[SCM] Samba Shared Repository - branch v4-0-test updated
Karolin Seeger
kseeger at samba.org
Thu Dec 18 15:33:02 MST 2014
The branch, v4-0-test has been updated
via eb3ed91 libcli/smb: only force signing of smb2 session setups when binding a new session
via f27d938 s3:smb2_server: allow reauthentication without signing
via a7bee71 s3:smb2_server: use the global signing key to check if signing is required
via cc66e97 testprogs/test_ldb: check rootdse search with extended-dn control
via cc5599e s4:dsdb/rootdse: expand extended dn values with the AS_SYSTEM control
via 759e3fd s3:utils/profiles fix a use after free
via 997f6a9 s3:registry/regfio fix some valgrind warnings
via e71772e s3:registry/regfio read SD from the correct location
via de99f7e s3: modules: Fix *allocate* calls to follow POSIX error return convention.
via 0ad2013 s3: smbd: Fix *allocate* calls to follow POSIX error return convention.
via 339bac8 s3: smbd: Fix *allocate* calls to follow POSIX error return convention.
from b1adeee VERSION: Bump version up to 4.0.24...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -----------------------------------------------------------------
commit eb3ed9164ece272653b5cdc9a5ea3188cdb91dd5
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 12 13:55:38 2014 +0000
libcli/smb: only force signing of smb2 session setups when binding a new session
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10958
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Dec 12 23:11:40 CET 2014 on sn-devel-104
(cherry picked from commit daff0f5d709eca621a7f319c892ecaba7b03e5c2)
Autobuild-User(v4-0-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-0-test): Thu Dec 18 23:32:50 CET 2014 on sn-devel-104
commit f27d938a674308e8d0a4b6b24f67af596f1bf8f9
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 12 09:22:15 2014 +0100
s3:smb2_server: allow reauthentication without signing
If signing is not required we should not require it for reauthentication.
Windows clients would otherwise fail to reauthenticate.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10958
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 382019656ee164fd21455ed7d7b5e9e18bd0ca72)
commit a7bee718e69db2b0dbfa24ad3ba705ce59cb77de
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jun 12 15:10:11 2014 +0200
s3:smb2_server: use the global signing key to check if signing is required
If we have a channel session key, we also always have a global session key.
For multi-channel it's possible that the channel session key is not in place
yet, in that case the global session key needs to be used.
In both cases (reauth or session bind) we session setup requests need to be
signed.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 7e006d11134cdc37ea0fc13110fe5bbfb9de3f14)
commit cc66e97d14116995ecc6a862de6fe91c8f89a83f
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 21 14:11:54 2014 +0100
testprogs/test_ldb: check rootdse search with extended-dn control
Verifies BUG: https://bugzilla.samba.org/show_bug.cgi?id=10949
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Fri Dec 12 20:15:46 CET 2014 on sn-devel-104
(cherry picked from commit 7e81fe282540a5b52dcb8c5396321a67733790d2)
commit cc5599e81e262ca0d3a21ae37e7f00fc62541a90
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Nov 20 14:21:06 2014 +0100
s4:dsdb/rootdse: expand extended dn values with the AS_SYSTEM control
Otherwise we can't find the GUID of the 'serverName' attribute
as ANONYMOUS.
