[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Tue Jul 9 17:19:02 MDT 2013
The branch, master has been updated
via 577cef8 s3-smbstatus: display [u|g]id of -1 as "-1" in connection list
via c52e61f s3-lib: hide incomplete smbXsrv_tcon_global records
via 53aa069 s3-lib: fix segf while reading incomplete session info (bug #10003)
via 191e6b9 waf: Build with RELRO if supported by the compiler.
via aef8aad smbd: Fix a profile problem
from cd36a3e lib/param: sync debug related options with source3/param
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 577cef82c776759c9f3cad7d33057ac865c40769
Author: Björn Baumbach <bb at sernet.de>
Date: Tue Jul 9 12:32:34 2013 +0200
s3-smbstatus: display [u|g]id of -1 as "-1" in connection list
In order to avoid displayed uid or gid of "4294967295" instead of "-1", we
need to fetch the special case -1.
The id can be -1 if we are reading e.g. incomplete session information.
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Jul 10 01:18:30 CEST 2013 on sn-devel-104
commit c52e61f7ba215da28cbb7b8e328aea110ad79b11
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Jul 8 16:31:13 2013 +0200
s3-lib: hide incomplete smbXsrv_tcon_global records
Part of fix for bug #10003
Pair-programmed-with: Björn Baumbach <bb at sernet.de>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 53aa069b97070c73b782e2868b9b9686abe353cc
Author: Björn Baumbach <bb at sernet.de>
Date: Fri Jul 5 13:19:59 2013 +0200
s3-lib: fix segf while reading incomplete session info (bug #10003)
Pair-programmed-with: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 191e6b9441d6789ecc16a3a80eb36ec5b410c083
Author: Andreas Schneider <asn at samba.org>
Date: Fri Jul 5 08:13:56 2013 +0200
waf: Build with RELRO if supported by the compiler.
Make sure we create binaries with full RELocation Read-Only support. See
https://isisblogs.poly.edu/2011/06/01/relro-relocation-read-only/
for more details.
The default is to check if the compiler supports RELRO and then enable
it. Specifying '--with-relro' will make it mandatory and
'--without-relro' will disable it.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit aef8aad638b916026651d900b91e963897b31c1a
Author: Volker Lendecke <Volker.Lendecke at SerNet.DE>
Date: Tue Jul 9 11:02:39 2013 -0700
smbd: Fix a profile problem
When trying to read a profile, under certain circumstances Windows tries
to read with its machine account first. The profile previously written
was stored with an ACL that only allows access for the user and not
the machine. Windows should get an NT_STATUS_ACCESS_DENIED when using
the machine account, making it retry with the user account (which would
then succeed).
Samba under these circumstances erroneously gives
NT_STATUS_OBJECT_PATH_NOT_FOUND, which makes Windows give up and not
retry. The reasons is the "dropbox" patch in unix_convert, turning EACCESS
on the last path component to OBJECT_PATH_NOT_FOUND. This patch makes
the dropbox behaviour only kick in when we are creating a file. I think
this is an abstraction violation. unix_convert() should not have to know
about the create_disposition, but given that we have pathname resolution
separated from the core open code right now this is the best we can do.
