 vfs_gpfs: add path based fallback for gpfswrap_fstat_x() on pathref handles via 730f8c49a9b vfs_gpfs: check for O_PATH support in gpfswrap_fstat_x() via 1a3ac7a940f vfs_gpfs: make vfs_gpfs_connect() a no-op on IPC shares via 070dce224bb vfs_gpfs: don't check for struct gpfs_config_data in vfs_gpfs_[l]stat() via 145e739c440 vfs_gpfs: call SMB_VFS_NEXT_CONNECT() before running some module initialization code via bcd6bed7b86 smbd: avoid calling creating a pathref in smb_set_file_dosmode() from 5d53b848f60 wafsamba: always generate compile_commands.json again, but only when the samba dependencies changed https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit fead05a45556993b80a84fe9bb07b10debb4ae62 Author: Ralph Boehme Date: Thu Aug 5 12:08:00 2021 +0200 vfs_gpfs: deal with pathrefs fsps in smbd_gpfs_set_times() BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771 Signed-off-by: Ralph Boehme Reviewed-by: Christof Schmitt Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Thu Aug 26 20:08:51 UTC 2021 on sn-devel-184 commit 93a48399f427d114df63b434e7fcddc62a1d9ce5 Author: Ralph Boehme Date: Thu Aug 5 12:05:16 2021 +0200 lib/gpfswrap: add gpfs_set_times_path() wrapper BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771 Signed-off-by: Ralph Boehme Reviewed-by: Christof Schmitt commit 1bbdb81899be6c1da6fa9a63bf16a00401e09399 Author: Ralph Boehme Date: Fri Aug 13 11:55:16 2021 +0200 vfs_gpfs: remove ENOSYS fallback from vfs_gpfs_fntimes() BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771 Signed-off-by: Ralph Boehme Reviewed-by: Christof Schmitt commit 9a237e168a4bbd5665bd40d521506ca3a6825198 Author: Ralph Boehme Date: Thu Aug 5 11:58:58 2021 +0200 vfs_gpfs: pass fsp to smbd_gpfs_set_times() No change in behaviour. Prepares for dealing with pathref fsps in smbd_gpfs_set_times(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771 Signed-off-by: Ralph Boehme Reviewed-by: Christof Schmitt commit 443608ee8122a2c17258db8dca9885bb524957af Author: Ralph Boehme Date: Thu Aug 5 11:55:30 2021 +0200 vfs_gpfs: deal with pathref fsps in vfs_gpfs_fntimes() BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771 Signed-off-by: Ralph Boehme Reviewed-by: Christof Schmitt commit 882a466ea5f45e5e2197f2408ccd560383e13c3f Author: Ralph Boehme Date: Thu Jul 1 16:08:02 2021 +0200 vfs_gpfs: add sys_proc_fd_path() fallback to vfs_gpfs_fset_dos_attributes() gpfs_set_winattrs() is a modifying operation, my expectation thus is that it is not allowed on pathref (O_PATH) handles even though a recent Linux kernel commit 44a3b87444058b2cb055092cdebc63858707bf66 allowed calling utimensat() on pathref handles. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771 RN: Some VFS operations on pathref (O_PATH) handles fail on GPFS Signed-off-by: Ralph Boehme Reviewed-by: Christof Schmitt commit 3679f54f178ba6ddb940cc66f701e9b3a1dd543d Author: Ralph Boehme Date: Fri Aug 13 11:39:05 2021 +0200 vfs_gpfs: remove ENOSYS fallback from vfs_gpfs_fset_dos_attributes() This API call has existed for a long time, so we can safely assume that this always works. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771 Pair-Programmed-With: Christof Schmitt Signed-off-by: Ralph Boehme Signed-off-by: Christof Schmitt commit fde1b98143568fc816165502583f72e73b5d6b71 Author: Ralph Boehme Date: Thu Jul 29 19:28:14 2021 +0200 vfs_gpfs: add path based fallback for gpfswrap_fstat_x() on pathref handles BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771 Signed-off-by: Ralph Boehme Reviewed-by: Christof Schmitt commit 730f8c49a9bc8333f0b722ad65e4e587421c21ec Author: Ralph Boehme Date: Thu Jul 29 15:53:04 2021 +0200 vfs_gpfs: check for O_PATH support in gpfswrap_fstat_x() BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771 Signed-off-by: Ralph Boehme Reviewed-by: Christof Schmitt commit 1a3ac7a940fbb4ad8575ee3b0c56c9de2bf4b1f6 A
