Jule Anger [Tue, 13 Sep 2022 15:53:56 +0000 (17:53 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.17.0 release.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Tue, 13 Sep 2022 15:53:11 +0000 (17:53 +0200)]
WHATSNEW: Add release notes for Samba 4.17.0.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Tue, 6 Sep 2022 14:20:55 +0000 (16:20 +0200)]
VERSION: Bump version up to Samba 4.17.0rc6...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Tue, 6 Sep 2022 14:20:16 +0000 (16:20 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.17.0rc5 release.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Tue, 6 Sep 2022 14:19:46 +0000 (16:19 +0200)]
WHATSNEW: Add release notes for Samba 4.17.0rc5.
Signed-off-by: Jule Anger <janger@samba.org>
Stefan Metzmacher [Tue, 30 Aug 2022 18:45:50 +0000 (20:45 +0200)]
smbXsrv_client: notify a different node to drop a connection by client guid.
If a client disconnected all its interfaces and reconnects when
the come back, it will likely start from any ip address returned
dns, which means it can try to connect to a different ctdb node.
The old node may not have noticed the disconnect and still holds
the client_guid based smbd.
Up unil now the new node returned NT_STATUS_NOT_SUPPORTED to
the SMB2 Negotiate request, as messaging_send_iov[_from]() will
return -1/ENOSYS if a file descriptor os passed to a process on
a different node.
Now we tell the other node to teardown all client connections
belonging to the client-guid.
Note that this is not authenticated, but if an attacker can
capture the client-guid, he can also inject TCP resets anyway,
to get the same effect.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15159
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 2 20:59:15 UTC 2022 on sn-devel-184
(cherry picked from commit
8591d9424371e173b079d5c8a267ea4c2cb266ad)
Autobuild-User(v4-17-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-17-test): Tue Sep 6 10:27:58 UTC 2022 on sn-devel-184
Stefan Metzmacher [Tue, 30 Aug 2022 14:56:12 +0000 (16:56 +0200)]
smbXsrv_client: correctly check in negotiate_request.length smbXsrv_client_connection_pass[ed]_*
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15159
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
21ef01e7b8368caa050ed82b9d787d1679220b2b)
Stefan Metzmacher [Wed, 31 Aug 2022 12:04:10 +0000 (14:04 +0200)]
s3:tests: add test_smbXsrv_client_cross_node.sh
This demonstrates that a client-guid connected to ctdb node 0
caused a connection with the same client-guid to be rejected by
ctdb node 1. Node 1 rejects the SMB2 Negotiate with
NT_STATUS_NOT_SUPPORTED, because passing the multi-channel connection
to a different node is not supported.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15159
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
0efcfaa49c3d61f2c8116ebafd55b72d3277d0d8)
Stefan Metzmacher [Wed, 31 Aug 2022 11:55:19 +0000 (13:55 +0200)]
s3:tests: let test_smbXsrv_client_dead_rec.sh cleanup the correct files
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15159
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
3fd18a0d5b77a9f78c595852c342d4c8c33fac61)
Volker Lendecke [Fri, 2 Sep 2022 09:46:53 +0000 (11:46 +0200)]
smbd: Catch streams on non-stream shares
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15161
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Sep 2 15:56:56 UTC 2022 on sn-devel-184
(cherry picked from commit
3a37e4155c3cd82388652f89b611f2c46fee8525)
Autobuild-User(v4-17-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-17-test): Tue Sep 6 08:08:12 UTC 2022 on sn-devel-184
Ralph Boehme [Fri, 2 Sep 2022 10:09:53 +0000 (12:09 +0200)]
smbd: return NT_STATUS_OBJECT_NAME_INVALID if a share doesn't support streams
This is what a Windows server returns. Tested with a share residing on a FAT
formatted drive, a Windows filesystem that doesn't support streams.
Combinations tested:
file::$DATA
file:stream
file:stream:$DATA
All three fail with NT_STATUS_OBJECT_NAME_INVALID.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15161
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
201e1969bf31af07e8bd52876ff7f4d72b48a848)
Ralph Boehme [Thu, 1 Sep 2022 16:55:23 +0000 (18:55 +0200)]
smbtorture: add a test trying to create a stream on share without streams support
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15161
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
3dcdab86f13fabb7a8c6ce71c59a565287d11244)
Ralph Boehme [Sun, 14 Aug 2022 16:46:24 +0000 (18:46 +0200)]
smbd: implement access checks for SMB2-GETINFO as per MS-SMB2 3.3.5.20.1
The spec lists the following as requiring special access:
- for requiring FILE_READ_ATTRIBUTES:
FileBasicInformation
FileAllInformation
FileNetworkOpenInformation
FileAttributeTagInformation
- for requiring FILE_READ_EA:
FileFullEaInformation
All other infolevels are unrestricted.
We ignore the IPC related infolevels:
FilePipeInformation
FilePipeLocalInformation
FilePipeRemoteInformation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15153
RN: Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Aug 23 12:54:08 UTC 2022 on sn-devel-184
(cherry picked from commit
6d493a9d568c08cfe5242821ccbd5a5ee1fe5284)
Ralph Boehme [Fri, 19 Aug 2022 15:29:55 +0000 (17:29 +0200)]
smbtorture: check required access for SMB2-GETINFO
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15153
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
9b2d28157107602fcbe659664cf9ca25f08bb30b)
Ralph Boehme [Sun, 14 Aug 2022 16:51:30 +0000 (18:51 +0200)]
s4/libcli/smb2: avoid using smb2_composite_setpathinfo() in smb2_util_setatr()
smb2_composite_setpathinfo() uses SEC_FLAG_MAXIMUM_ALLOWED which can
have unwanted side effects like breaking oplocks if the effective access
includes [READ|WRITE]_DATA.