Signed-off-by: Volker Lendecke <Volker.Lendecke at SerNet.DE>
Reviewed-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
buildtools/wafsamba/wafsamba.py | 2 +
source3/lib/conn_tdb.c | 22 ++++++++++++++++-
source3/lib/sessionid_tdb.c | 15 ++++++++----
source3/smbd/filename.c | 3 +-
source3/smbd/nttrans.c | 6 +++-
source3/smbd/reply.c | 48 ++++++++++++++++++++------------------
source3/smbd/smb2_create.c | 3 +-
source3/smbd/smbd.h | 1 +
source3/utils/status.c | 24 ++++++++++++++++---
wscript | 18 ++++++++++++++
10 files changed, 104 insertions(+), 38 deletions(-)
Changeset truncated at 500 lines:
diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py
index aaa0939..caa6fb1 100644
--- a/buildtools/wafsamba/wafsamba.py
+++ b/buildtools/wafsamba/wafsamba.py
@@ -348,6 +348,8 @@ def SAMBA_BINARY(bld, binname, source,
if bld.env['ENABLE_PIE'] == True:
pie_cflags += ' -fPIE'
pie_ldflags.extend(TO_LIST('-pie'))
+ if bld.env['ENABLE_RELRO'] == True:
+ pie_ldflags.extend(TO_LIST('-Wl,-z,relro,-z,now'))
# first create a target for building the object files for this binary
# by separating in this way, we avoid recompiling the C files
diff --git a/source3/lib/conn_tdb.c b/source3/lib/conn_tdb.c
index a7e7cf0..b218831 100644
--- a/source3/lib/conn_tdb.c
+++ b/source3/lib/conn_tdb.c
@@ -53,8 +53,13 @@ static int collect_sessions_fn(struct smbXsrv_session_global0 *global,
uint32_t id = global->session_global_id;
struct connections_forall_session sess;
- sess.uid = global->auth_session_info->unix_token->uid;
- sess.gid = global->auth_session_info->unix_token->gid;
+ if (global->auth_session_info == NULL) {
+ sess.uid = -1;
+ sess.gid = -1;
+ } else {
+ sess.uid = global->auth_session_info->unix_token->uid;
+ sess.gid = global->auth_session_info->unix_token->gid;
+ }
strncpy(sess.machine, global->channels[0].remote_name, sizeof(sess.machine));
strncpy(sess.addr, global->channels[0].remote_address, sizeof(sess.addr));
@@ -86,6 +91,19 @@ static int traverse_tcon_fn(struct smbXsrv_tcon_global0 *global,
TDB_DATA val = tdb_null;
+ /*
+ * Note: that share_name is defined as array without a pointer.
+ * that's why it's always a valid pointer here.
+ */
+ if (strlen(global->share_name) == 0) {
+ /*
+ * when a smbXsrv_tcon is created it's created
+ * with emtpy share_name first in order to allocate
+ * an id, before filling in the details.
+ */
+ return 0;
+ }
+
status = dbwrap_fetch(state->session_by_pid, state,
make_tdb_data((void*)&sess_id, sizeof(sess_id)),
&val);
diff --git a/source3/lib/sessionid_tdb.c b/source3/lib/sessionid_tdb.c
index 045b3d2..7a19611 100644
--- a/source3/lib/sessionid_tdb.c
+++ b/source3/lib/sessionid_tdb.c
@@ -38,16 +38,21 @@ static int sessionid_traverse_read_fn(struct smbXsrv_session_global0 *global,
(struct sessionid_traverse_read_state *)private_data;
struct auth_session_info *session_info = global->auth_session_info;
struct sessionid session = {
- .uid = session_info->unix_token->uid,
- .gid = session_info->unix_token->gid,
+ .uid = -1,
+ .gid = -1,
.id_num = global->session_global_id,
.connect_start = nt_time_to_unix(global->creation_time),
.pid = global->channels[0].server_id,
};
- strncpy(session.username,
- session_info->unix_info->unix_name,
- sizeof(fstring)-1);
+ if (session_info != NULL) {
+ session.uid = session_info->unix_token->uid;
+ session.gid = session_info->unix_token->gid;
+ strncpy(session.username,
+ session_info->unix_info->unix_name,
+ sizeof(fstring)-1);
+ }
+
strncpy(session.remote_machine,
global->channels[0].remote_name,
sizeof(fstring)-1);
diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
index 03e1d2d..4384f5a 100644
--- a/source3/smbd/filename.c
+++ b/source3/smbd/filename.c
@@ -723,7 +723,8 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx,
* can only put stuff with permission -wx.
