[SCM] Samba Shared Repository - branch v4-5-test updated
Karolin Seeger
kseeger at samba.org
Wed Jun 28 13:33:02 UTC 2017
The branch, v4-5-test has been updated
via 1329592 auth/ntlmssp: enforce NTLMSSP_NEGOTIATE_NTLM2 for the NTLMv2 client case
via ecdbe6e s3: smbd: fix regression with non-wide symlinks to directories over SMB3.
via bb6c6c6 s3: smbd: Add regression test for non-wide symlinks to directories fail over SMB3.
via f3e22f5 s3: smbd: When deleting an fsp pointer ensure we don't keep any references to it around.
from 17543bd ctdb-recovery: Do not run local ip verification when in recovery
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-5-test
- Log -----------------------------------------------------------------
commit 1329592cbe357c66c01d52aa07a324c531b546fa
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jun 24 13:16:03 2017 +0200
auth/ntlmssp: enforce NTLMSSP_NEGOTIATE_NTLM2 for the NTLMv2 client case
Some servers may not announce the NTLMSSP_NEGOTIATE_NTLM2
(a.k.a. NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY) bit.
But if we're acting as a client using NTLMv2 we need to
enforce this flag, because it's not really a negotiationable
in that case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12862
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 8ee4f8236830eb3fa1b273fa6927792a800f86bd)
Autobuild-User(v4-5-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-5-test): Wed Jun 28 15:32:51 CEST 2017 on sn-devel-144
commit ecdbe6e7b9bf25fd9a6813a3247386eb1eff2582
Author: Daniel Kobras <d.kobras at science-computing.de>
Date: Fri Jun 23 15:39:21 2017 +0200
s3: smbd: fix regression with non-wide symlinks to directories over SMB3.
The errno returned by open() is ambiguous when called with flags O_NOFOLLOW and
O_DIRECTORY on a symlink. With ELOOP, we know for certain that we've tried to
open a symlink. With ENOTDIR, we might have hit a symlink, and need to perform
further checks to be sure. Adjust non_widelink_open() accordingly. This fixes
a regression where symlinks to directories within the same share were no
longer followed for some call paths on systems returning ENOTDIR in the above
case.
Also remove the knownfail added in previous commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12860
Signed-off-by: Daniel Kobras <d.kobras at science-computing.de>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit acc16592b451905dabc093f1d261e93cd3b59520)
commit bb6c6c6353c4c0c0af91d55bb21c7069947572fe
Author: Jeremy Allison <jra at samba.org>
Date: Fri Jun 23 11:12:22 2017 -0700
s3: smbd: Add regression test for non-wide symlinks to directories fail over SMB3.
Mark as knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12860
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit f1f388ef80a6516c2f44b7778420f8ffe28c6471)
commit f3e22f561b09ab89b121032b7453cd2a7ec3ca3f
Author: Jeremy Allison <jra at samba.org>
Date: Tue Jun 20 11:20:38 2017 -0700
s3: smbd: When deleting an fsp pointer ensure we don't keep any references to it around.
Based on a suggestion from <lev at zadarastorage.com>
https://bugzilla.samba.org/show_bug.cgi?id=12818
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe at gmail.com>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Jun 22 00:12:49 CEST 2017 on sn-devel-144
-----------------------------------------------------------------------
Summary of changes:
auth/ntlmssp/ntlmssp_util.c | 21 ++++++++++++
selftest/target/Samba3.pm | 7 ++++
source3/script/tests/test_smbclient_s3.sh | 55 +++++++++++++++++++++++++++++++
source3/smbd/files.c | 4 +--
source3/smbd/open.c | 24 ++++++++++++--
5 files changed, 106 insertions(+), 5 deletions(-)
Changeset truncated at 500 lines:
diff --git a/auth/ntlmssp/ntlmssp_util.c b/auth/ntlmssp/ntlmssp_util.c
index 4ae6101..9c7325a 100644
--- a/auth/ntlmssp/ntlmssp_util.c
+++ b/auth/ntlmssp/ntlmssp_util.c
@@ -75,6 +75,27 @@ NTSTATUS ntlmssp_handle_neg_flags(struct ntlmssp_state *ntlmssp_state,
{
uint32_t missing_flags = ntlmssp_state->required_flags;
+ if (ntlmssp_state->use_ntlmv2) {
+ /*
+ * Using NTLMv2 as a client implies
+ * using NTLMSSP_NEGOTIATE_NTLM2
+ * (NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY)
+ *
+ * Note that 'use_ntlmv2' is only set
+ * true in the client case.
+ *
+ * Even if the server has a bug and does not announce
+ * it, we need to assume it's present.
+ *
+ * Note that we also have the flag
+ * in ntlmssp_state->required_flags,
+ * see gensec_ntlmssp_client_start().
+ *
+ * See bug #12862.