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 857045f3a23 s3: smbd: In create_conn_struct_cwd(), don't TALLOC_FREE() an unallocated pointer on error. via b4d8c62c4e8 s3: mdssvc: Correctly disconnect the VFS connection inside the mds_ctx destructor. from 6248eab5103 mangle_hash2: remove LOCK$ from list of reserved names https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 857045f3a236dea125200dd09279d677e513682b Author: Jeremy Allison Date: Mon Aug 23 17:42:40 2021 -0700 s3: smbd: In create_conn_struct_cwd(), don't TALLOC_FREE() an unallocated pointer on error. Just return the status - if create_conn_struct_as_root() fails the connection struct never gets returned. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14809 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Aug 25 17:09:23 UTC 2021 on sn-devel-184 commit b4d8c62c4e8191e05fd03dd096a0bc989e224ed3 Author: Jeremy Allison Date: Mon Aug 23 17:40:42 2021 -0700 s3: mdssvc: Correctly disconnect the VFS connection inside the mds_ctx destructor. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14809 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme --- Summary of changes: source3/rpc_server/mdssvc/mdssvc.c | 5 + source3/smbd/msdfs.c | 7 +-- 2 files changed, 6 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_server/mdssvc/mdssvc.c b/source3/rpc_server/mdssvc/mdssvc.c index d0e87dcf646..fa31b55a183 100644 --- a/source3/rpc_server/mdssvc/mdssvc.c +++ b/source3/rpc_server/mdssvc/mdssvc.c @@ -1569,6 +1569,11 @@ static int mds_ctx_destructor_cb(struct mds_ctx *mds_ctx) } TALLOC_FREE(mds_ctx->ino_path_map); + if (mds_ctx->conn != NULL) { + SMB_VFS_DISCONNECT(mds_ctx->conn); + conn_free(mds_ctx->conn); + } + ZERO_STRUCTP(mds_ctx); return 0; diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c index 45b6478985d..995ed815d90 100644 --- a/source3/smbd/msdfs.c +++ b/source3/smbd/msdfs.c @@ -525,12 +525,7 @@ NTSTATUS create_conn_struct_cwd(TALLOC_CTX *mem_ctx, path, session_info); unbecome_root(); - if (!NT_STATUS_IS_OK(status)) { - TALLOC_FREE(c); - return status; - } - - return NT_STATUS_OK; + return status; } static void shuffle_strlist(char **list, int count) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4809f4a6ee9 registry: check for running as root in clustering mode via fd19cae8d2f s3/lib/dbwrap: check if global_messaging_context() succeeded from 1ce08f72a9e testsuite: Fix build with gcc >= 11.1.1 https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4809f4a6ee971bcd9767839c729b636b7582fc02 Author: Ralph Boehme Date: Sat Aug 7 10:52:28 2021 + registry: check for running as root in clustering mode BUG: https://bugzilla.samba.org/show_bug.cgi?id=14787 RN: net conf list crashes when run as normal user Signed-off-by: Ralph Boehme Reviewed-by: Andreas Schneider Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Tue Aug 17 11:23:15 UTC 2021 on sn-devel-184 commit fd19cae8d2f21977d8285efd3f29e2b480d241e9 Author: Ralph Boehme Date: Sat Aug 7 10:51:38 2021 + s3/lib/dbwrap: check if global_messaging_context() succeeded The subsequent messaging_ctdb_connection() will fail an assert if messaging is not up and running, maybe it's a bit better to add a check if global_messaging_context() actually succeeded. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14787 Signed-off-by: Ralph Boehme Reviewed-by: Andreas Schneider --- Summary of changes: source3/lib/dbwrap/dbwrap_open.c | 4 source3/registry/reg_backend_db.c | 9 + 2 files changed, 13 insertions(+) Changeset truncated at 500 lines: diff --git a/source3/lib/dbwrap/dbwrap_open.c b/source3/lib/dbwrap/dbwrap_open.c index 1d8c40af75e..52c8a94aeff 100644 --- a/source3/lib/dbwrap/dbwrap_open.c +++ b/source3/lib/dbwrap/dbwrap_open.c @@ -149,6 +149,10 @@ struct db_context *db_open(TALLOC_CTX *mem_ctx, * to be initialized. */ msg_ctx = global_messaging_context(); + if (msg_ctx == NULL) { + DBG_ERR("Failed to initialize messaging\n"); + return NULL; + } conn = messaging_ctdb_connection(); if (conn == NULL) { diff --git a/source3/registry/reg_backend_db.c b/source3/registry/reg_backend_db.c index c870dc57ed6..423b310fe8a 100644 --- a/source3/registry/reg_backend_db.c +++ b/source3/registry/reg_backend_db.c @@ -733,6 +733,15 @@ WERROR regdb_init(void) return WERR_OK; } +/* + * Clustered Samba can only work as root because we need messaging to + * talk to ctdb which only works as root. + */ +if (lp_clustering() && geteuid() != 0) { +DBG_ERR("Cluster mode requires running as root.