For changing the DOS attributes we only need SEC_FILE_WRITE_ATTRIBUTE. With this
change test_smb2_oplock_batch25() doesn't trigger an oplock break anymore.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15153
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
66e40690bdd41800a01333ce4243bd62ee2b1894)
Joseph Sutton [Thu, 25 Aug 2022 04:58:06 +0000 (16:58 +1200)]
WHATSNEW: Document new Protected Users group
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 5 Sep 2022 12:26:06 +0000 (14:26 +0200)]
WHATSNEW: add more added/updated parameters
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Stefan Metzmacher [Mon, 5 Sep 2022 12:20:46 +0000 (14:20 +0200)]
WHATSNEW: Make MIT Kerberos 1.20 updates clearer
Make it clearer what also applies to Heimdal and what not.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Noel Power [Wed, 31 Aug 2022 11:27:53 +0000 (12:27 +0100)]
s3/winbindd: Fix bad access to sid array (with debug level >= info)
==6436== at 0xA85F95B: dom_sid_string_buf (dom_sid.c:444)
==6436== by 0xA85FBF2: dom_sid_str_buf (dom_sid.c:515)
==6436== by 0x17EDF8: wb_lookupusergroups_recv (wb_lookupusergroups.c:115)
==6436== by 0x17F964: wb_gettoken_gotgroups (wb_gettoken.c:123)
==6436== by 0x56AD332: _tevent_req_notify_callback (tevent_req.c:141)
==6436== by 0x56AD493: tevent_req_finish (tevent_req.c:193)
==6436== by 0x56AD5C0: tevent_req_trigger (tevent_req.c:250)
==6436== by 0x56AC119: tevent_common_invoke_immediate_handler (tevent_immediate.c:190)
==6436== by 0x56AC268: tevent_common_loop_immediate (tevent_immediate.c:236)
==6436== by 0x56B678A: epoll_event_loop_once (tevent_epoll.c:919)
==6436== by 0x56B31C3: std_event_loop_once (tevent_standard.c:110)
==6436== by 0x56AA621: _tevent_loop_once (tevent.c:825)
==6436==
==6436== Invalid read of size 1
==6436== at 0xA85F95B: dom_sid_string_buf (dom_sid.c:444)
==6436== by 0xA85FBF2: dom_sid_str_buf (dom_sid.c:515)
==6436== by 0x17EDF8: wb_lookupusergroups_recv (wb_lookupusergroups.c:115)
==6436== by 0x17F964: wb_gettoken_gotgroups (wb_gettoken.c:123)
==6436== by 0x56AD332: _tevent_req_notify_callback (tevent_req.c:141)
==6436== by 0x56AD493: tevent_req_finish (tevent_req.c:193)
==6436== by 0x56AD5C0: tevent_req_trigger (tevent_req.c:250)
==6436== by 0x56AC119: tevent_common_invoke_immediate_handler (tevent_immediate.c:190)
==6436== by 0x56AC268: tevent_common_loop_immediate (tevent_immediate.c:236)
==6436== by 0x56B678A: epoll_event_loop_once (tevent_epoll.c:919)
==6436== by 0x56B31C3: std_event_loop_once (tevent_standard.c:110)
==6436== by 0x56AA621: _tevent_loop_once (tevent.c:825)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15160
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Aug 31 15:07:31 UTC 2022 on sn-devel-184
(cherry picked from commit
1788b59bc0aaa8f18186ad9b9945fbd634f02445)
Autobuild-User(v4-17-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-17-test): Sat Sep 3 08:18:15 UTC 2022 on sn-devel-184
Jule Anger [Tue, 30 Aug 2022 15:03:48 +0000 (17:03 +0200)]
VERSION: Bump version up to Samba 4.17.0rc4...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Tue, 30 Aug 2022 15:03:19 +0000 (17:03 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.17.0rc4 release.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Tue, 30 Aug 2022 15:02:40 +0000 (17:02 +0200)]
WHATSNEW: Add release notes for Samba 4.17.0rc4.