+ */
+ flags |= NTLMSSP_NEGOTIATE_NTLM2;
+ }
+
if (flags & NTLMSSP_NEGOTIATE_UNICODE) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_UNICODE;
ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_OEM;
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 1421b91..48a8973 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -1300,6 +1300,9 @@ sub provision($$$$$$$$)
my $nosymlinks_shrdir="$shrdir/nosymlinks";
push(@dirs,$nosymlinks_shrdir);
+ my $local_symlinks_shrdir="$shrdir/local_symlinks";
+ push(@dirs,$local_symlinks_shrdir);
+
# this gets autocreated by winbindd
my $wbsockdir="$prefix_abs/winbindd";
my $wbsockprivdir="$lockdir/winbindd_privileged";
@@ -1925,6 +1928,10 @@ sub provision($$$$$$$$)
copy = tmp
path = $nosymlinks_shrdir
follow symlinks = no
+[local_symlinks]
+ copy = tmp
+ path = $local_symlinks_shrdir
+ follow symlinks = yes
[kernel_oplocks]
copy = tmp
kernel oplocks = yes
diff --git a/source3/script/tests/test_smbclient_s3.sh b/source3/script/tests/test_smbclient_s3.sh
index be7aafb..ce1cb08 100755
--- a/source3/script/tests/test_smbclient_s3.sh
+++ b/source3/script/tests/test_smbclient_s3.sh
@@ -1215,6 +1215,57 @@ EOF
fi
}
+# Test we can follow normal symlinks.
+# Bug: https://bugzilla.samba.org/show_bug.cgi?id=12860
+# Note - this needs to be tested over SMB3, not SMB1.
+
+test_local_symlinks()
+{
+# Setup test dirs.
+ LOCAL_RAWARGS="${CONFIGURATION} -mSMB3"
+ LOCAL_ADDARGS="${LOCAL_RAWARGS} $*"
+
+ test_dir="$LOCAL_PATH/local_symlinks/test"
+
+ slink_name="$test_dir/sym_name"
+ slink_target_dir="$test_dir/dir1"
+
+ rm -rf $test_dir
+
+ mkdir -p $test_dir
+ mkdir $slink_target_dir
+ ln -s $slink_target_dir $slink_name
+
+# Can we cd into the symlink name and ls ?
+ tmpfile=$PREFIX/smbclient_interactive_prompt_commands
+ cat > $tmpfile <<EOF
+cd test\\sym_name
+ls
+quit
+EOF
+ cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$USERNAME%$PASSWORD //$SERVER/local_symlinks -I $SERVER_IP $LOCAL_ADDARGS < $tmpfile 2>&1'
+ eval echo "$cmd"
+ out=`eval $cmd`
+ ret=$?
+ rm -f $tmpfile
+
+ if [ $ret -ne 0 ] ; then
+ echo "$out"
+ echo "failed accessing local_symlinks with error $ret"
+ false
+ return
+ fi
+
+ echo "$out" | grep 'NT_STATUS_'
+ ret=$?
+ if [ $ret -eq 0 ] ; then
+ echo "$out"
+ echo "failed - got an NT_STATUS error"
+ false
+ return
+ fi
+}
+
LOGDIR_PREFIX=test_smbclient_s3
# possibly remove old logdirs:
@@ -1318,6 +1369,10 @@ testit "follow symlinks = no" \
test_nosymlinks || \
failed=`expr $failed + 1`
+testit "follow local symlinks" \
+ test_local_symlinks || \
+ failed=`expr $failed + 1`
+
testit "rm -rf $LOGDIR" \
rm -rf $LOGDIR || \
failed=`expr $failed + 1`
diff --git a/source3/smbd/files.c b/source3/smbd/files.c
index 6d0f05b..303ab7b 100644
--- a/source3/smbd/files.c
+++ b/source3/smbd/files.c
@@ -552,9 +552,7 @@ void file_free(struct smb_request *req, files_struct *fsp)
* Clear all possible chained fsp
* pointers in the SMB2 request queue.
*/
- if (req != NULL && req->smb2req) {
- remove_smb2_chained_fsp(fsp);
- }
+ remove_smb2_chained_fsp(fsp);
/* Drop all remaining extensions. */
vfs_remove_all_fsp_extensions(fsp);
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 3368bae..c96bc9b 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -579,7 +579,18 @@ static int non_widelink_open(struct connection_struct *conn,
if (fd == -1) {
saved_errno = link_errno_convert(errno);
- if (saved_errno == ELOOP) {
+ /*
+ * Trying to open a symlink to a directory with O_NOFOLLOW and
+ * O_DIRECTORY can return either of ELOOP and ENOTDIR. So
+ * ENOTDIR really means: might be a symlink, but we're not sure.
+ * In this case, we just assume there's a symlink. If we were
+ * wrong, process_symlink_open() will return EINVAL. We check
+ * this below, and fall back to returning the initial
+ * saved_errno.
+ *
+ * BUG: https://bugzilla.samba.org/show_bug.cgi?id=12860
+ */
+ if (saved_errno == ELOOP || saved_errno == ENOTDIR) {
if (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) {
/* Never follow symlinks on posix open. */
goto out;
@@ -589,7 +600,7 @@ static int non_widelink_open(struct connection_struct *conn,
goto out;
}
/*
- * We have a symlink. Follow in userspace
+ * We may have a symlink. Follow in userspace
* to ensure it's under the share definition.
*/
fd = process_symlink_open(conn,
@@ -600,6 +611,15 @@ static int non_widelink_open(struct connection_struct *conn,
mode,
link_depth);
if (fd == -1) {
+ if (saved_errno == ENOTDIR &&
+ errno == EINVAL) {
+ /*
+ * O_DIRECTORY on neither a directory,
+ * nor a symlink. Just return
+ * saved_errno from initial open()
+ */
+ goto out;
+ }
saved_errno =
link_errno_convert(errno);
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list