This results in
root at ub1204-161:~# ldbsearch -U% -H ldap://172.31.9.161 -b '' -s base --extended-dn serverName
search error - LDAP error 1 LDAP_OPERATIONS_ERROR - <00002020: operations error at ../source4/dsdb/samdb/ldb_modules/rootdse.c:567> <>
While it works as system:
root at ub1204-161:~# ldbsearch -U% -H /var/lib/samba/private/sam.ldb -b '' -s base --extended-dn serverName
# record 1
dn:
serverName: <GUID=348c35e1-04e3-4988-a32c-32478d584551>;CN=UB1204-161,CN=Serve
rs,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=s4xdom,DC=base
# returned 1 records
# 1 entries
# 0 referrals
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10949
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit a6ecef4532e4529a819219cd814e2979c2df0797)
commit 759e3fd347dbcaf7ff0a6cd38592542068f8e9f5
Author: Christian Ambach <ambi at samba.org>
Date: Tue Nov 4 23:51:23 2014 +0100
s3:utils/profiles fix a use after free
path is a talloc-child of subkeys, so subkeys should not be freed before calling
verbose_output
Signed-off-by: Christian Ambach <ambi at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Christian Ambach <ambi at samba.org>
Autobuild-Date(master): Wed Dec 3 00:43:19 CET 2014 on sn-devel-104
(cherry picked from commit 3b90bfb1089e6a4b7e05e7ed62bb642521f57917)
commit 997f6a93e969cd9b4e00ef7270a66e6373942517
Author: Christian Ambach <ambi at samba.org>
Date: Tue Nov 4 23:50:07 2014 +0100
s3:registry/regfio fix some valgrind warnings
Signed-off-by: Christian Ambach <ambi at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 4b41489901b7f1a78ffd479128c3e0d309e53b53)
commit e71772eb49bfc4453acba95e67ccad8ac2f12c94
Author: Christian Ambach <ambi at samba.org>
Date: Tue Nov 4 23:47:26 2014 +0100
s3:registry/regfio read SD from the correct location
try to find the security descriptor at the data pointer, not at the beginning of the hbin
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9629
Signed-off-by: Christian Ambach <ambi at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 217a0189c15761f6c7b24c9d7bfdbccf85de8e1d)
commit de99f7e27d8dac54fbed751e479e8bad0a57e091
Author: Jeremy Allison <jra at samba.org>
Date: Sun Dec 7 19:50:54 2014 -0800
s3: modules: Fix *allocate* calls to follow POSIX error return convention.
Fix up the time_audit and streams_xattr modules to follow
the -1,errno convention for errors.
Reported by Jones <jones.kstw at gmail.com> who provided the
initial patch. This patch tested and confirmed working
by him as well.
Signed-off-by: Jeremy Allison <jra at samba.org>
commit 0ad2013d90bc923d8eeb4b5ed3010224fa2d1e86
Author: Jeremy Allison <jra at samba.org>
Date: Fri Dec 5 15:34:12 2014 -0800
s3: smbd: Fix *allocate* calls to follow POSIX error return convention.
Fix vfs_allocate_file_space(), vfs_slow_fallocate(),
vfs_fill_sparse() to follow the -1,errno convention
for errors.
Standardize on the -1,errno convention.
Reported by Jones <jones.kstw at gmail.com> who provided the
initial patch. This patch tested and confirmed working
by him as well.
https://bugzilla.samba.org/show_bug.cgi?id=10982
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Disseldorp <ddiss at suse.de>
(cherry picked from commit cc1f91cec627cb3e4fc89b96aae1e7e4c539cd1c)
commit 339bac87b3f83a7a5c0b0c4a8285604c300521ef
Author: Jeremy Allison <jra at samba.org>
Date: Fri Dec 5 15:31:19 2014 -0800
s3: smbd: Fix *allocate* calls to follow POSIX error return convention.
vfswrap_fallocate() is broken in that it can call posix_fallocate()
which returns an int error (and doesn't set errno) but can also
call Linux fallocate() which returns -1 and sets errno.
Standardize on the -1,errno convention.
Reported by Jones <jones.kstw at gmail.com> who provided the
initial patch. This patch tested and confirmed working
by him as well.