*/
if ((errno != 0) && (errno != ENOENT)
- && (errno != EACCES)) {
+ && ((ucf_flags & UCF_CREATING_FILE) &&
+ (errno != EACCES))) {
/*
* ENOTDIR and ELOOP both map to
* NT_STATUS_OBJECT_PATH_NOT_FOUND
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index f5e5877..516b826 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -538,7 +538,8 @@ void reply_ntcreate_and_X(struct smb_request *req)
conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
fname,
- 0,
+ (create_disposition == FILE_CREATE)
+ ? UCF_CREATING_FILE : 0,
NULL,
&smb_fname);
@@ -1163,7 +1164,8 @@ static void call_nt_transact_create(connection_struct *conn,
conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
fname,
- 0,
+ (create_disposition == FILE_CREATE)
+ ? UCF_CREATING_FILE : 0,
NULL,
&smb_fname);
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 07b144e..2ae3ff4 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -1906,11 +1906,20 @@ void reply_open(struct smb_request *req)
goto out;
}
+ if (!map_open_params_to_ntcreate(fname, deny_mode,
+ OPENX_FILE_EXISTS_OPEN, &access_mask,
+ &share_mode, &create_disposition,
+ &create_options, &private_flags)) {
+ reply_force_doserror(req, ERRDOS, ERRbadaccess);
+ goto out;
+ }
+
status = filename_convert(ctx,
conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
fname,
- 0,
+ (create_disposition == FILE_CREATE)
+ ? UCF_CREATING_FILE : 0,
NULL,
&smb_fname);
if (!NT_STATUS_IS_OK(status)) {
@@ -1924,14 +1933,6 @@ void reply_open(struct smb_request *req)
goto out;
}
- if (!map_open_params_to_ntcreate(smb_fname->base_name, deny_mode,
- OPENX_FILE_EXISTS_OPEN, &access_mask,
- &share_mode, &create_disposition,
- &create_options, &private_flags)) {
- reply_force_doserror(req, ERRDOS, ERRbadaccess);
- goto out;
- }
-
status = SMB_VFS_CREATE_FILE(
conn, /* conn */
req, /* req */
@@ -2081,11 +2082,22 @@ void reply_open_and_X(struct smb_request *req)
goto out;
}
+ if (!map_open_params_to_ntcreate(fname, deny_mode,
+ smb_ofun,
+ &access_mask, &share_mode,
+ &create_disposition,
+ &create_options,
+ &private_flags)) {
+ reply_force_doserror(req, ERRDOS, ERRbadaccess);
+ goto out;
+ }
+
status = filename_convert(ctx,
conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
fname,
- 0,
+ (create_disposition == FILE_CREATE)
+ ? UCF_CREATING_FILE : 0,
NULL,
&smb_fname);
if (!NT_STATUS_IS_OK(status)) {
@@ -2099,16 +2111,6 @@ void reply_open_and_X(struct smb_request *req)
goto out;
}
- if (!map_open_params_to_ntcreate(smb_fname->base_name, deny_mode,
- smb_ofun,
- &access_mask, &share_mode,
- &create_disposition,
- &create_options,
- &private_flags)) {
- reply_force_doserror(req, ERRDOS, ERRbadaccess);
- goto out;
- }
-
status = SMB_VFS_CREATE_FILE(
conn, /* conn */
req, /* req */
@@ -2328,7 +2330,7 @@ void reply_mknew(struct smb_request *req)
conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
fname,
- 0,
+ UCF_CREATING_FILE,
NULL,
&smb_fname);
if (!NT_STATUS_IS_OK(status)) {
@@ -2469,7 +2471,7 @@ void reply_ctemp(struct smb_request *req)
status = filename_convert(ctx, conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
fname,
- 0,
+ UCF_CREATING_FILE,
NULL,
&smb_fname);
if (!NT_STATUS_IS_OK(status)) {
@@ -5828,7 +5830,7 @@ void reply_mkdir(struct smb_request *req)
status = filename_convert(ctx, conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
directory,
- 0,
+ UCF_CREATING_FILE,
NULL,
&smb_dname);
if (!NT_STATUS_IS_OK(status)) {
diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c
index 6a43d27..ba743e7 100644
--- a/source3/smbd/smb2_create.c
+++ b/source3/smbd/smb2_create.c
@@ -841,7 +841,8 @@ static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx,
smb1req->conn,
smb1req->flags2 & FLAGS2_DFS_PATHNAMES,
fname,
- 0, /* unix_convert flags */
+ (in_create_disposition == FILE_CREATE) ?
