[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Sat Apr 8 00:39:02 UTC 2017
The branch, master has been updated
via 5b4a1b6 docs: fixup smbclient rename -f option
via 8dfbba5 winbindd: error handling in rpc_lookup_sids()
via 416c74e s3/rpc_client: lookupsids error handling of NT_STATUS_NONE_MAPPED
via 0e7e4eb s3/rpc_client: use NT_STATUS_LOOKUP_ERR
via fc37c73 s3/include: add NT_STATUS_LOOKUP_ERR
via 893fc5a s4/torture: vfs_fruit: test for bug 12565
via a36de8b vfs_fruit: resource fork open request with flags=O_CREAT|O_RDONLY
via baa3e71 smbd: Fix smb1 findfirst with DFS
from 94e2aa7 WHATSNEW: Deprecate "auth methods" and "map untrusted to domain"
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 5b4a1b628ecf533374f57c8cdda8fc0f9f38d496
Author: Uri Simchoni <uri at samba.org>
Date: Fri Apr 7 21:10:47 2017 +0300
docs: fixup smbclient rename -f option
Fixup documentation of new -f option of the smbclient
rename command. This command is supported by SMB1 and
SMB2.
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Apr 8 02:38:16 CEST 2017 on sn-devel-144
commit 8dfbba59d768b10f6b088cfc49e5dbe6de4834e1
Author: Ralph Boehme <slow at samba.org>
Date: Sun Mar 26 08:22:13 2017 +0200
winbindd: error handling in rpc_lookup_sids()
NT_STATUS_NONE_MAPPED and NT_STATUS_SOME_NOT_MAPPED should not be
treated as fatal error. We should continue processing the results and
not bail out.
In case we got NT_STATUS_NONE_MAPPED we must have to ensure all
lsa_TranslatedName are of type SID_NAME_UNKNOWN.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12728
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 416c74e8c89dc2fb2083beaaa9ac8a6e975ec873
Author: Ralph Boehme <slow at samba.org>
Date: Sat Apr 1 16:51:07 2017 +0200
s3/rpc_client: lookupsids error handling of NT_STATUS_NONE_MAPPED
NT_STATUS_NONE_MAPPED is not a fatal error, it just means we must return
all lsa_TranslatedName's as type SID_NAME_UNKNOWN.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12728
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 0e7e4ebad31caa1ccb392f2fe20c67929149b8c9
Author: Ralph Boehme <slow at samba.org>
Date: Sat Apr 1 16:56:39 2017 +0200
s3/rpc_client: use NT_STATUS_LOOKUP_ERR
No change in behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12728
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit fc37c7327dc7e4ad4405e324fc88d4bbf9b6ef9e
Author: Ralph Boehme <slow at samba.org>
Date: Sat Apr 1 16:44:45 2017 +0200
s3/include: add NT_STATUS_LOOKUP_ERR
Useful helper macro to check the return value of LSA and SAMR
translations.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12728
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 893fc5abbe0a1b63ebd81f442a8d544572ed76a9
Author: Ralph Boehme <slow at samba.org>
Date: Tue Feb 7 15:13:15 2017 +0100
s4/torture: vfs_fruit: test for bug 12565
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12565
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit a36de8b81aa88c31450e68ec54d6b659b1693878
Author: Ralph Boehme <slow at samba.org>
Date: Tue Feb 7 07:44:40 2017 +0100
vfs_fruit: resource fork open request with flags=O_CREAT|O_RDONLY
When receiving an SMB create request with read-only access mode and
open_if disposition, we end of calling the open() function with
flags=O_CREAT|O_RDONLY for the ._ AppleDouble file.
If the file doesn't exist, ie there's currently no rsrc stream, we create
it but then we fail to write the AppleDouble header into the file due to
the O_RDONLY open mode, leaving a 0 byte size ._ file.
