[SCM] Samba Shared Repository - branch v4-3-test updated
Karolin Seeger
kseeger at samba.org
Wed Jun 22 14:35:04 UTC 2016
The branch, v4-3-test has been updated
via c20c7bf s3: docs: Fix "strict rename" doc to match code.
via 932e8cc s3: smbd: Change semantics of strict rename to search the file open db.
via 7444aaf libnet: ignore realm setting for domain security joins to AD domains if 'winbind rpc only = true'
via fed3729 s3-libnet: Print error string even on successfuly completion of libnetjoin.
via 38c27bf s4: torture: Added raw readX test to ensure 'reserved' fields are zero.
via 13053f3 s3: smbd: In reply_read_and_X() SMB1 server is overwriting part of the 'reserved' zero fields with reply data length.
via 1c48e82 s3: smbd: Use common function setup_readX_header() in aio read code.
via f2dfba8 s3: smbd: Make setup_readX_header() externally accessible
via 080bb0f s3: smbd: Remove unused 'req' argument from setup_readX_header()
from 58c5338 libnet: make Kerberos domain join site-aware
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-3-test
- Log -----------------------------------------------------------------
commit c20c7bfec7853167f9ece7ad2ba59df0795f9e25
Author: Jeremy Allison <jra at samba.org>
Date: Tue Nov 24 08:45:50 2015 -0800
s3: docs: Fix "strict rename" doc to match code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11065
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Nov 24 23:47:19 CET 2015 on sn-devel-104
(cherry picked from commit 2b0df3788aaadcf907de15a6b6a518244c59aa81)
Autobuild-User(v4-3-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-3-test): Wed Jun 22 16:34:25 CEST 2016 on sn-devel-104
commit 932e8ccf06d7dc56c8390b46bbefa403b776370e
Author: Jeremy Allison <jra at samba.org>
Date: Tue Nov 24 08:43:14 2015 -0800
s3: smbd: Change semantics of strict rename to search the file open db.
Without strict rename just look in local process. POSIX renames are
already dealt with above.
Documentation change to follow.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11065
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 16f202871ca850bec87e0ec243644b2c20266c44)
commit 7444aafd014a97aed334a09bdda3f040dbeb6886
Author: Michael Adam <obnox at samba.org>
Date: Wed Jun 15 23:03:32 2016 +0200
libnet: ignore realm setting for domain security joins to AD domains if 'winbind rpc only = true'
Inspired by initial patch from Matt Rogers @ RedHat.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11977
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Michael Adam <obnox at samba.org>
Autobuild-Date(master): Wed Jun 22 05:05:47 CEST 2016 on sn-devel-144
(cherry picked from commit e29d8f108cd090706dc3f54282f5c33ec30df899)
commit fed37291cb080a59b18c1a85b299d58da21b29de
Author: Günther Deschner <gd at samba.org>
Date: Wed Jun 15 16:04:29 2016 +0200
s3-libnet: Print error string even on successfuly completion of libnetjoin.
Sometimes useful information should be printed to the users.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11977
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 632faa87610b3afca3f8d3e9f3f46ee6b87f362a)
commit 38c27bf8559005c23c3819a4d1e040b8c5bcb73b
Author: Jeremy Allison <jra at samba.org>
Date: Fri Jun 10 09:32:32 2016 -0700
s4: torture: Added raw readX test to ensure 'reserved' fields are zero.
Passes against Win2k12+, and smbd with the previous patch.
https://bugzilla.samba.org/show_bug.cgi?id=11845
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Alexander Bokovoy <ab at samba.org>
Autobuild-Date(master): Sat Jun 18 19:32:22 CEST 2016 on sn-devel-144
(cherry picked from commit 747de99fcd70f400ec0ca6b2ca020664f7464454)
commit 13053f38fbbcbcb8fcb4e6779ccbc43f4906f0d8
Author: Jeremy Allison <jra at samba.org>
Date: Mon Jun 13 09:30:25 2016 -0700
s3: smbd: In reply_read_and_X() SMB1 server is overwriting part of the 'reserved' zero fields with reply data length.
