[SCM] Samba Shared Repository - branch v4-0-test updated
Karolin Seeger
kseeger at samba.org
Fri Nov 9 03:13:04 MST 2012
The branch, v4-0-test has been updated
via e3a35dc WHATSNEW: Update changes since rc4.
via 5ed2ca8 s3: Pass down smb_filename to smbacl4_fill_ace4
via 078b665 s3:nfs4acls filter away inheritance flags on files
via 16479fe s3:nfs4acls pass down fsp instead of just the filename
via ebded09 dsdb: Simplify DsCrackNameOneFilter a bit
via bc1a270 dsdb-cracknames: Return DRSUAPI_DS_NAME_STATUS_NO_MAPPING when there is no SID
via ae15743 dsdb-cracknames: Always use talloc_zero()
via 19c33c4 WHATSNEW: Update changes since rc4.
via 9af6c46 s3:smb2_getinfo ensure proper error for not yet present quota support
from 75122f7 WHATSNEW: Start release notes for Samba 4.0.0rc5.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -----------------------------------------------------------------
commit e3a35dc59b60d28835c2a9cffe76eb2b57a1bd54
Author: Karolin Seeger <kseeger at samba.org>
Date: Fri Nov 9 09:33:04 2012 +0100
WHATSNEW: Update changes since rc4.
Karolin
Autobuild-User(v4-0-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-0-test): Fri Nov 9 11:12:53 CET 2012 on sn-devel-104
commit 5ed2ca82197d55f1bafc1f447243fef39b610d9e
Author: Volker Lendecke <vl at samba.org>
Date: Tue Oct 9 09:41:41 2012 +0200
s3: Pass down smb_filename to smbacl4_fill_ace4
A full fsp is a bit overkill here
The last three patches fix
Bug 9208 Cannot migrate files with inheritance flags to share on top of NFSv4 filesystem
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Oct 9 13:38:49 CEST 2012 on sn-devel-104
commit 078b66573836d6aaf7aada6d81f7b4cf09a2e780
Author: Christian Ambach <ambi at samba.org>
Date: Tue Sep 25 03:25:36 2012 +0200
s3:nfs4acls filter away inheritance flags on files
While it is possible to define inheritance flags on files on Windows, this will
be denied by GPFS and UFS (and potentially others).
So it will be better to strip of these bits when being set for files instead of
failing to set the ACL completely (this is current behavior).
Users that want to retain the full SD will have to use acl_xattr (acl_tdb), as
other pieces of the SD are also lost when translating to NFSv4. So this should
not be a too intrusive change, but allow users to migrate data with such flags
instead of failing to migrate the ACL completely.
commit 16479fe48216d66973a3aedc132ba65ecacd7738
Author: Christian Ambach <ambi at samba.org>
Date: Tue Sep 25 01:34:04 2012 +0200
s3:nfs4acls pass down fsp instead of just the filename
commit ebded092711c3325ccc87e2abcbc30d3925021e8
Author: Volker Lendecke <vl at samba.org>
Date: Sat Nov 3 09:36:29 2012 +0100
dsdb: Simplify DsCrackNameOneFilter a bit
For me "else" branches clutter my flow reading code. If we do a hard
return at the end of an "if" branch, "else" is not required.
The last 3 patches address bug #9352 - samba crashes with certain RPC calls.
commit bc1a27071f329d1ca5d08fc962e95d55427a247e
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Oct 24 16:41:52 2012 +1100
dsdb-cracknames: Return DRSUAPI_DS_NAME_STATUS_NO_MAPPING when there is no SID
If there is no SID for an object being mapped, then there is no NT4 name.
We need to return DRSUAPI_DS_NAME_STATUS_NO_MAPPING rather than
error out with anything other than WERR_OK as the return value.
Andrew Bartlett
commit ae15743e2c324704e8a7576fc6bf331ead83c5a2
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Oct 24 11:56:02 2012 +1100
dsdb-cracknames: Always use talloc_zero()
Otherwise, we will return un-initialised values to the caller, which will
attempt to push them onto the wire.
Found by Greg Dickie <greg at justaguy.ca>.
Andrew Bartlett
commit 19c33c419e6591c8c85058c50acb46041d32220f
Author: Karolin Seeger <kseeger at samba.org>
Date: Thu Nov 8 08:58:29 2012 +0100
WHATSNEW: Update changes since rc4.