Signed-off-by: Jule Anger <janger@samba.org>
Anoop C S [Wed, 24 Aug 2022 09:31:31 +0000 (15:01 +0530)]
vfs_glusterfs: Implement SMB_VFS_FSTATAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 26 17:33:15 UTC 2022 on sn-devel-184
(cherry picked from commit
b7c460b902800c0156385b2edb82efb07f561c51)
Autobuild-User(v4-17-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-17-test): Tue Aug 30 10:45:43 UTC 2022 on sn-devel-184
Anoop C S [Fri, 19 Aug 2022 06:46:08 +0000 (12:16 +0530)]
vfs_glusterfs: Use glfs_fgetxattr() for SMB_VFS_GET_REAL_FILENAME_AT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
65f4c4e31e4cc60eb9ebca3858275a29f43d5e12)
Anoop C S [Fri, 19 Aug 2022 07:38:42 +0000 (13:08 +0530)]
vfs_glusterfs: Use glfs_readlinkat() for SMB_VFS_READ_DFS_PATHAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
55548d7405ceca1d20e788a459e685c56f2ff139)
Anoop C S [Fri, 19 Aug 2022 07:21:16 +0000 (12:51 +0530)]
vfs_glusterfs: Use glfs_symlinkat() for SMB_VFS_CREATE_DFS_PATHAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
310a908098b4ff3130a61594c15e91d5e561f357)
Anoop C S [Fri, 19 Aug 2022 06:45:10 +0000 (12:15 +0530)]
vfs_glusterfs: Use glfs_mknodat() for SMB_VFS_MKNODAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
a4235200383fa4dc2f376ce042ed067a45f105d5)
Anoop C S [Fri, 19 Aug 2022 06:44:29 +0000 (12:14 +0530)]
vfs_glusterfs: Use glfs_linkat() for SMB_VFS_LINKAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
21654af5a5a062d831f7cb1efec1f1b1eb333bd2)
Anoop C S [Fri, 19 Aug 2022 06:43:33 +0000 (12:13 +0530)]
vfs_glusterfs: Use glfs_readlinkat() for SMB_VFS_READLINKAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
58b6cdabc0c3d788b407d3bfa46570311e910180)
Anoop C S [Fri, 19 Aug 2022 06:42:43 +0000 (12:12 +0530)]
vfs_glusterfs: Use glfs_symlinkat() for SMB_VFS_SYMLINKAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
b2746eb5fa64e0ec58e99eed5be10c98ea4e1c1e)
Anoop C S [Fri, 19 Aug 2022 06:41:54 +0000 (12:11 +0530)]
vfs_glusterfs: Use glfs_unlinkat() for SMB_VFS_UNLINKAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
2fa71202ab347fd057bb9b42740e57344e2679e1)
Anoop C S [Fri, 19 Aug 2022 06:41:02 +0000 (12:11 +0530)]
vfs_glusterfs: Use glfs_renameat() for SMB_VFS_RENAMEAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
2b721ff22be04cea90086dde2a50f4287d075326)
Anoop C S [Fri, 19 Aug 2022 06:40:16 +0000 (12:10 +0530)]
vfs_glusterfs: Use glfs_mkdirat() for SMB_VFS_MKDIRAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
56c4aab11190b8d48a5b92babea7fc7e78b54b4e)
Anoop C S [Fri, 19 Aug 2022 06:37:08 +0000 (12:07 +0530)]
vfs_glusterfs: Use glfs_openat() for SMB_VFS_OPENAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
184a9913241acd4f69128ced3370d3bf49b95f3b)
Anoop C S [Fri, 19 Aug 2022 06:47:33 +0000 (12:17 +0530)]
source3/wscript: Detect glusterfs-api with *at() calls support
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
3425fa0daf9e32d09c7716692cdfdffdc09856d7)
Anoop C S [Fri, 19 Aug 2022 06:28:34 +0000 (11:58 +0530)]
vfs_glusterfs: Accept fsp with const qualifier
This is in preparation to avoid any `const` qualifier being discarded
warning with future changes to various *_at() calls which has `const
file_struct` arguments.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
5f51fa9c07e194bcc3c4f39a1bfc2e01139c917b)
Jule Anger [Tue, 23 Aug 2022 14:43:44 +0000 (16:43 +0200)]
VERSION: Bump version up to Samba 4.17.0rc4...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Tue, 23 Aug 2022 14:43:12 +0000 (16:43 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.17.0rc3 release.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Tue, 23 Aug 2022 14:42:35 +0000 (16:42 +0200)]
WHATSNEW: Add release notes for Samba 4.17.0rc3.
Signed-off-by: Jule Anger <janger@samba.org>
Ralph Boehme [Sun, 14 Aug 2022 14:39:37 +0000 (16:39 +0200)]
smbd: directly pass fsp to SMB_VFS_FGETXATTR() in fget_ea_dos_attribute()
We're now consistently passing the base_fsp to SMB_VFS_FSET_DOS_ATTRIBUTES(), so
we don't need to check for a stream_fsp here anymore.
Additionally vfs_default will assert a non-stream fsp inside
vfswrap_fgetxattr(), so in case any caller wrongly passes a stream fsp, this is
caught in vfs_default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
968a5ae89f0d0da219e7dd05dd1f7f7c96dbb910)
Autobuild-User(v4-17-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-17-test): Tue Aug 23 14:26:49 UTC 2022 on sn-devel-184
Ralph Boehme [Thu, 11 Aug 2022 15:18:13 +0000 (17:18 +0200)]
smbd: add and use vfs_fget_dos_attributes()
Commit
d71ef1365cdde47aeb3465699181656b0655fa04 caused a regression where the
creation date on streams wasn't updated anymore on the stream fsp.
By adding a simple wrapper vfs_fget_dos_attributes() that takes care of
- passing only the base_fsp to the VFS, so the VFS can be completely agnostic of
all the streams related complexity like fake fds,
- propagating any updated btime from the base_fsp->fsp_name to the
stream_fsp->fsp_name
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
3f7d8db9945a325020e4d1574289dea9e8331c29)
Ralph Boehme [Sat, 13 Aug 2022 14:13:07 +0000 (16:13 +0200)]
smbtorture: add test smb2.stream.attributes2
Specifically torture the creation date is the same for the file and its streams.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
e74b10e17ee5df0f77ac5349242841be8d71c4e8)
Ralph Boehme [Sat, 13 Aug 2022 15:04:50 +0000 (17:04 +0200)]
smbtorture: rename smb2.streams.attributes to smb2.streams.attributes1
A subsequent commit adds another streams test named "attributes2", this change
avoids matching the new testname with the existing knownfail entries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
b5848d391be4f7633745d9c36e432ac8b1c9dba2)
Ralph Boehme [Wed, 27 Jul 2022 16:40:21 +0000 (18:40 +0200)]
vfs_default: assert all passed in fsp's and names are non-stream type
Enforce fsp is a non-stream one in as many VFS operations as possible in
vfs_default. We really need an assert here instead of returning an error, as
otherwise he can have very hard to diagnose bugs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Aug 10 16:32:35 UTC 2022 on sn-devel-184
(cherry picked from commit
fc45fcfde51b0b0bdcd524c82a0f9eabf7273045)
Ralph Boehme [Fri, 29 Jul 2022 05:07:25 +0000 (07:07 +0200)]
vfs_streams_xattr: restrict which fcntl's are allowed on streams
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
51243e3849736acbbf1d8f52cc02cdec5995fde4)
Ralph Boehme [Wed, 27 Jul 2022 13:58:37 +0000 (15:58 +0200)]
smbd: skip access checks for stat-opens on streams in open_file()
For streams, access is already checked in create_file_unixpath() by
check_base_file_access().