This occurred due to old code that used to do:
SSVAL(smb_buf(req->outbuf),-2,nread);
to set the reply length. This code was not needed,
as srv_set_message() was already correctly setting
the bcc length and was probably left from much
earlier legacy code.
However, in commit ddaa65ef6e049a185281c4d5deca4045e3b085e2
this was converted to do:
SSVAL(req->outbuf,smb_vwv11,smb_maxcnt);
This code actually overwrites the last 'reserved'
field in the SMB_COM_READ_ANDX packet reply, but we
never noticed as no client (or server code) looks at or
checks vwv11 in a SMB_COM_READ_ANDX reply.
[MS-SMB] shows for SMB_COM_READ_ANDX reply:
SMB_Parameters
{
UCHAR WordCount;
Words
{
UCHAR AndXCommand;
UCHAR AndXReserved;
USHORT AndXOffset;
USHORT Available;
USHORT DataCompactionMode;
USHORT Reserved1;
USHORT DataLength;
USHORT DataOffset;
USHORT DataLengthHigh;
USHORT Reserved2[4];
}
}
SMB_Data
{
USHORT ByteCount;
Bytes
{
UCHAR Pad[] (optional);
UCHAR Data[variable];
}
and indeed checking wireshark from Win2012R2
we find that smbd is writing the returned
read length into smb_vwv11 and Windows leaves
it as zeros (reserved).
Also fix the same problem in the named pipes code.
Torture test to ensure Reserved2[4] replies
are zero to follow.
https://bugzilla.samba.org/show_bug.cgi?id=11845
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit e57f9e15d08ed46b2fac2562d1027c6a2ba80dac)
commit 1c48e828b79a05f7e61d33f47e366bb8cc5c7f8a
Author: Jeremy Allison <jra at samba.org>
Date: Mon Jun 13 09:25:02 2016 -0700
s3: smbd: Use common function setup_readX_header() in aio read code.
https://bugzilla.samba.org/show_bug.cgi?id=11845
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit 6507336d6646b7709768c19a03eac61ea30cce31)
commit f2dfba87f17c185a0e27286c480a4a5ff847a5b6
Author: Jeremy Allison <jra at samba.org>
Date: Mon Jun 13 09:22:56 2016 -0700
s3: smbd: Make setup_readX_header() externally accessible
https://bugzilla.samba.org/show_bug.cgi?id=11845
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit 2ff3171fba931e621581336c975bae146a2ea3a9)
commit 080bb0fb04752184476e0563989d837240ffdefa
Author: Jeremy Allison <jra at samba.org>
Date: Mon Jun 13 09:20:43 2016 -0700
s3: smbd: Remove unused 'req' argument from setup_readX_header()
https://bugzilla.samba.org/show_bug.cgi?id=11845
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit 1e29a1ce067e5f5b5159bcd20d37c6945bcc3900)
-----------------------------------------------------------------------
Summary of changes:
docs-xml/smbdotconf/tuning/strictrename.xml | 15 ++++++++--
source3/libnet/libnet_join.c | 16 +++++++++++
source3/smbd/aio.c | 9 +-----
source3/smbd/dir.c | 2 +-
source3/smbd/pipes.c | 1 -
source3/smbd/proto.h | 3 ++
source3/smbd/reply.c | 22 ++++++++++-----
source3/utils/net_ads.c | 5 ++++
source3/utils/net_rpc.c | 10 +++++++
source4/torture/raw/read.c | 44 +++++++++++++++++++++++++++++
10 files changed, 107 insertions(+), 20 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/smbdotconf/tuning/strictrename.xml b/docs-xml/smbdotconf/tuning/strictrename.xml
index 5478863..91572f2 100644
--- a/docs-xml/smbdotconf/tuning/strictrename.xml
+++ b/docs-xml/smbdotconf/tuning/strictrename.xml
@@ -15,9 +15,18 @@
Samba system the cost is even greater than the non-clustered
case.</para>
- <para>For this reason the default is "no", and it is recommended
- to be left that way unless a specific Windows application requires
- it to be changed.</para>
+ <para>When set to "no" smbd only checks the local process
+ the client is attached to for open files below a directory