\n"); + return WERR_ACCESS_DENIED; +} + db_path = state_path(talloc_tos(), "registry.tdb"); if (db_path == NULL) { return WERR_NOT_ENOUGH_MEMORY; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1641e6c528e libreplace: remove now unused USE_COPY_FILE_RANGE define via c25f72f4018 vfs_default: detect EOPNOTSUPP and ENOSYS errors from copy_file_range() from 25941a1f972 s3:winbindd: Pass the right variable to the debug message https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1641e6c528e027dbfff96a834b94a8654a03a168 Author: Ralph Boehme Date: Thu Aug 12 18:31:40 2021 +0200 libreplace: remove now unused USE_COPY_FILE_RANGE define The only user was removed in the previous commit. We still need the preceeding checks however, based on that replace.c provides a copy_file_range() fallback. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14795 RN: copy_file_range() may fail with EOPNOTSUPP Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Aug 13 11:45:17 UTC 2021 on sn-devel-184 commit c25f72f401842a18cab1db2bab89deec78274d93 Author: Ralph Boehme Date: Thu Aug 12 18:23:21 2021 +0200 vfs_default: detect EOPNOTSUPP and ENOSYS errors from copy_file_range() When building in a RHEL 7 container on a RHEL 8 host, the current configure check will detect a working SYS_copy_file_range() syscall. Later when the resulting smbd binary is run in a RHEL 7 container on a RHEL 7 (vs 8 on the build host) host, SYS_copy_file_range() will fail with EOPNOTSUPP. Since the kernel support for copy_file_range() included a fallback in case filesystems didn't implement it, the caching of copy_file_range() support can be made a global via the static try_copy_file_range bool, there's no need to deal with per-fileystem behaviour differences. For the curious: SYS_copy_file_range() appeared in Linux 4.5, fallback code being vfs_copy_file_range() -> do_splice_direct(). On current kernels the fallback function is generic_copy_file_range() (which still calls do_splice_direct()) called from the filesystem backends directly or from vfs_copy_file_range() -> do_copy_file_range(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14795 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher --- Summary of changes: lib/replace/wscript | 2 -- source3/modules/vfs_default.c | 12 +--- 2 files changed, 9 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/replace/wscript b/lib/replace/wscript index 9c23d549dab..a734d478582 100644 --- a/lib/replace/wscript +++ b/lib/replace/wscript @@ -483,8 +483,6 @@ def configure(conf): headers='errno.h string.h stdio.h sys/syscall.h unistd.h sys/types.h sys/stat.h fcntl.h', execute=True, msg='Checking whether we have copy_file_range system call') -if conf.CONFIG_SET('HAVE_COPY_FILE_RANGE') or conf.CONFIG_SET('HAVE_SYSCALL_COPY_FILE_RANGE'): -conf.DEFINE('USE_COPY_FILE_RANGE', 1) conf.SET_TARGET_TYPE('attr', 'EMPTY') diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c index aa7dfe3192f..5701e37d5ec 100644 --- a/source3/modules/vfs_default.c +++ b/source3/modules/vfs_default.c @@ -2214,10 +2214,11 @@ static NTSTATUS vfswrap_offload_copy_file_range(struct tevent_req *req) NTSTATUS status; bool same_file; bool ok; + static bool try_copy_file_range = true; -#ifndef USE_COPY_FILE_RANGE - return NT_STATUS_MORE_PROCESSING_REQUIRED; -#endif + if (!try_copy_file_range) { + return NT_STATUS_MORE_PROCESSING_REQUIRED; + } same_file = file_id_equal(&state->src_fsp->file_id, &state->dst_fsp->file_id); @@ -2286,6 +2287,11 @@ static NTSTATUS vfswrap_offload_copy_file_range(struct tevent_req *req) (intmax_t)state->remaining, strerror(errno)); switch (errno) { + case EOPNOTSUPP: + case ENOSYS: + try_copy_file_range = false; + status = NT_STATUS_MORE_PROCESSING_REQUIRED; + break; case