We already skip the access check in this function when doing an IO open of a
file, see above in open_file(), also skip it for "stat opens".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
f0299abf1b28a14518328710d9f84bef17fd2ecf)
Ralph Boehme [Wed, 27 Jul 2022 17:05:26 +0000 (19:05 +0200)]
smbd: use metadata_fsp() in get_acl_group_bits()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
06555c6bcb5644fc9eea35b3cbae8d8801c65ab6)
Ralph Boehme [Fri, 29 Jul 2022 12:56:41 +0000 (14:56 +0200)]
smbd: ignore request to set the SPARSE attribute on streams
As per MS-FSA 2.1.1.5 this is a per stream attribute, but our backends don't
support it in a consistent way, therefor just pretend success and ignore the
request.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
3af8f8e8741cc8c889bbf416ccd38a1b702917ec)
Ralph Boehme [Fri, 29 Jul 2022 12:56:21 +0000 (14:56 +0200)]
smbd: use metadata_fsp() with SMB_VFS_FSET_DOS_ATTRIBUTES()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
55e55804bb2d0f21c1bbe207257bb40555f3b7a2)
Ralph Boehme [Fri, 29 Jul 2022 12:55:08 +0000 (14:55 +0200)]
smbd: use metadata_fsp() with SMB_VFS_FGET_DOS_ATTRIBUTES()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
03b9ce84736d536ab2dd8a5ce1a2656e6a90c8c8)
Ralph Boehme [Fri, 29 Jul 2022 12:54:07 +0000 (14:54 +0200)]
smbd: use metadata_fsp() with SMB_VFS_FSET_NT_ACL()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
4ab29e2a345b48ebba652d5154e96adf954a6757)
Ralph Boehme [Fri, 29 Jul 2022 12:49:56 +0000 (14:49 +0200)]
smbd: use metadata_fsp() with SMB_VFS_FGET_NT_ACL()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
c949e4b2a42423ac3851e86e489fd0c5d46d7f1f)
Ralph Boehme [Wed, 27 Jul 2022 11:37:32 +0000 (13:37 +0200)]
CI: add a test trying to delete a stream on a pathref ("stat open") handle
When using vfs_streams_xattr, for a pathref handle of a stream the system fd
will be a fake fd created by pipe() in vfs_fake_fd().
For the following callchain we wrongly pass a stream fsp to
SMB_VFS_FGET_NT_ACL():
SMB_VFS_CREATE_FILE(..., "file:stream", ...)
=> open_file():
if (open_fd):
-> taking the else branch:
-> smbd_check_access_rights_fsp(stream_fsp)
-> SMB_VFS_FGET_NT_ACL(stream_fsp)
This is obviously wrong and can lead to strange permission errors when using
vfs_acl_xattr:
in vfs_acl_xattr we will try to read the stored ACL by calling
fgetxattr(fake-fd) which of course faild with EBADF. Now unfortunately the
vfs_acl_xattr code ignores the specific error and handles this as if there was
no ACL stored and subsequently runs the code to synthesize a default ACL
according to the setting of "acl:default acl style".
As the correct access check for streams has already been carried out by calling
check_base_file_access() from create_file_unixpath(), the above problem is not
a security issue: it can only lead to "decreased" permissions resulting in
unexpected ACCESS_DENIED errors.
The fix is obviously going to be calling
smbd_check_access_rights_fsp(stream_fsp->base_fsp).