+ UCF_CREATING_FILE : 0,
NULL, /* ppath_contains_wcards */
&smb_fname);
if (!NT_STATUS_IS_OK(status)) {
diff --git a/source3/smbd/smbd.h b/source3/smbd/smbd.h
index a5b211a..e769157 100644
--- a/source3/smbd/smbd.h
+++ b/source3/smbd/smbd.h
@@ -73,5 +73,6 @@ struct trans_state {
#define UCF_COND_ALLOW_WCARD_LCOMP 0x00000004
#define UCF_POSIX_PATHNAMES 0x00000008
#define UCF_UNIX_NAME_LOOKUP 0x00000010
+#define UCF_CREATING_FILE 0x00000020
#endif /* _SMBD_SMBD_H */
diff --git a/source3/utils/status.c b/source3/utils/status.c
index f4b5f4e..be7c52f 100644
--- a/source3/utils/status.c
+++ b/source3/utils/status.c
@@ -283,13 +283,29 @@ static int traverse_sessionid(const char *key, struct sessionid *session,
Ucrit_addPid(session->pid);
- fstr_sprintf(uid_str, "%u", (unsigned int)session->uid);
- fstr_sprintf(gid_str, "%u", (unsigned int)session->gid);
+ fstrcpy(uid_str, "-1");
+
+ if (session->uid != -1) {
+ if (numeric_only) {
+ fstr_sprintf(uid_str, "%u", (unsigned int)session->uid);
+ } else {
+ fstrcpy(uid_str, uidtoname(session->uid));
+ }
+ }
+
+ fstrcpy(gid_str, "-1");
+
+ if (session->gid != -1) {
+ if (numeric_only) {
+ fstr_sprintf(gid_str, "%u", (unsigned int)session->gid);
+ } else {
+ fstrcpy(gid_str, gidtoname(session->gid));
+ }
+ }
d_printf("%-7s %-12s %-12s %-12s (%s)\n",
procid_str_static(&session->pid),
- numeric_only ? uid_str : uidtoname(session->uid),
- numeric_only ? gid_str : gidtoname(session->gid),
+ uid_str, gid_str,
session->remote_machine, session->hostname);
return 0;
diff --git a/wscript b/wscript
index 83c82e3..47b7b50 100644
--- a/wscript
+++ b/wscript
@@ -64,6 +64,14 @@ def set_options(opt):
help=("Disable Position Independent Executable builds"),
action="store_false", dest='enable_pie')
+ opt.add_option('--with-relro',
+ help=("Build with full RELocation Read-Only (RELRO)" +
+ "(default if supported by compiler)"),
+ action="store_true", dest='enable_relro')
+ opt.add_option('--without-relro',
+ help=("Disable RELRO builds"),
+ action="store_false", dest='enable_relro')
+
gr = opt.option_group('developer options')
@@ -178,6 +186,16 @@ def configure(conf):
msg="Checking compiler for PIE support"):
conf.env['ENABLE_PIE'] = True
+ if Options.options.enable_relro != False:
+ if Options.options.enable_relro == True:
+ need_relro = True
+ else:
+ # not specified, only build RELROs if supported by compiler
+ need_relro = False
+ if conf.check_cc(cflags='', ldflags='-Wl,-z,relro,-z,now', mandatory=need_relro,
+ msg="Checking compiler for full RELRO support"):
+ conf.env['ENABLE_RELRO'] = True
+
def etags(ctx):
'''build TAGS file using etags'''
import Utils
--
Samba Shared Repository
More information about the samba-cvs
mailing list