+ being renamed, instead of checking for open files across all
+ smbd processes.</para>
+
+ <para>Because of the expense in fully searching the database,
+ the default is "no", and it is recommended to be left that way
+ unless a specific Windows application requires it to be changed.</para>
+
+ <para>If the client has requested UNIX extensions (POSIX
+ pathnames) then renames are always allowed and this parameter
+ has no effect.</para>
</description>
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index fc4fbb9..535ce21 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -2123,6 +2123,7 @@ static WERROR libnet_join_check_config(TALLOC_CTX *mem_ctx,
bool valid_security = false;
bool valid_workgroup = false;
bool valid_realm = false;
+ bool ignored_realm = false;
/* check if configuration is already set correctly */
@@ -2142,11 +2143,26 @@ static WERROR libnet_join_check_config(TALLOC_CTX *mem_ctx,
valid_realm = strequal(lp_realm(), r->out.dns_domain_name);
switch (lp_security()) {
case SEC_DOMAIN:
+ if (!valid_realm && lp_winbind_rpc_only()) {
+ valid_realm = true;
+ ignored_realm = true;
+ }
case SEC_ADS:
valid_security = true;
}
if (valid_workgroup && valid_realm && valid_security) {
+ if (ignored_realm && !r->in.modify_config)
+ {
+ libnet_join_set_error_string(mem_ctx, r,
+ "Warning: ignoring realm when "
+ "joining AD domain with "
+ "'security=domain' and "
+ "'winbind rpc only = yes'. "
+ "(realm set to '%s', "
+ "should be '%s').", lp_realm(),
+ r->out.dns_domain_name);
+ }
/* nothing to be done */
return WERR_OK;
}
diff --git a/source3/smbd/aio.c b/source3/smbd/aio.c
index 253782b..e43dc71 100644
--- a/source3/smbd/aio.c
+++ b/source3/smbd/aio.c
@@ -258,7 +258,6 @@ static void aio_pread_smb1_done(struct tevent_req *req)
files_struct *fsp = aio_ex->fsp;
int outsize;
char *outbuf = (char *)aio_ex->outbuf.data;
- char *data = smb_buf(outbuf) + 1 /* padding byte */;
ssize_t nread;
int err;
@@ -287,13 +286,7 @@ static void aio_pread_smb1_done(struct tevent_req *req)
ERROR_NT(map_nt_error_from_unix(err));
outsize = srv_set_message(outbuf,0,0,true);
} else {
- outsize = srv_set_message(outbuf, 12,
- nread + 1 /* padding byte */, false);
- SSVAL(outbuf,smb_vwv2, 0xFFFF); /* Remaining - must be * -1. */
- SSVAL(outbuf,smb_vwv5, nread);
- SSVAL(outbuf,smb_vwv6, smb_offset(data,outbuf));
- SSVAL(outbuf,smb_vwv7, ((nread >> 16) & 1));
- SSVAL(smb_buf(outbuf), -2, nread);
+ outsize = setup_readX_header(outbuf, nread);
aio_ex->fsp->fh->pos = aio_ex->offset + nread;
aio_ex->fsp->fh->position_information = aio_ex->fsp->fh->pos;
diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index 99bfed3..6beb167 100644
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -1965,7 +1965,7 @@ static int have_file_open_below_fn(struct file_id fid,
return 1;
}
-static bool have_file_open_below(connection_struct *conn,
+bool have_file_open_below(connection_struct *conn,
const struct smb_filename *name)
{
struct have_file_open_below_state state = {
diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c
index 455dbf0..60c9ccb 100644
--- a/source3/smbd/pipes.c
+++ b/source3/smbd/pipes.c
@@ -492,7 +492,6 @@ static void pipe_read_andx_done(struct tevent_req *subreq)
+ 12 * sizeof(uint16_t) /* vwv */
+ 2 /* the buflen field */
+ 1); /* padding byte */
- SSVAL(req->outbuf,smb_vwv11,state->smb_maxcnt);
DEBUG(3,("readX-IPC min=%d max=%d nread=%d\n",
state->smb_mincnt, state->smb_maxcnt, (int)nread));
diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
index 2eac3ec..84b472d 100644