https://bugzilla.samba.org/show_bug.cgi?id=10982
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Disseldorp <ddiss at suse.de>
(cherry picked from commit c9235deee0fc49c99cfaf2329b7af526d9dd12d0)
-----------------------------------------------------------------------
Summary of changes:
libcli/smb/smbXcli_base.c | 7 ++++++-
source3/modules/vfs_default.c | 17 ++++++++++++-----
source3/modules/vfs_streams_xattr.c | 5 +++--
source3/modules/vfs_time_audit.c | 8 +++++++-
source3/registry/regfio.c | 10 ++++++----
source3/smbd/smb2_server.c | 5 -----
source3/smbd/smb2_sesssetup.c | 4 ++++
source3/smbd/vfs.c | 22 +++++++++++-----------
source3/utils/profiles.c | 6 +++---
source4/dsdb/samdb/ldb_modules/rootdse.c | 6 ++----
testprogs/blackbox/test_ldb.sh | 2 ++
11 files changed, 56 insertions(+), 36 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index c971a6d..b799e11 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -2576,7 +2576,12 @@ struct tevent_req *smb2cli_req_create(TALLOC_CTX *mem_ctx,
state->smb2.should_encrypt = session->smb2->should_encrypt;
if (cmd == SMB2_OP_SESSSETUP &&
- session->smb2->signing_key.length != 0) {
+ session->smb2_channel.signing_key.length == 0 &&
+ session->smb2->signing_key.length != 0)
+ {
+ /*
+ * a session bind needs to be signed
+ */
state->smb2.should_sign = true;
}
diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index b31f4be..429fca1 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -1644,15 +1644,14 @@ static int strict_allocate_ftruncate(vfs_handle_struct *handle, files_struct *fs
return ENOTSUP or EINVAL in cases like that. */
ret = SMB_VFS_FALLOCATE(fsp, VFS_FALLOCATE_EXTEND_SIZE,
pst->st_ex_size, space_to_write);
- if (ret == ENOSPC) {
- errno = ENOSPC;
+ if (ret == -1 && errno == ENOSPC) {
return -1;
}
if (ret == 0) {
return 0;
}
DEBUG(10,("strict_allocate_ftruncate: SMB_VFS_FALLOCATE failed with "
- "error %d. Falling back to slow manual allocation\n", ret));
+ "error %d. Falling back to slow manual allocation\n", errno));
/* available disk space is enough or not? */
space_avail = get_dfree_info(fsp->conn,
@@ -1668,8 +1667,7 @@ static int strict_allocate_ftruncate(vfs_handle_struct *handle, files_struct *fs
/* Write out the real space on disk. */
ret = vfs_slow_fallocate(fsp, pst->st_ex_size, space_to_write);
if (ret != 0) {
- errno = ret;
- ret = -1;
+ return -1;
}
return 0;
@@ -1754,6 +1752,15 @@ static int vfswrap_fallocate(vfs_handle_struct *handle,
START_PROFILE(syscall_fallocate);
if (mode == VFS_FALLOCATE_EXTEND_SIZE) {
result = sys_posix_fallocate(fsp->fh->fd, offset, len);
+ /*
+ * posix_fallocate returns 0 on success, errno on error
+ * and doesn't set errno. Make it behave like fallocate()
+ * which returns -1, and sets errno on failure.
+ */
+ if (result != 0) {
+ errno = result;
+ result = -1;
+ }
} else if (mode == VFS_FALLOCATE_KEEP_SIZE) {
result = sys_fallocate(fsp->fh->fd, mode, offset, len);
} else {
diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c
index c4d86ee..625e995 100644
--- a/source3/modules/vfs_streams_xattr.c
+++ b/source3/modules/vfs_streams_xattr.c
@@ -1027,11 +1027,12 @@ static int streams_xattr_fallocate(struct vfs_handle_struct *handle,
}
if (!streams_xattr_recheck(sio)) {
- return errno;
+ return -1;
}
/* Let the pwrite code path handle it. */
- return ENOSYS;
+ errno = ENOSYS;
+ return -1;
}
diff --git a/source3/modules/vfs_time_audit.c b/source3/modules/vfs_time_audit.c
index 95b4148..4b9aef0 100644
--- a/source3/modules/vfs_time_audit.c
+++ b/source3/modules/vfs_time_audit.c