Running this create requests against macOS SMB server yields an
interesting result: it returns NT_STATUS_OBJECT_NAME_NOT_FOUND even
though create dispotion is open_if. Another instance where the macOS SMB
server just exposes FSA behaviour (ie HFS+) and we have to adapt to be
compatible.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12565
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit baa3e71f7968ec3239d80d7602839c2d7c2de74f
Author: Volker Lendecke <vl at samba.org>
Date: Thu Apr 6 22:12:36 2017 +0200
smbd: Fix smb1 findfirst with DFS
9377f3bce should have changed the callers of dfs_path_lookup. It now
takes a uint32_t ucf_flags, not a boolean anymore.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12558
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages/smbclient.1.xml | 6 ++--
source3/include/lsa.h | 4 +++
source3/modules/vfs_fruit.c | 14 ++++++++
source3/rpc_client/cli_lsarpc.c | 8 ++---
source3/smbd/msdfs.c | 4 +--
source3/winbindd/winbindd_rpc.c | 9 ++---
source4/torture/vfs/fruit.c | 73 ++++++++++++++++++++++++++++++++++++++-
7 files changed, 103 insertions(+), 15 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages/smbclient.1.xml b/docs-xml/manpages/smbclient.1.xml
index 059e14c..2b712fe 100644
--- a/docs-xml/manpages/smbclient.1.xml
+++ b/docs-xml/manpages/smbclient.1.xml
@@ -1004,9 +1004,9 @@
<listitem><para>Rename files in the current working directory on the
server from <replaceable>old filename</replaceable> to
<replaceable>new filename</replaceable>. The optional
- -f switch is supported only by SMB2 protocol and beyond,
- and allows for superseding the destination file,
- if it exists.</para></listitem>
+ -f switch allows for superseding the destination file,
+ if it exists. This is supported by NT1 protocol dialect
+ and SMB2 protocol family.</para></listitem>
</varlistentry>
<varlistentry>
diff --git a/source3/include/lsa.h b/source3/include/lsa.h
index 7681aed..c23e942 100644
--- a/source3/include/lsa.h
+++ b/source3/include/lsa.h
@@ -22,4 +22,8 @@ int init_lsa_ref_domain_list(TALLOC_CTX *mem_ctx,
const char *dom_name,
struct dom_sid *dom_sid);
+#define NT_STATUS_LOOKUP_ERR(status) \
+ (!NT_STATUS_IS_OK(status) && \
+ !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED) && \
+ !NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED))
#endif
diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
index 0b5558a..b747145 100644
--- a/source3/modules/vfs_fruit.c
+++ b/source3/modules/vfs_fruit.c
@@ -2970,6 +2970,20 @@ static int fruit_open_rsrc(vfs_handle_struct *handle,
SMB_VFS_HANDLE_GET_DATA(handle, config,
struct fruit_config_data, return -1);
+ if (((flags & O_ACCMODE) == O_RDONLY)
+ && (flags & O_CREAT)
+ && !VALID_STAT(fsp->fsp_name->st))
+ {
+ /*
+ * This means the stream doesn't exist. macOS SMB server fails
+ * this with NT_STATUS_OBJECT_NAME_NOT_FOUND, so must we. Cf bug
+ * 12565 and the test for this combination in
+ * test_rfork_create().
+ */
+ errno = ENOENT;
+ return -1;
+ }
+
switch (config->rsrc) {
case FRUIT_RSRC_STREAM:
fd = SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode);
diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c
index 518489a..41c1ef4 100644
--- a/source3/rpc_client/cli_lsarpc.c
+++ b/source3/rpc_client/cli_lsarpc.c
@@ -28,6 +28,7 @@
#include "rpc_client/cli_lsarpc.h"
#include "rpc_client/init_lsa.h"
#include "../libcli/security/security.h"
+#include "lsa.h"
/** @defgroup lsa LSA - Local Security Architecture
* @ingroup rpc_client
@@ -221,7 +222,7 @@ static NTSTATUS dcerpc_lsa_lookup_sids_noalloc(struct dcerpc_binding_handle *h,
return status;
}
- if(!NT_STATUS_IS_ERR(result)) {
+ if (!NT_STATUS_LOOKUP_ERR(result)) {
lsa_names.count = lsa_names2.count;
lsa_names.names = talloc_array(mem_ctx,
struct lsa_TranslatedName,
@@ -256,10 +257,7 @@ static NTSTATUS dcerpc_lsa_lookup_sids_noalloc(struct dcerpc_binding_handle *h,
return status;
}
- if (!NT_STATUS_IS_OK(result) &&
- !NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED) &&
- !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED))
- {
+ if (NT_STATUS_LOOKUP_ERR(result)) {
*presult = result;
return status;
}
diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c
index 51e3dff..61538ce 100644
--- a/source3/smbd/msdfs.c
+++ b/source3/smbd/msdfs.c
@@ -888,7 +888,7 @@ static NTSTATUS dfs_redirect(TALLOC_CTX *ctx,
}
status = dfs_path_lookup(ctx, conn, path_in, pdp,
- search_wcard_flag, NULL, NULL);
+ ucf_flags, NULL, NULL);
if (!NT_STATUS_IS_OK(status)) {
if (NT_STATUS_EQUAL(status, NT_STATUS_PATH_NOT_COVERED)) {
DEBUG(3,("dfs_redirect: Redirecting %s\n", path_in));
@@ -1073,7 +1073,7 @@ NTSTATUS get_referred_path(TALLOC_CTX *ctx,
* NT_STATUS_PATH_NOT_COVERED. */
status = dfs_path_lookup(ctx, conn, dfs_path, pdp,