--- a/source3/smbd/proto.h
+++ b/source3/smbd/proto.h
@@ -229,6 +229,8 @@ long TellDir(struct smb_Dir *dirp);
bool SearchDir(struct smb_Dir *dirp, const char *name, long *poffset);
NTSTATUS can_delete_directory(struct connection_struct *conn,
const char *dirname);
+bool have_file_open_below(connection_struct *conn,
+ const struct smb_filename *name);
/* The following definitions come from smbd/dmapi.c */
@@ -893,6 +895,7 @@ ssize_t sendfile_short_send(struct smbXsrv_connection *xconn,
size_t smb_maxcnt);
void reply_readbraw(struct smb_request *req);
void reply_lockread(struct smb_request *req);
+int setup_readX_header(char *outbuf, size_t smb_maxcnt);
void reply_read(struct smb_request *req);
void reply_read_and_X(struct smb_request *req);
void error_to_writebrawerr(struct smb_request *req);
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 476ac7e..5206d47 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -2676,7 +2676,17 @@ static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
/* If no pathnames are open below this
directory, allow the rename. */
- if (file_find_subpath(fsp)) {
+ if (lp_strict_rename(SNUM(conn))) {
+ /*
+ * Strict rename, check open file db.
+ */
+ if (have_file_open_below(fsp->conn, fsp->fsp_name)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ } else if (file_find_subpath(fsp)) {
+ /*
+ * No strict rename, just look in local process.
+ */
return NT_STATUS_ACCESS_DENIED;
}
return NT_STATUS_OK;
@@ -3757,8 +3767,7 @@ strict_unlock:
Setup readX header.
****************************************************************************/
-static int setup_readX_header(struct smb_request *req, char *outbuf,
- size_t smb_maxcnt)
+int setup_readX_header(char *outbuf, size_t smb_maxcnt)
{
int outsize;
@@ -3777,7 +3786,6 @@ static int setup_readX_header(struct smb_request *req, char *outbuf,
+ 2 /* the buflen field */
+ 1); /* padding byte */
SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
- SSVAL(outbuf,smb_vwv11,smb_maxcnt);
SCVAL(smb_buf(outbuf), 0, 0); /* padding byte */
/* Reset the outgoing length, set_message truncates at 0x1FFFF. */
_smb_setlen_large(outbuf,
@@ -3845,7 +3853,7 @@ static void send_file_readX(connection_struct *conn, struct smb_request *req,
header = data_blob_const(headerbuf, sizeof(headerbuf));
construct_reply_common_req(req, (char *)headerbuf);
- setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
+ setup_readX_header((char *)headerbuf, smb_maxcnt);
nread = SMB_VFS_SENDFILE(xconn->transport.sock, fsp, &header,
startpos, smb_maxcnt);
@@ -3946,7 +3954,7 @@ normal_read:
}
construct_reply_common_req(req, (char *)headerbuf);
- setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
+ setup_readX_header((char *)headerbuf, smb_maxcnt);
/* Send out the header. */
ret = write_data(xconn->transport.sock, (char *)headerbuf,
@@ -3996,7 +4004,7 @@ nosendfile_read:
return;
}
- setup_readX_header(req, (char *)req->outbuf, nread);
+ setup_readX_header((char *)req->outbuf, nread);
DEBUG(3, ("send_file_readX %s max=%d nread=%d\n",
fsp_fnum_dbg(fsp), (int)smb_maxcnt, (int)nread));
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 5ed3129..e0a204b 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -1587,6 +1587,11 @@ int net_ads_join(struct net_context *c, int argc, const char **argv)
r->out.netbios_domain_name);
}
+ /* print out informative error string in case there is one */
+ if (r->out.error_string != NULL) {
+ d_printf("%s\n", r->out.error_string);
+ }
+
/*
* We try doing the dns update (if it was compiled in).