@@ -1210,18 +1210,24 @@ static int smb_time_audit_fallocate(vfs_handle_struct *handle,
off_t len)
{
int result;
+ int saved_errno = 0;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_FALLOCATE(handle, fsp, mode, offset, len);
+ if (result == -1) {
+ saved_errno = errno;
+ }
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("fallocate", timediff, fsp);
}
-
+ if (result == -1) {
+ errno = saved_errno;
+ }
return result;
}
diff --git a/source3/registry/regfio.c b/source3/registry/regfio.c
index bde1863..90191a6 100644
--- a/source3/registry/regfio.c
+++ b/source3/registry/regfio.c
@@ -768,8 +768,10 @@ static bool hbin_prs_sk_rec( const char *desc, REGF_HBIN *hbin, int depth, REGF_
if (!prs_copy_data_in(&hbin->ps, (const char *)blob.data, blob.length))
return False;
} else {
- blob = data_blob_const(prs_data_p(&hbin->ps),
- prs_data_size(&hbin->ps));
+ blob = data_blob_const(
+ prs_data_p(&hbin->ps) + prs_offset(&hbin->ps),
+ prs_data_size(&hbin->ps) - prs_offset(&hbin->ps)
+ );
status = unmarshall_sec_desc(mem_ctx,
blob.data, blob.length,
&sk->sec_desc);
@@ -1739,7 +1741,7 @@ static bool create_vk_record(REGF_FILE *file, REGF_VK_REC *vk,
/* make sure we don't try to copy from a NULL value pointer */
if ( vk->data_size != 0 )
- memcpy( &vk->data_off, regval_data_p(value), sizeof(uint32) );
+ memcpy( &vk->data_off, regval_data_p(value), vk->data_size);
vk->data_size |= VK_DATA_IN_OFFSET;
}
@@ -1804,7 +1806,7 @@ static int hashrec_cmp( REGF_HASH_REC *h1, REGF_HASH_REC *h2 )
REGF_HASH_REC *hash = &parent->subkeys.hashes[parent->subkey_index];
hash->nk_off = prs_offset( &nk->hbin->ps ) + nk->hbin->first_hbin_off - HBIN_HDR_SIZE;
- memcpy( hash->keycheck, name, sizeof(uint32) );
+ memcpy(hash->keycheck, name, MIN(strlen(name),sizeof(uint32)));
hash->fullname = talloc_strdup( file->mem_ctx, name );
parent->subkey_index++;
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index b46f994..d0dec0f 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -1910,11 +1910,6 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
if (x != NULL) {
signing_required = x->global->signing_required;
encryption_required = x->global->encryption_required;
-
- if (opcode == SMB2_OP_SESSSETUP &&
- x->global->channels[0].signing_key.length) {
- signing_required = true;
- }
}
req->do_signing = false;
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index e911945..a82d696 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -422,6 +422,10 @@ static NTSTATUS smbd_smb2_reauth_generic_return(struct smbXsrv_session *session,
conn_clear_vuid_caches(conn->sconn, session->compat->vuid);
+ if (security_session_user_level(session_info, NULL) >= SECURITY_USER) {
+ smb2req->do_signing = true;
+ }
+
*out_session_id = session->global->session_wire_id;
return NT_STATUS_OK;
diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
index 124981c..63758ac 100644
--- a/source3/smbd/vfs.c
+++ b/source3/smbd/vfs.c
@@ -580,6 +580,10 @@ int vfs_allocate_file_space(files_struct *fsp, uint64_t len)
return 0;
}
+ if (ret == -1 && errno == ENOSPC) {
+ return -1;
+ }
+
len -= fsp->fsp_name->st.st_ex_size;
len /= 1024; /* Len is now number of 1k blocks needed. */
space_avail = get_dfree_info(conn, fsp->fsp_name->base_name, false,
@@ -634,7 +638,7 @@ int vfs_set_filelen(files_struct *fsp, off_t len)
fails. Needs to be outside of the default version of SMB_VFS_FALLOCATE
as this is also called from the default SMB_VFS_FTRUNCATE code.
Always extends the file size.
- Returns 0 on success, errno on failure.
+ Returns 0 on success, -1 on failure.