Karolin
commit 9af6c4626aeff3e862178034bf2a15574cd3bfbb
Author: Christian Ambach <ambi at samba.org>
Date: Thu Sep 27 22:09:23 2012 -0700
s3:smb2_getinfo ensure proper error for not yet present quota support
non-existing quota support needs to be signaled by NT_STATUS_NOT_SUPPORTED,
not NT_STATUS_INVALID_PARAMETER
Autobuild-User(master): Christian Ambach <ambi at samba.org>
Autobuild-Date(master): Fri Oct 12 13:37:37 CEST 2012 on sn-devel-104
(cherry picked from commit bddd1182ea44875f28e12cf15fd07a86f43d8716)
Fix bug #9361 - Quotas management doesn't work with SMB2/3.
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 15 ++++++++++++++-
source3/modules/nfs4_acls.c | 23 ++++++++++++++++++-----
source3/smbd/smb2_getinfo.c | 4 ++++
source4/dsdb/samdb/cracknames.c | 13 ++++++++++---
4 files changed, 46 insertions(+), 9 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 3c3b292..9d9cd02 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -167,18 +167,25 @@ smb.conf changes
CHANGES SINCE 4.0.0rc4
======================
-o Michael Ad:am <obnox at samba.org>
+o Michael Adam <obnox at samba.org>
* BUG 9321: winbindd:cache: Fix offline logons with cached credentials.
* BUG 9339: Build and quota fixes.
* BUG 9353: Fix the cluster(ctdb) build without system talloc installed.
+o Christian Ambach <ambi at samba.org>
+ * BUG 9208: Cannot migrate files with inheritance flags to share on top of
+ NFSv4 filesystem.
+ * BUG 9361: Quotas management doesn't work with SMB2/3.
+
+
o Andrew Bartlett <abartlet at samba.org>
* BUG 9317: Cannot easily change to internal DNS server.
* BUG 9338: lib/replace: Return size of xattr if size argument is 0.
* BUG 9339: Build and quota fixes.
* BUG 9340: Do not use the wheel group for 'administrators'.
* BUG 9347: winbind: Extend wbcAuthenticateUserEx to provide PAC.
+ * BUG 9352: Fix samba crashes with certain RPC calls.
* BUG 9355: Set mask values to 0777 and use fileserver.conf.
@@ -200,6 +207,12 @@ o Björn Jacke <bj at sernet.de>
* BUG 9339: Build and quota fixes.
+o Volker Lendecke <vl at samba.org>
+ * BUG 9208: Cannot migrate files with inheritance flags to share on top of
+ NFSv4 filesystem.
+ * BUG 9352: dsdb: Simplify DsCrackNameOneFilter a bit.
+
+
o Stefan Metzmacher <metze at samba.org>
* BUG 9175: Add smbXcli_session_set_disconnect_expired().
* BUG 9341: Fix SMBD_SMB2_NUM_IOV_PER_REQ check for sendfile().
diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c
index ac56bfb..05f90f7 100644
--- a/source3/modules/nfs4_acls.c
+++ b/source3/modules/nfs4_acls.c
@@ -574,7 +574,7 @@ static SMB_ACE4PROP_T *smbacl4_find_equal_special(
static bool smbacl4_fill_ace4(
TALLOC_CTX *mem_ctx,
- const char *filename,
+ const struct smb_filename *filename,
smbacl4_vfs_params *params,
uid_t ownerUID,
gid_t ownerGID,
@@ -591,6 +591,17 @@ static bool smbacl4_fill_ace4(
ace_v4->aceFlags = map_windows_ace_flags_to_nfs4_ace_flags(
ace_nt->flags);
+
+ /* remove inheritance flags on files */
+ if (VALID_STAT(filename->st) &&
+ !S_ISDIR(filename->st.st_ex_mode)) {
+ DEBUG(10, ("Removing inheritance flags from a file\n"));
+ ace_v4->aceFlags &= ~(SMB_ACE4_FILE_INHERIT_ACE|