- False, consumedcntp, &targetpath);
+ 0, consumedcntp, &targetpath);
if (!NT_STATUS_EQUAL(status, NT_STATUS_PATH_NOT_COVERED)) {
DEBUG(3,("get_referred_path: No valid referrals for path %s\n",
diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
index 3dd4f77..0023e2a 100644
--- a/source3/winbindd/winbindd_rpc.c
+++ b/source3/winbindd/winbindd_rpc.c
@@ -32,6 +32,7 @@
#include "rpc_client/cli_samr.h"
#include "rpc_client/cli_lsarpc.h"
#include "../libcli/security/security.h"
+#include "lsa.h"
/* Query display info for a domain */
NTSTATUS rpc_query_user_list(TALLOC_CTX *mem_ctx,
@@ -981,7 +982,7 @@ static NTSTATUS rpc_try_lookup_sids3(TALLOC_CTX *mem_ctx,
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- if (NT_STATUS_IS_ERR(result)) {
+ if (NT_STATUS_LOOKUP_ERR(result)) {
return result;
}
if (sids->num_sids != lsa_names2.count) {
@@ -1010,7 +1011,7 @@ static NTSTATUS rpc_try_lookup_sids3(TALLOC_CTX *mem_ctx,
return NT_STATUS_INVALID_NETWORK_RESPONSE;
}
}
- return result;
+ return NT_STATUS_OK;
}
NTSTATUS rpc_lookup_sids(TALLOC_CTX *mem_ctx,
@@ -1043,7 +1044,7 @@ NTSTATUS rpc_lookup_sids(TALLOC_CTX *mem_ctx,
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- if (NT_STATUS_IS_ERR(result)) {
+ if (NT_STATUS_LOOKUP_ERR(result)) {
return result;
}
@@ -1063,5 +1064,5 @@ NTSTATUS rpc_lookup_sids(TALLOC_CTX *mem_ctx,
}
}
- return result;
+ return NT_STATUS_OK;
}
diff --git a/source4/torture/vfs/fruit.c b/source4/torture/vfs/fruit.c
index 857e738..5182c00 100644
--- a/source4/torture/vfs/fruit.c
+++ b/source4/torture/vfs/fruit.c
@@ -1814,6 +1814,77 @@ done:
return ret;
}
+static bool test_rfork_create_ro(struct torture_context *tctx,
+ struct smb2_tree *tree)
+{
+ TALLOC_CTX *mem_ctx = talloc_new(tctx);
+ const char *fname = BASEDIR "\\torture_rfork_create";
+ const char *rfork = BASEDIR "\\torture_rfork_create" AFPRESOURCE_STREAM;
+ NTSTATUS status;
+ struct smb2_handle testdirh;
+ bool ret = true;
+ struct smb2_create create;
+
+ smb2_util_unlink(tree, fname);
+ status = torture_smb2_testdir(tree, BASEDIR, &testdirh);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "torture_smb2_testdir\n");
+ smb2_util_close(tree, testdirh);
+
+ ret = torture_setup_file(mem_ctx, tree, fname, false);
+ if (ret == false) {
+ goto done;
+ }
+
+ torture_comment(tctx, "(%s) Try opening read-only with "
+ "open_if create disposition, should return ENOENT\n",
+ __location__);
+
+ ZERO_STRUCT(create);
+ create.in.fname = rfork;
+ create.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+ create.in.desired_access = SEC_FILE_READ_DATA | SEC_STD_READ_CONTROL;
+ create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+ create.in.share_access = FILE_SHARE_READ | FILE_SHARE_DELETE;
+ status = smb2_create(tree, mem_ctx, &(create));
+ torture_assert_ntstatus_equal_goto(tctx, status,
+ NT_STATUS_OBJECT_NAME_NOT_FOUND,
+ ret, done, "smb2_create failed\n");
+
+ torture_comment(tctx, "(%s) Now write something to the "
+ "rsrc stream, then the same open should succeed\n",
+ __location__);
+
+ ret = write_stream(tree, __location__, tctx, mem_ctx,
+ fname, AFPRESOURCE_STREAM_NAME,
+ 0, 3, "foo");
+ torture_assert_goto(tctx, ret == true, ret, done,
+ "write_stream failed\n");
+
+ ret = check_stream(tree, __location__, tctx, mem_ctx,
+ fname, AFPRESOURCE_STREAM,
+ 0, 3, 0, 3, "foo");
+ torture_assert_goto(tctx, ret == true, ret, done, "check_stream");
+
+ ZERO_STRUCT(create);
+ create.in.fname = rfork;
+ create.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+ create.in.desired_access = SEC_FILE_READ_DATA | SEC_STD_READ_CONTROL;
+ create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+ create.in.share_access = FILE_SHARE_READ | FILE_SHARE_DELETE;
+ status = smb2_create(tree, mem_ctx, &(create));
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "smb2_create failed\n");
+
+ smb2_util_close(tree, create.out.file.handle);
+
+done:
+ smb2_util_unlink(tree, fname);
+ smb2_deltree(tree, BASEDIR);
+ talloc_free(mem_ctx);
+ return ret;
+}
+
static bool test_adouble_conversion(struct torture_context *tctx,
struct smb2_tree *tree)
{
@@ -4007,8 +4078,8 @@ struct torture_suite *torture_vfs_fruit(void)
torture_suite_add_1smb2_test(suite, "delete", test_delete_file_with_rfork);
torture_suite_add_1smb2_test(suite, "read open rsrc after rename", test_rename_and_read_rsrc);
torture_suite_add_1smb2_test(suite, "readdir_attr with names with illegal ntfs characters", test_readdir_attr_illegal_ntfs);
-
torture_suite_add_2ns_smb2_test(suite, "invalid AFP_AfpInfo", test_invalid_afpinfo);
+ torture_suite_add_1smb2_test(suite, "creating rsrc with read-only access", test_rfork_create_ro);
return suite;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list