EXDEV: status = NT_STATUS_MORE_PROCESSING_REQUIRED; break; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c0135096807 s3: smbd: For FSCTL calls that go async, add the outstanding tevent_reqs to the aio list on the file handle. via 7e7ea761a37 s4: torture: Add test for smb2.ioctl.bug14769. via c551d33c6bd s3: smbd: Call smbd_fsctl_torture_async_sleep() when we get FSCTL_SMBTORTURE_FSP_ASYNC_SLEEP. via 0f4a8d26888 s3: smbd: Add smbd_fsctl_torture_async_sleep() server-side code. via 62cd95096a7 s3: libcli: Add FSCTL_SMBTORTURE_FSP_ASYNC_SLEEP. via 6b6770c2ba8 s3: smbd: Split out smb2_ioctl_smbtorture() into a separate file. from 4354823c514 libreplace: properly execute SYS_copy_file_range check https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c013509680742ff45b2f5965a5564015da7d466b Author: Jeremy Allison Date: Fri Aug 6 23:33:06 2021 -0700 s3: smbd: For FSCTL calls that go async, add the outstanding tevent_reqs to the aio list on the file handle. Remove knownfails. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769 RN: smbd panic on force-close share during offload write Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Aug 11 20:02:57 UTC 2021 on sn-devel-184 commit 7e7ea761a37f46f758582981bc40404ffd815513 Author: Jeremy Allison Date: Fri Aug 6 10:54:31 2021 -0700 s4: torture: Add test for smb2.ioctl.bug14769. Add knownfails. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit c551d33c6bd2e74ea3a36bec5575a70d6833b98a Author: Jeremy Allison Date: Thu Aug 5 16:07:09 2021 -0700 s3: smbd: Call smbd_fsctl_torture_async_sleep() when we get FSCTL_SMBTORTURE_FSP_ASYNC_SLEEP. Now all we need is the client-side test. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit 0f4a8d26888ec156979a00480ed9886dcac7d426 Author: Jeremy Allison Date: Thu Aug 5 16:04:38 2021 -0700 s3: smbd: Add smbd_fsctl_torture_async_sleep() server-side code. Commented out as not yet called. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit 62cd95096a76d5064b105c1b4971fa3eabd5f85d Author: Jeremy Allison Date: Thu Aug 5 11:01:44 2021 -0700 s3: libcli: Add FSCTL_SMBTORTURE_FSP_ASYNC_SLEEP. Prepare for async FSCTL tests on an fsp. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit 6b6770c2ba83bf25da31623443c19a8de34e5ba4 Author: Jeremy Allison Date: Thu Aug 5 13:14:16 2021 -0700 s3: smbd: Split out smb2_ioctl_smbtorture() into a separate file. We will be adding async supporting code to this, and we don't want to clutter up smb2_ioctl.c. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme --- Summary of changes: libcli/smb/smb_constants.h | 2 + selftest/knownfail | 1 + source3/smbd/smb2_ioctl.c| 83 +++-- source3/smbd/smb2_ioctl_private.h| 5 + source3/smbd/smb2_ioctl_smbtorture.c | 230 +++ source3/wscript_build| 1 + source4/torture/smb2/ioctl.c | 80 7 files changed, 334 insertions(+), 68 deletions(-) create mode 100644 source3/smbd/smb2_ioctl_smbtorture.c Changeset truncated at 500 lines: diff --git a/libcli/smb/smb_constants.h b/libcli/smb/smb_constants.h index a12086e602b..a043cbc883e 100644 --- a/libcli/smb/smb_constants.h +++ b/libcli/smb/smb_constants.h @@ -599,6 +599,8 @@ enum csc_policy { (FSCTL_SMBTORTURE | FSCTL_ACCESS_WRITE | 0x0010 | FSCTL_METHOD_NEITHER) #define FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8 \ (FSCTL_SMBTORTURE | FSCTL_ACCESS_WRITE | 0x0020 | FSCTL_METHOD_NEITHER) +#define FSCTL_SMBTORTURE_FSP_ASYNC_SLEEP \ + (FSCTL_SMBTORTURE | FSCTL_ACCESS_WRITE | 0x0040 | FSCTL_METHOD_NEITHER) /* * A few values from [MS-FSCC] 2.1.2.1 Reparse Tags diff --git a/selftest/knownfail b/selftest/knownfail index b2c09e73393..9f362c02b47 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -198,6 +198,7 @@ ^samba4.smb2.ioctl.req_two_resume_keys\(ad_dc_ntvfs\) # not supported by s4 ntvfs server ^samba4.smb2.ioctl.copy_chunk_\w*\(ad_dc_ntvfs\) # not supported by s4 ntvfs server ^samba4.smb2.ioctl.copy-chunk streams\(ad_dc_ntvfs\) # not supported by s4 ntvfs server +^samba4.smb2.ioctl.bug14769\(ad_dc_ntvfs\) # not supported by s4 ntvfs server ^s