This test verifies that deleting a file works when the stored NT ACL grants
DELETE_FILE while the basic POSIX permissions (used in the acl_xattr fallback
code) do not.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
23bc760ec5d61208c2d8778991e3d7e202eab352)
Ralph Boehme [Wed, 27 Jul 2022 10:47:21 +0000 (12:47 +0200)]
vfs_xattr_tdb: add "xattr_tdb:ignore_user_xattr" option
Allows passing on "user." xattr to the backend. This can be useful for testing
specific aspects of operation on streams when "streams_xattr" is configured as
stream filesystem backend.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
92e0045d7ca7c0b94efd0244ba0e426cad0a05b6)
Ralph Boehme [Wed, 27 Jul 2022 09:59:54 +0000 (11:59 +0200)]
vfs_xattr_tdb: add a module config
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
451ad315a9bf32c627e1966ec30185542701c87e)
Ralph Boehme [Wed, 27 Jul 2022 10:43:01 +0000 (12:43 +0200)]
vfs_xattr_tdb: move close_xattr_db()
This just makes the diff of the next commit smaller and easier to digest.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
b26dc252aaf3f4b960bdfdb6a3dfe612b89fcdd5)
Ralph Boehme [Wed, 27 Jul 2022 14:04:24 +0000 (16:04 +0200)]
smdb: use fsp_is_alternate_stream() in open_file()
No change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
0d3995cec10c5fae8c8b6a1df312062e38437e6f)
Andreas Schneider [Wed, 10 Aug 2022 11:55:48 +0000 (13:55 +0200)]
waf: Fix SO version number of libsamba-errors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15141
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
563a2c8d7296e77ae12de1c5a1a3797e72294068)
Autobuild-User(v4-17-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-17-test): Tue Aug 23 10:31:11 UTC 2022 on sn-devel-184
Christian Ambach [Wed, 17 Aug 2022 11:17:29 +0000 (13:17 +0200)]
WHATSNEW: document new volume serial number smb.conf parameter
Signed-off-by: Christian Ambach <ambi@samba.org>
Autobuild-User(v4-17-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-17-test): Tue Aug 23 08:57:28 UTC 2022 on sn-devel-184
Stefan Metzmacher [Mon, 15 Aug 2022 07:56:15 +0000 (09:56 +0200)]
s3:smbd: let delay_for_oplock_fn() only call leases_db_get() once
get_lease_type() will just call leases_db_get() again for leases,
so only call it for oplocks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 19 19:39:18 UTC 2022 on sn-devel-184
(cherry picked from commit
d4f18f99d3a40a8df00beb006e2731959aa6fad9)
Stefan Metzmacher [Mon, 15 Aug 2022 07:45:43 +0000 (09:45 +0200)]
s3:smbd: lease_match_break_fn() only needs leases_db_get() once
get_lease_type() will just call leases_db_get() again...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
60ae7a5a2ed9a03d8693b9b455b7b3696386aeb1)
Stefan Metzmacher [Thu, 18 Aug 2022 10:52:54 +0000 (12:52 +0200)]
s3:smbd: inline fsp_lease_type_is_exclusive() logic into contend_level2_oplocks_begin_default
SMB2_LEASE_WRITE is the indication for an exclusive lease,
the fact that a SMB2_LEASE_WRITE can't exists without
SMB2_LEASE_READ is not important here.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
76da56aa65bb9fe7f2f8c4a2e30e278a61db1ff5)
Stefan Metzmacher [Thu, 18 Aug 2022 12:14:20 +0000 (14:14 +0200)]
s3:locking: move get_existing_share_mode_lock() to share_mode_lock.[ch]
This should be where get_share_mode_lock() is located.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
bf8f2258497f7d2a5a5f8d1cacf1a30899ed455c)
Stefan Metzmacher [Wed, 10 Aug 2022 08:27:15 +0000 (08:27 +0000)]
s3:locking: pass lease_key explicitly to set_share_mode()
We should avoid accessing fsp->lease if possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
8b3b316680221487f84a7cfe14f52e8ffd64ba85)
Stefan Metzmacher [Fri, 19 Aug 2022 15:17:41 +0000 (15:17 +0000)]
s3:smbd: only run validate_oplock_types() with smbd:validate_oplock_types = yes
This is really expensive as share_mode_forall_entries() is currently
doing a talloc_memdup() of the whole record...
This is mainly used to avoid regressions, so only
use smbd:validate_oplock_types = yes in make test,
but skip it for production.
This improves the following test:
time smbtorture //127.0.0.1/m -Uroot%test \
smb2.create.bench-path-contention-shared \
--option='torture:bench_path=file.dat' \
--option="torture:timelimit=60" \
--option="torture:nprocs=256" \
--option="torture:qdepth=1"
From:
open[num/s=8852,avslat=0.014999,minlat=0.000042,maxlat=0.054600]
close[num/s=8850,avslat=0.014136,minlat=0.000025,maxlat=0.054537]
to:
open[num/s=11377,avslat=0.012075,minlat=0.000041,maxlat=0.054107]
close[num/s=11375,avslat=0.010594,minlat=0.000023,maxlat=0.053620]
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
0fbca175ae4763d82f8a414ee3d6354c95d5294e)
Stefan Metzmacher [Thu, 18 Aug 2022 15:32:43 +0000 (17:32 +0200)]
s3:g_lock: avoid useless talloc_array(0) in g_lock_dump()
In the common case we don't have any shared lock holders,
so there's no need to allocate memory for the empty array.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
c75de325710c0fbbd50a0acd3af55404165440d6)
Stefan Metzmacher [Thu, 18 Aug 2022 15:52:33 +0000 (17:52 +0200)]
s3:g_lock: add some const to the shared array passed via g_lock_dump*()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
bb3dddcdf11e6c2f5319d64bf2ef20636d0ed82f)
Stefan Metzmacher [Thu, 18 Aug 2022 14:06:02 +0000 (16:06 +0200)]
lib/util: add unlikely() to SMB_ASSERT()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
bf1dd1a188c096093bedc628a14bb037e3209630)
Jeremy Allison [Wed, 17 Aug 2022 18:43:47 +0000 (11:43 -0700)]
s3: smbd: Plumb close_type parameter through close_file_in_loop(), file_close_conn()
Allows close_file_in_loop() to differentiate between SHUTDOWN_CLOSE
(previously it only used this close type) and ERROR_CLOSE - called
on error from smbXsrv_tcon_disconnect() in the error path. In that
case we want to close the fd, but not run any delete-on-close actions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15128
Signed-off-by: Jeremy Allison <jra@samba.org>
Reivewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Thu Aug 18 14:10:18 UTC 2022 on sn-devel-184
(cherry picked from commit
cf5f7b1489930f6d64c3e3512f116ccf286d4605)
Jeremy Allison [Wed, 17 Aug 2022 18:39:36 +0000 (11:39 -0700)]
s3: smbd: Add "enum file_close_type close_type" parameter to file_close_conn().