* If the dns update fails, we still consider the join
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index 93caf04..1e3e286 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -428,6 +428,11 @@ static int net_rpc_oldjoin(struct net_context *c, int argc, const char **argv)
r->out.netbios_domain_name);
}
+ /* print out informative error string in case there is one */
+ if (r->out.error_string != NULL) {
+ d_printf("%s\n", r->out.error_string);
+ }
+
TALLOC_FREE(mem_ctx);
return 0;
@@ -607,6 +612,11 @@ static int net_rpc_join_newstyle(struct net_context *c, int argc, const char **a
r->out.netbios_domain_name);
}
+ /* print out informative error string in case there is one */
+ if (r->out.error_string != NULL) {
+ d_printf("%s\n", r->out.error_string);
+ }
+
TALLOC_FREE(mem_ctx);
return 0;
diff --git a/source4/torture/raw/read.c b/source4/torture/raw/read.c
index 6abf08b..6160e3e 100644
--- a/source4/torture/raw/read.c
+++ b/source4/torture/raw/read.c
@@ -19,6 +19,7 @@
#include "includes.h"
#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
#include "system/time.h"
#include "system/filesys.h"
#include "libcli/libcli.h"
@@ -373,6 +374,8 @@ static bool test_readx(struct torture_context *tctx, struct smbcli_state *cli)
const char *fname = BASEDIR "\\test.txt";
const char *test_data = "TEST DATA";
unsigned int seed = time(NULL);
+ struct smbcli_request *smbreq = NULL;
+ unsigned int i;
buf = talloc_zero_array(tctx, uint8_t, maxsize);
@@ -422,6 +425,47 @@ static bool test_readx(struct torture_context *tctx, struct smbcli_state *cli)
smbcli_write(cli->tree, fnum, 0, test_data, 0, strlen(test_data));
+ printf("Checking reserved fields are [0]\n");
+ io.readx.in.file.fnum = fnum;
+ io.readx.in.offset = 0;
+ io.readx.in.remaining = 0;
+ io.readx.in.read_for_execute = false;
+ io.readx.in.mincnt = strlen(test_data);
+ io.readx.in.maxcnt = strlen(test_data);
+ smbreq = smb_raw_read_send(cli->tree, &io);
+ if (smbreq == NULL) {
+ ret = false;
+ torture_fail_goto(tctx, done, "smb_raw_read_send failed\n");
+ }
+ if (!smbcli_request_receive(smbreq) ||
+ smbcli_request_is_error(smbreq)) {
+ status = smbcli_request_destroy(smbreq);
+ torture_fail_goto(tctx, done, "receive failed\n");
+ }
+
+ if (smbreq->in.wct != 12) {
+ ret = false;
+ printf("Incorrect wct %u (should be 12)\n",
+ (unsigned int)smbreq->in.wct);
+ status = smbcli_request_destroy(smbreq);
+ torture_fail_goto(tctx, done, "bad wct\n");
+ }
+
+ /* Ensure VWV8 - WVW11 are zero. */
+ for (i = 8; i < 12; i++) {
+ uint16_t br = SVAL(smbreq->in.vwv, VWV(i));
+ if (br != 0) {
+ status = smbcli_request_destroy(smbreq);
+ ret = false;
+ printf("reserved field %u is %u not zero\n",
+ i,
+ (unsigned int)br);
+ torture_fail_goto(tctx, done, "bad reserved field\n");
+ }
+ }
+
+ smbcli_request_destroy(smbreq);
+
printf("Trying small read\n");
io.readx.in.file.fnum = fnum;
io.readx.in.offset = 0;
--
Samba Shared Repository
More information about the samba-cvs
mailing list