****************************************************************************/
#define SPARSE_BUF_WRITE_SIZE (32*1024)
@@ -648,7 +652,7 @@ int vfs_slow_fallocate(files_struct *fsp, off_t offset, off_t len)
sparse_buf = SMB_CALLOC_ARRAY(char, SPARSE_BUF_WRITE_SIZE);
if (!sparse_buf) {
errno = ENOMEM;
- return ENOMEM;
+ return -1;
}
}
@@ -657,10 +661,12 @@ int vfs_slow_fallocate(files_struct *fsp, off_t offset, off_t len)
pwrite_ret = SMB_VFS_PWRITE(fsp, sparse_buf, curr_write_size, offset + total);
if (pwrite_ret == -1) {
+ int saved_errno = errno;
DEBUG(10,("vfs_slow_fallocate: SMB_VFS_PWRITE for file "
"%s failed with error %s\n",
- fsp_str_dbg(fsp), strerror(errno)));
- return errno;
+ fsp_str_dbg(fsp), strerror(saved_errno)));
+ errno = saved_errno;
+ return -1;
}
total += pwrite_ret;
}
@@ -718,9 +724,7 @@ int vfs_fill_sparse(files_struct *fsp, off_t len)
* return ENOTSUP or EINVAL in cases like that. */
ret = SMB_VFS_FALLOCATE(fsp, VFS_FALLOCATE_EXTEND_SIZE,
offset, num_to_write);
- if (ret == ENOSPC) {
- errno = ENOSPC;
- ret = -1;
+ if (ret == -1 && errno == ENOSPC) {
goto out;
}
if (ret == 0) {
@@ -731,10 +735,6 @@ int vfs_fill_sparse(files_struct *fsp, off_t len)
}
ret = vfs_slow_fallocate(fsp, offset, num_to_write);
- if (ret != 0) {
- errno = ret;
- ret = -1;
- }
out:
diff --git a/source3/utils/profiles.c b/source3/utils/profiles.c
index 30c6ad0..a88469a 100644
--- a/source3/utils/profiles.c
+++ b/source3/utils/profiles.c
@@ -182,12 +182,12 @@ static bool copy_registry_tree( REGF_FILE *infile, REGF_NK_REC *nk,
}
}
- /* values is a talloc()'d child of subkeys here so just throw it all away */
-
- TALLOC_FREE( subkeys );
verbose_output("[%s]\n", path);
+ /* values is a talloc()'d child of subkeys here so just throw it all away */
+ TALLOC_FREE(subkeys);
+
return True;
}
diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c
index 167201e..9122a67 100644
--- a/source4/dsdb/samdb/ldb_modules/rootdse.c
+++ b/source4/dsdb/samdb/ldb_modules/rootdse.c
@@ -131,10 +131,8 @@ static int expand_dn_in_message(struct ldb_module *module, struct ldb_message *m
return ret;
}
-
- ret = ldb_request_add_control(req2,
- LDB_CONTROL_EXTENDED_DN_OID,
- edn_control->critical, edn);
+ ret = dsdb_request_add_controls(req2, DSDB_FLAG_AS_SYSTEM |
+ DSDB_SEARCH_SHOW_EXTENDED_DN);
if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
return ldb_error(ldb, ret, "Failed to add control");
diff --git a/testprogs/blackbox/test_ldb.sh b/testprogs/blackbox/test_ldb.sh
index f326672..60bad44 100755
--- a/testprogs/blackbox/test_ldb.sh
+++ b/testprogs/blackbox/test_ldb.sh
@@ -37,6 +37,8 @@ export PATH="$BINDIR:$PATH"
ldbsearch="$VALGRIND ldbsearch"
check "RootDSE" $ldbsearch $CONFIGURATION $options --basedn='' -H $p://$SERVER -s base DUMMY=x dnsHostName highestCommittedUSN || failed=`expr $failed + 1`
+check "RootDSE (full)" $ldbsearch $CONFIGURATION $options --basedn='' -H $p://$SERVER -s base '(objectClass=*)' || failed=`expr $failed + 1`
+check "RootDSE (extended)" $ldbsearch $CONFIGURATION $options --basedn='' -H $p://$SERVER -s base '(objectClass=*)' --extended-dn || failed=`expr $failed + 1`
echo "Getting defaultNamingContext"
BASEDN=`$ldbsearch $CONFIGURATION $options --basedn='' -H $p://$SERVER -s base DUMMY=x defaultNamingContext | grep defaultNamingContext | awk '{print $2}'`
--
Samba Shared Repository
More information about the samba-cvs
mailing list