Not yet used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15128
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit
7005a6354df5522d9f665fb30052c458dfc93124)
Jeremy Allison [Wed, 17 Aug 2022 18:35:29 +0000 (11:35 -0700)]
s3: smbd: Add "enum file_close_type close_type" parameter to close_cnum().
Not yet used, but needed so we can differentiate between
SHUTDOWN_CLOSE and ERROR_CLOSE in smbXsrv_tcon_disconnect()
if we fail to chdir. In that case we want to close the fd,
but not run any delete-on-close actions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15128
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit
9203d17106c0e55a30813ff1ed76869c7581a343)
Jeremy Allison [Fri, 22 Jul 2022 15:28:03 +0000 (16:28 +0100)]
s3/smbd: Use after free when iterating smbd_server_connection->connections
Change conn_free() to just use a destructor. We now
catch any other places where we may have forgetten to
call conn_free() - it's implicit on talloc_free(conn).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15128
Based on code from Noel Power <noel.power@suse.com>.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed Aug 17 09:54:06 UTC 2022 on sn-devel-184
(cherry picked from commit
f92bacbe216d2d74ea3ccf3fe0df5c1cc9860996)
Jeremy Allison [Tue, 16 Aug 2022 20:51:27 +0000 (13:51 -0700)]
s3/smbd: Use after free when iterating smbd_server_connection->connections
In SMB2 smbd_smb2_tree_connect() we create a new conn struct
inside make_connection_smb2() then move the ownership to tcon using:
tcon->compat = talloc_move(tcon, &compat_conn);
so the lifetime of tcon->compat is tied directly to tcon.
Inside smbXsrv_tcon_disconnect() we have:
908 ok = chdir_current_service(tcon->compat);
909 if (!ok) {
910 status = NT_STATUS_INTERNAL_ERROR;
911 DEBUG(0, ("smbXsrv_tcon_disconnect(0x%08x, '%s'): "
912 "chdir_current_service() failed: %s\n",
913 tcon->global->tcon_global_id,
914 tcon->global->share_name,
915 nt_errstr(status)));
916 tcon->compat = NULL;
917 return status;
918 }
919
920 close_cnum(tcon->compat, vuid);
921 tcon->compat = NULL;
If chdir_current_service(tcon->compat) fails, we return status without ever having
called close_cnum(tcon->compat, vuid), leaving the conn pointer left in the linked
list sconn->connections.
The caller frees tcon and (by ownership) tcon->compat, still leaving the
freed tcon->compat pointer on the sconn->connections linked list.
When deadtime_fn() fires and walks the sconn->connections list it
indirects this freed pointer. We must call close_cnum() on error also.
Valgrind trace from Noel Power <noel.power@suse.com> is:
==6432== Invalid read of size 8
==6432== at 0x52CED3A: conn_lastused_update (conn_idle.c:38)
==6432== by 0x52CEDB1: conn_idle_all (conn_idle.c:54)
==6432== by 0x5329971: deadtime_fn (smb2_process.c:1566)
==6432== by 0x5DA2339: smbd_idle_event_handler (util_event.c:45)
==6432== by 0x685F2F8: tevent_common_invoke_timer_handler (tevent_timed.c:376)
==6432== Address 0x19074b88 is 232 bytes inside a block of size 328 free'd
==6432== at 0x4C3451B: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==6432== by 0x5B38521: _tc_free_internal (talloc.c:1222)
==6432== by 0x5B39463: _tc_free_children_internal (talloc.c:1669)
==6432== by 0x5B38404: _tc_free_internal (talloc.c:1184)
==6432== by 0x5B39463: _tc_free_children_internal (talloc.c:1669)
==6432== by 0x5B38404: _tc_free_internal (talloc.c:1184)
==6432== by 0x5B39463: _tc_free_children_internal (talloc.c:1669)
==6432== by 0x5B38404: _tc_free_internal (talloc.c:1184)
==6432== by 0x5B39463: _tc_free_children_internal (talloc.c:1669)
==6432== by 0x5B38404: _tc_free_internal (talloc.c:1184)
==6432== by 0x5B385C5: _talloc_free_internal (talloc.c:1248)
==6432== by 0x5B3988D: _talloc_free (talloc.c:1792)
==6432== by 0x5349B22: smbd_smb2_flush_send_queue (smb2_server.c:4828)
==6432== Block was alloc'd at
==6432== at 0x4C332EF: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==6432== by 0x5B378D9: __talloc_with_prefix (talloc.c:783)
==6432== by 0x5B37A73: __talloc (talloc.c:825)
==6432== by 0x5B37E0C: _talloc_named_const (talloc.c:982)
==6432== by 0x5B3A8ED: _talloc_zero (talloc.c:2421)
==6432== by 0x539873A: conn_new (conn.c:70)
==6432== by 0x532D692: make_connection_smb2 (smb2_service.c:909)
==6432== by 0x5352B5E: smbd_smb2_tree_connect (smb2_tcon.c:344)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15128
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit
0bdfb5a5e60df214c088df0782c4a1bcc2a4944a)
Christian Ambach [Mon, 15 Aug 2022 21:30:23 +0000 (23:30 +0200)]
s3:utils remove documentation of -l as alias for --long
This was removed in
94fc9ca4c506468ab1907d501c0964d67b9d963c, so remove it from
the usage output and manpage.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15145
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Aug 17 07:14:21 UTC 2022 on sn-devel-184
(cherry picked from commit
123f1c07c41b40de6a9d53599d3d9a42f1a5e92b)
Stefan Metzmacher [Mon, 15 Aug 2022 20:45:17 +0000 (22:45 +0200)]
s3:smbd: only clear LEASE_READ if there's no read lease is left
If contend_level2_oplocks_begin_default() skips break it's
own lease, we should not clear SHARE_MODE_LEASE_READ
in share_mode_data->flags.