+ SMB_ACE4_DIRECTORY_INHERIT_ACE|
+ SMB_ACE4_NO_PROPAGATE_INHERIT_ACE|
+ SMB_ACE4_INHERIT_ONLY_ACE);
+ }
+
ace_v4->aceMask = ace_nt->access_mask &
(SEC_STD_ALL | SEC_FILE_ALL);
@@ -629,7 +640,8 @@ static bool smbacl4_fill_ace4(
}
} else {
DEBUG(1, ("nfs4_acls.c: file [%s]: could not "
- "convert %s to uid or gid\n", filename,
+ "convert %s to uid or gid\n",
+ filename->base_name,
sid_string_dbg(&ace_nt->trustee)));
return False;
}
@@ -673,7 +685,7 @@ static int smbacl4_MergeIgnoreReject(
}
static SMB4ACL_T *smbacl4_win2nfs4(
- const char *filename,
+ const files_struct *fsp,
const struct security_acl *dacl,
smbacl4_vfs_params *pparams,
uid_t ownerUID,
@@ -683,6 +695,7 @@ static SMB4ACL_T *smbacl4_win2nfs4(
SMB4ACL_T *theacl;
uint32 i;
TALLOC_CTX *mem_ctx = talloc_tos();
+ const char *filename = fsp->fsp_name->base_name;
DEBUG(10, ("smbacl4_win2nfs4 invoked\n"));
@@ -694,7 +707,7 @@ static SMB4ACL_T *smbacl4_win2nfs4(
SMB_ACE4PROP_T ace_v4;
bool addNewACE = True;
- if (!smbacl4_fill_ace4(mem_ctx, filename, pparams,
+ if (!smbacl4_fill_ace4(mem_ctx, fsp->fsp_name, pparams,
ownerUID, ownerGID,
dacl->aces + i, &ace_v4)) {
DEBUG(3, ("Could not fill ace for file %s, SID %s\n",
@@ -791,7 +804,7 @@ NTSTATUS smb_set_nt_acl_nfs4(files_struct *fsp,
return NT_STATUS_OK;
}
- theacl = smbacl4_win2nfs4(fsp->fsp_name->base_name, psd->dacl, ¶ms,
+ theacl = smbacl4_win2nfs4(fsp, psd->dacl, ¶ms,
sbuf.st_ex_uid, sbuf.st_ex_gid);
if (!theacl)
return map_nt_error_from_unix(errno);
diff --git a/source3/smbd/smb2_getinfo.c b/source3/smbd/smb2_getinfo.c
index 0f4ed29..33cee99 100644
--- a/source3/smbd/smb2_getinfo.c
+++ b/source3/smbd/smb2_getinfo.c
@@ -482,6 +482,10 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx,
break;
}
+ case 0x04: /* SMB2_0_INFO_QUOTA */
+ tevent_req_nterror(req, NT_STATUS_NOT_SUPPORTED);
+ return tevent_req_post(req, ev);
+
default:
DEBUG(10,("smbd_smb2_getinfo_send: "
"unknown in_info_type of %u "
diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c
index c366019..f136dec 100644
--- a/source4/dsdb/samdb/cracknames.c
+++ b/source4/dsdb/samdb/cracknames.c
@@ -1067,9 +1067,16 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_
const struct dom_sid *sid = samdb_result_dom_sid(mem_ctx, result, "objectSid");
const char *_acc = "", *_dom = "";
+ if (sid == NULL) {
+ info1->status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING;
+ return WERR_OK;
+ }
- if (samdb_find_attribute(sam_ctx, result, "objectClass", "domain")) {
-
+ if (samdb_find_attribute(sam_ctx, result, "objectClass",
+ "domain")) {
+ /* This can also find a DomainDNSZones entry,
+ * but it won't have the SID we just
+ * checked. */
ldb_ret = ldb_search(sam_ctx, mem_ctx, &domain_res,
partitions_basedn,
LDB_SCOPE_ONELEVEL,
@@ -1472,7 +1479,7 @@ WERROR dcesrv_drsuapi_CrackNamesByNameFormat(struct ldb_context *sam_ctx, TALLOC
uint32_t i, count;
WERROR status;
- *ctr1 = talloc(mem_ctx, struct drsuapi_DsNameCtr1);
+ *ctr1 = talloc_zero(mem_ctx, struct drsuapi_DsNameCtr1);
W_ERROR_HAVE_NO_MEMORY(*ctr1);
count = req1->count;
--
Samba Shared Repository
More information about the samba-cvs
mailing list