[SCM] Samba Shared Repository - branch v4-4-test updated

Karolin Seeger kseeger at samba.org
Mon Mar 6 15:03:02 UTC 2017 

The branch, v4-4-test has been updated
       via  083ff22 s3: smbd: Restart reading the incoming SMB2 fd when the send queue is drained.
       via  3f71253 s3:winbindd: fix endless forest trust scan
       via  0915fd4 vfs_fruit: only veto AppleDouble files with fruit:resource=file
      from  38d0286 VERSION: Bump version up to 4.4.11...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-4-test


- Log -----------------------------------------------------------------
commit 083ff22e0a89b6efb982c750c3ebb39130626516
Author: Jeremy Allison <jra at samba.org>
Date:   Thu Mar 2 09:13:23 2017 -0800

    s3: smbd: Restart reading the incoming SMB2 fd when the send queue is drained.
    
    When the send queue grows greater than xconn->smb2.credits.max/16,
    smbd_smb2_request_next_incoming() doesn't allocate a new request in state->req.
    
    After smbd_smb2_io_handler() is called, it marks the fd not readable as
    state->req == NULL, and never marks it readable again.
    
    Fix by calling smbd_smb2_request_next_incoming() to restart
    reads inside smbd_smb2_flush_send_queue() which drains the
    send queue.
    
    Reported by <chen.yehua at h3c.com>
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12608
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    
    Autobuild-User(master): Ralph Böhme <slow at samba.org>
    Autobuild-Date(master): Fri Mar  3 02:23:20 CET 2017 on sn-devel-144
    
    (cherry picked from commit 1e0c79ddb34be9a2b9fa92d35387c443c4a381ae)
    
    Autobuild-User(v4-4-test): Karolin Seeger <kseeger at samba.org>
    Autobuild-Date(v4-4-test): Mon Mar  6 16:02:16 CET 2017 on sn-devel-144

commit 3f71253ae50d4d51d24956245b254fb8c9fa5f1d
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Mar 2 08:13:57 2017 +0100

    s3:winbindd: fix endless forest trust scan
    
    Commit 0392ebcd1d48e9f472f2148b85316a77d9cc953b effectively
    disabled the enumeration of trusts in other forests.
    
    The fixes for https://bugzilla.samba.org/show_bug.cgi?id=11691
    changed the way we fill domain->domain_flags for domains
    in other forests.
    
    Commit fffefe72fcc62d9688b45f53a5327667dc0b2fe6 readded the
    ability to enumerate trusts of other forests again, in order to
    fix https://bugzilla.samba.org/show_bug.cgi?id=11830
    
    Now we have the problem that multiple domains
    (even outside of our forest) are considert to be
    our forest root, as they have the following flags:
    NETR_TRUST_FLAG_TREEROOT and NETR_TRUST_FLAG_IN_FOREST.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12605
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    
    Autobuild-User(master): Ralph Böhme <slow at samba.org>
    Autobuild-Date(master): Thu Mar  2 17:53:14 CET 2017 on sn-devel-144
    
    (cherry picked from commit f9aaddcdd8f9ea648c9c5ea804f56ee3ff6c4c67)

commit 0915fd4e840311ae45a71f71e14462314a27240a
Author: Ralph Boehme <slow at samba.org>
Date:   Thu Jan 19 09:30:45 2017 +0100

    vfs_fruit: only veto AppleDouble files with fruit:resource=file
    
    vfs_fruit only creates AppleDouble files itself when "fruit:resource" is
    set to "file" (the default). It is only then the these AppleDouble files
    should be treated as an internal representation and should be
    inaccessible from clients.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=12526>
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Uri Simchoni <uri at samba.org>
    (cherry picked from commit 708767da8c366c021d6d15a3ae71d009357c3320)

-----------------------------------------------------------------------

Summary of changes:
 docs-xml/manpages/vfs_fruit.8.xml | 12 ++++++++----
 source3/modules/vfs_fruit.c       |  9 ++++++---
 source3/smbd/smb2_server.c        | 14 +++++++++++++-
 source3/winbindd/winbindd_ads.c   |  8 ++++++++
 source3/winbindd/winbindd_util.c  | 22 ++++++++++++++++++++++
 5 files changed, 57 insertions(+), 8 deletions(-)