Otherwise that lease won't see any lease break notifications
for writes from other clients (file handles not using the same lease
key).
So we need to count the number existing read leases (including
the one with the same lease key) in order to know it's
safe to clear SMB2_LEASE_READ/SHARE_MODE_LEASE_READ.
Otherwise the next run (likely from another client)
will get the wrong result from file_has_read_lease().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15148
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 18 19:41:33 UTC 2022 on sn-devel-184
(cherry picked from commit
96e2a82760ea06a89b7387b5cd3e864732afded3)
Stefan Metzmacher [Wed, 17 Aug 2022 15:07:08 +0000 (17:07 +0200)]
s4:torture/smb2: add smb2.lease.v[1,2]_bug_15148
This demonstrates the bug that happens with a
write to a file handle holding an R lease,
while there are other openers without any lease.
When one of the other openers writes to the file,
the R lease of the only lease holder isn't broken to NONE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15148
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
9e5ff607eb1b9c45c8836d3cff9d51b418740b87)
Stefan Metzmacher [Mon, 15 Aug 2022 08:49:13 +0000 (10:49 +0200)]
s3:smbd: share_mode_flags_set() takes SMB2_LEASE_* values
We currently only ever pass SMB2_LEASE_READ and both
have the same value of 0x1, so for now it's only cosmetic,
but that will change soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15148
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
7592aad4d7a84d0ac66a156a22af3ad77803e55c)
Joseph Sutton [Mon, 22 Aug 2022 04:56:46 +0000 (16:56 +1200)]
libcli/smb: Set error status if 'iov' pointer is NULL
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15152
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Aug 22 09:03:29 UTC 2022 on sn-devel-184
(cherry picked from commit
75e03ea021afa66842b6e0dea21072b1b8026d58)
Joseph Sutton [Mon, 22 Aug 2022 03:50:02 +0000 (15:50 +1200)]
libcli/smb: Ensure we call tevent_req_nterror() on failure
Commit
3594c3ae202688fd8aae5f7f5e20464cb23feea9 added a NULL check for
'inhdr', but it meant we didn't always call tevent_req_nterror() when we
should.
Now we handle connection errors. We now also set an error status if the
NULL check fails.
I noticed this when an ECONNRESET error from a server refusing SMB1
wasn't handled, and the client subsequently hung in epoll_wait().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15152
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
40d4912d841e6bcd7cd37810ef101d5f89268ee7)
Jule Anger [Tue, 16 Aug 2022 20:11:15 +0000 (22:11 +0200)]
VERSION: Bump version up to Samba 4.17.0rc3...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Tue, 16 Aug 2022 20:10:35 +0000 (22:10 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.17.0rc2 release.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Tue, 16 Aug 2022 20:09:30 +0000 (22:09 +0200)]
WHATSNEW: Add release notes for Samba 4.17.0rc2.
Signed-off-by: Jule Anger <janger@samba.org>
Stefan Metzmacher [Tue, 16 Aug 2022 12:17:50 +0000 (14:17 +0200)]
WHATSNEW: SMB Server performance improvements
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(v4-17-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-17-test): Tue Aug 16 19:37:17 UTC 2022 on sn-devel-184
Stefan Metzmacher [Tue, 16 Aug 2022 07:35:16 +0000 (09:35 +0200)]
s3:vfs.h: add comment about VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
5adf051228b56c05fe1205e7a865a497b58e81d9)
Jeremy Allison [Thu, 11 Aug 2022 17:03:58 +0000 (10:03 -0700)]
s3: smbd: Add IS_VETO_PATH checks to openat_pathref_fsp_case_insensitive().
Returns NT_STATUS_OBJECT_NAME_NOT_FOUND for final component.
Note we have to call the check before each call to
openat_pathref_fsp(), as each call may be using a
different filesystem name. The first name is the
one passed into openat_pathref_fsp_case_insensitive()
by the caller, the second one is a name retrieved from
get_real_filename_cache_key(), and the third one is the name
retrieved from get_real_filename_at(). The last two
calls may have demangled the client given name into
a veto'ed path on the filesystem.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15143
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Aug 16 08:26:54 UTC 2022 on sn-devel-184
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit
1654eae11b9c13308b2b78f70309eb3a56960619)
Jeremy Allison [Thu, 11 Aug 2022 16:55:56 +0000 (09:55 -0700)]
s3: smbd: Add IS_VETO_PATH check to openat_pathref_dirfsp_nosymlink().
Returns NT_STATUS_OBJECT_PATH_NOT_FOUND for directory component.
Note IS_VETO_PATH only looks at the last component, so we must
do it during the directory walk on each component.
Note, we also have to check after a call to get_real_filename_at()
as it may have demangled the client sent name into a filesystem
name that matches the "veto files" parameter.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15143
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit
1c293060204d96bf94427f91eb20eb9decc29a41)
Jeremy Allison [Thu, 11 Aug 2022 16:51:11 +0000 (09:51 -0700)]
s3: tests: Add samba3.blackbox.test_veto_files.
Shows we currently don't look at smb.conf veto files parameter
when opening a file or directory. Checks multi-component paths.
Also checks veto files that might be hidden behind a mangled
name.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15143
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit
c6933673222ea9ae2eb74d5586c9495269f51ea0)
Stefan Metzmacher [Fri, 12 Aug 2022 08:55:42 +0000 (10:55 +0200)]
selftest/Samba3: let nt4_dc* use vfs_default:VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS=no
We should always test the code path without openat2 being available,
even if the kernel supports it.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Aug 15 16:00:26 UTC 2022 on sn-devel-184
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit
076c22fbd7ecbf22dbfeb1711609f07fd42f88b0)
Volker Lendecke [Fri, 17 Jun 2022 15:41:52 +0000 (17:41 +0200)]
vfs_default: Use openat2(RESOLVE_NO_SYMLINKS) if available
This improves the following test:
time smbtorture //127.0.0.1/m -Uroot%test \
smb2.create.bench-path-contention-shared \
--option='torture:bench_path=Apps\1\2\3\4\5\6\7\8\9\10' \
--option="torture:timelimit=600" \
--option="torture:nprocs=1"
From:
open[num/s=14186,avslat=0.000044,minlat=0.000042,maxlat=0.000079]
close[num/s=14185,avslat=0.000027,minlat=0.000025,maxlat=0.000057]
to:
open[num/s=16917,avslat=0.000038,minlat=0.000035,maxlat=0.000340]
close[num/s=16916,avslat=0.000020,minlat=0.000019,maxlat=0.000104]
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit
4708ba2f013c5f5ea5aa5dcf4873c2b4a86fb8ff)
Stefan Metzmacher [Wed, 27 Jul 2022 18:43:14 +0000 (18:43 +0000)]
vfs_default: prepare O_PATH usage with openat2()
When O_PATH is specified in flags, flag bits other than O_CLOEXEC,
O_DIRECTORY, and O_NOFOLLOW are ignored.
In preparation to use openat2(), which gives an error instead of
ignoring flags, we better remove unexpected flags, callers typically
pass O_RDONLY and O_NONBLOCK.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit
8544f4490a0b5e54b807daedddb96778744b62ee)
Volker Lendecke [Thu, 14 Jul 2022 17:44:04 +0000 (19:44 +0200)]
s3:smbd: let openat_pathref_dirfsp_nosymlink() try VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS first
This will reduce the amount of syscalls and the related cost drastically
for long path names.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit
d6653067b20e61af1f05423764c8486a1a5445c8)
Stefan Metzmacher [Fri, 12 Aug 2022 17:12:44 +0000 (19:12 +0200)]
s3:smbd: let openat_pathref_dirfsp_nosymlink() handle ELOOP similar to ENOTDIR
This is no likely to happen as we use O_NOFOLLOW with O_DIRECTORY,
but it's better to be prepared...
This will be more important in the upcoming openat2(RESOLVE_NO_SYMLINK)
case, but we should be consitent...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit
35b99c87ef92df006f8b0a41bbea051f0faeadb9)
Stefan Metzmacher [Wed, 10 Aug 2022 20:01:10 +0000 (22:01 +0200)]
s3:smbd: let openat_pathref_dirfsp_nosymlink() do a verification loop against . and .. first
I guess we should catch NT_STATUS_OBJECT_NAME_INVALID first,
currently the check is already done in check_path_syntax*,
but we may remove it in future.
But the most important reason for this is the
openat2(RESOLVE_NO_SYMLINK) optimization, which will
be introduced in the following commits.
Review with: git show -w
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit
17484d069b92d08b0228fb509ea42ab4c3f496a8)
Volker Lendecke [Fri, 3 Jun 2022 14:45:41 +0000 (16:45 +0200)]
vfs: define VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS
This will allow us to make use of openat2(RESOLVE_NO_SYMLINKS) soon.
The caller should check if connection_struct.open_how_resolve contains
VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS before using it, this avoids waisting
cpu time. But even then the caller must be prepared to handle -1/ENOSYS.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit
f7dc27558329eea7d2c4d75ee101c7f9d3a7afe3)
Stefan Metzmacher [Fri, 12 Aug 2022 08:53:06 +0000 (10:53 +0200)]
lib/replace: let DISABLE_OPATH also undef __NR_openat2
The reason for DISABLE_OPATH is to simulate a non-linux
system, so we should not use openat2() either.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit
ae1a84f7313bdf4702492451714eacc78ee7745f)
Stefan Metzmacher [Mon, 8 Aug 2022 13:33:24 +0000 (15:33 +0200)]
lib/replace: add fallback defines for __NR_openat2
sys/syscall.h might be older than the runtime kernel.
If the kernel has support for openat2() we should
try to use if anyway.
The callers have to deal with ENOSYS anyway,
so there's no difference if we get that from syscall(__NR_openat2)
or directly from rep_openat2().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit
f7618dd31a9f8f6c0dbfdedd1a664eed25e2e449)
Stefan Metzmacher [Mon, 8 Aug 2022 13:25:39 +0000 (15:25 +0200)]
lib/replace: use syscall(__NR_openat2) if available
There's no glibc wrapper for openat2() yet, so we need
to use syscall(__NR_openat2) ourself.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit
b89001e9226ecb0f4e5c906f7195f0e53cd7d608)
Stefan Metzmacher [Mon, 8 Aug 2022 13:24:28 +0000 (15:24 +0200)]
lib/replace: always include <sys/syscall.h> in replace.c if available
It will be used for openat2() soon.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit
37ba6df174d73b82e951de401cba7f839ad61ab5)
Stefan Metzmacher [Mon, 8 Aug 2022 13:23:29 +0000 (15:23 +0200)]
lib/replace: add a replacement for openat2() that returns ENOSYS
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit
ce804b78164a3166a16ca3071028536761fd18d7)
Stefan Metzmacher [Mon, 8 Aug 2022 13:29:28 +0000 (15:29 +0200)]
vfs_btrfs: fix include order, includes.h or replace.h should be first
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit
2369d0833361faf4a125431e735fce7efb6024d6)