Changeset truncated at 500 lines:

diff --git a/docs-xml/manpages/vfs_fruit.8.xml b/docs-xml/manpages/vfs_fruit.8.xml
index 0f4d941..966bf10 100644
--- a/docs-xml/manpages/vfs_fruit.8.xml
+++ b/docs-xml/manpages/vfs_fruit.8.xml
@@ -223,10 +223,14 @@
 	  <varlistentry>
 	    <term>fruit:veto_appledouble = yes | no</term>
 	    <listitem>
-	      <para>Whether ._ AppleDouble files are vetoed which
-	      prevents the client from seing and accessing internal
-	      AppleDouble files created by vfs_fruit itself for the
-	      purpose of storing a Mac resource fork.</para>
+	      <para><emphasis>Note:</emphasis> this option only applies when
+	      <parameter>fruit:resource</parameter> is set to
+	      <parameter>file</parameter> (the default).</para>
+
+	      <para>When <parameter>fruit:resource</parameter> is set to
+	      <parameter>file</parameter>, vfs_fruit may create ._ AppleDouble
+	      files. This options controls whether these ._ AppleDouble files
+	      are vetoed which prevents the client from accessing them.</para>
 	      <para>Vetoing ._ files may break some applications, eg
 	      extracting Mac ZIP archives from Mac clients failes,
 	      because they contain ._ files. Setting this option to
diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
index ecd150e..10334ff 100644
--- a/source3/modules/vfs_fruit.c
+++ b/source3/modules/vfs_fruit.c
@@ -1343,9 +1343,12 @@ static int init_fruit_config(vfs_handle_struct *handle)
 	}
 	config->encoding = (enum fruit_encoding)enumval;
 
-	config->veto_appledouble = lp_parm_bool(
-		SNUM(handle->conn), FRUIT_PARAM_TYPE_NAME,
-		"veto_appledouble", true);
+	if (config->rsrc == FRUIT_RSRC_ADFILE) {
+		config->veto_appledouble = lp_parm_bool(SNUM(handle->conn),
+							FRUIT_PARAM_TYPE_NAME,
+							"veto_appledouble",
+							true);
+	}
 
 	config->use_aapl = lp_parm_bool(
 		-1, FRUIT_PARAM_TYPE_NAME, "aapl", true);
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 8a4aa96..e1a24f6 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -3567,6 +3567,7 @@ static NTSTATUS smbd_smb2_flush_send_queue(struct smbXsrv_connection *xconn)
 	int ret;
 	int err;
 	bool retry;
+	NTSTATUS status;
 
 	if (xconn->smb2.send_queue == NULL) {
 		TEVENT_FD_NOT_WRITEABLE(xconn->transport.fde);
@@ -3578,11 +3579,12 @@ static NTSTATUS smbd_smb2_flush_send_queue(struct smbXsrv_connection *xconn)
 		bool ok;
 
 		if (e->sendfile_header != NULL) {
-			NTSTATUS status = NT_STATUS_INTERNAL_ERROR;
 			size_t size = 0;
 			size_t i = 0;
 			uint8_t *buf;
 
+			status = NT_STATUS_INTERNAL_ERROR;
+
 			for (i=0; i < e->count; i++) {
 				size += e->vector[i].iov_len;
 			}
@@ -3654,6 +3656,16 @@ static NTSTATUS smbd_smb2_flush_send_queue(struct smbXsrv_connection *xconn)
 		talloc_free(e->mem_ctx);
 	}
 
+	/*
+	 * Restart reads if we were blocked on
+	 * draining the send queue.
+	 */
+
+	status = smbd_smb2_request_next_incoming(xconn);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
 	return NT_STATUS_OK;
 }
 
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index 808986d..125534f 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -1697,6 +1697,14 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
 			}
 			TALLOC_FREE(parent);
 
+			/*
+			 * We need to pass the modified properties
+			 * to the caller.
+			 */
+			trust->trust_flags = d.domain_flags;
+			trust->trust_type = d.domain_type;
+			trust->trust_attributes = d.domain_trust_attribs;
+
 			wcache_tdc_add_domain( &d );
 			ret_count++;
 		}
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index bb8bce4..0d7e728 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -345,6 +345,20 @@ static void trustdom_list_done(struct tevent_req *req)
 	char *p;
 	struct winbindd_tdc_domain trust_params = {0};
 	ptrdiff_t extra_len;
+	bool within_forest = false;
+
+	/*
+	 * Only when we enumerate our primary domain
+	 * or our forest root domain, we should keep
+	 * the NETR_TRUST_FLAG_IN_FOREST flag, in
+	 * all other cases we need to clear it as the domain
+	 * is not part of our forest.
+	 */
+	if (state->domain->primary) {
+		within_forest = true;
+	} else if (domain_is_forest_root(state->domain)) {
+		within_forest = true;
+	}
 
 	res = wb_domain_request_recv(req, state, &response, &err);
 	if ((res == -1) || (response->result != WINBINDD_OK)) {
@@ -429,6 +443,14 @@ static void trustdom_list_done(struct tevent_req *req)
 
 		trust_params.trust_attribs = (uint32_t)strtoul(q, NULL, 10);
 
+		if (!within_forest) {
+			trust_params.trust_flags &= ~NETR_TRUST_FLAG_IN_FOREST;
+		}
+
+		if (!state->domain->primary) {
+			trust_params.trust_flags &= ~NETR_TRUST_FLAG_PRIMARY;
+		}
+
 		/*
 		 * We always call add_trusted_domain() cause on an existing
 		 * domain structure, it will update the SID if necessary.


-- 
Samba Shared Repository

More information about the samba-cvs mailing list