[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Tue Nov 28 01:03:02 UTC 2017
The branch, master has been updated
via deaaff6 s3/loadparm: don't mark IPC$ as autoloaded
via ea4e6f9 s3/loadparm: ensure default service options are not changed
via 1fc1035 s3/loadparm: allocate a fresh sDefault object per lp_ctx
via 81e9ae1 smbstatus: correctly denote not fully authenticated sessions
via eb6dd7d s3/smbstatus: add a NULL check
from aace1f8 lib: Fix a typo
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit deaaff6843159f02bb15aeaf457f8af305e40164
Author: Ralph Boehme <slow at samba.org>
Date: Tue Nov 21 14:34:28 2017 +0100
s3/loadparm: don't mark IPC$ as autoloaded
A related problem that affects configuration for the hidden IPC$
share. This share is marked a "autoloaded" and such shares are not
reloaded when requested. That resulted in the tcon to IPC$ still using
encrpytion after running the following sequence of changes:
1. stop Samba
2. set [global] smb encrypt = required
3. start Samba
4. remove [global] smb encrypt = required
5. smbcontrol smbd reload-config
6a bin/smbclient -U slow%x //localhost/raw -c quit, or
6b bin/smbclient -U slow%x -mNT1 //localhost/raw -c ls
In 6a the client simply encrypted packets on the IPC$ tcon. In 6b the
client got a tcon failure with NT_STATUS_ACCESS_DENIED, but silently
ignore the error.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13051
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Nov 28 02:02:37 CET 2017 on sn-devel-144
commit ea4e6f95ae5c97e8570b8090ee7e7a577b49a8c3
Author: Ralph Boehme <slow at samba.org>
Date: Tue Nov 21 14:28:48 2017 +0100
s3/loadparm: ensure default service options are not changed
Rename sDefault to _sDefault and make it const. sDefault is make a copy
of _sDefault in in the initialisation function lp_load_ex().
As we may end up in setup_lp_context() without going through
lp_load_ex(), sDefault may still be uninitialized at that point, so I'm
initializing lp_ctx->sDefault from _sDefault.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13051
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 1fc103547023aa1c880713e5b65ec164acb58b54
Author: Ralph Boehme <slow at samba.org>
Date: Wed Nov 22 11:49:57 2017 +0100
s3/loadparm: allocate a fresh sDefault object per lp_ctx
This is in preperation of preventing direct access to sDefault in all
places that currently modify it.
As currently s3/loadparm is afaict not accessing lp_ctx->sDefault, but
changes sDefault indirectly through lp_parm_ptr() this change is just a
safety measure to prevent future breakage.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13051
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 81e9ae1368c34bf59d0a100c9f03ea67d64f2979
Author: Ralph Boehme <slow at samba.org>
Date: Tue Jul 4 12:22:00 2017 +0200
smbstatus: correctly denote not fully authenticated sessions
Currently for sessions where authentication is still in progress we
print uid and gid as -1.
With this change we nicely list them like this:
PID Username Group Machine Protocol Version ....
6604 (auth in progress) 127.0.0.1 (ipv4:127.0.0.1:47930) SMB3_11 ....
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit eb6dd7dc29a9b89d155d987331aaa79fd4c9a9bb
Author: Ralph Boehme <slow at samba.org>
Date: Wed Nov 22 10:43:19 2017 +0100
s3/smbstatus: add a NULL check
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/param/loadparm.c | 20 +++++++++++++++---
source3/utils/status.c | 55 +++++++++++++++++++++++++++++++-----------------
2 files changed, 53 insertions(+), 22 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index d346324..01c022e 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -111,7 +111,7 @@ static bool defaults_saved = false;
static struct loadparm_global Globals;
/* This is a default service used to prime a services structure */
-static struct loadparm_service sDefault =
+static const struct loadparm_service _sDefault =
{
.valid = true,
.autoloaded = false,
@@ -249,6 +249,12 @@ static struct loadparm_service sDefault =
.dummy = ""
};
+/*
+ * This is a copy of the default service structure. Service options in the
+ * global section would otherwise overwrite the initial default values.
+ */
+static struct loadparm_service sDefault;
+
/* local variables */
static struct loadparm_service **ServicePtrs = NULL;
static int iNumServices = 0;
@@ -968,7 +974,14 @@ static struct loadparm_context *setup_lp_context(TALLOC_CTX *mem_ctx)
return NULL;
}
- lp_ctx->sDefault = &sDefault;
+ lp_ctx->sDefault = talloc_zero(lp_ctx, struct loadparm_service);
+ if (lp_ctx->sDefault == NULL) {
+ DBG_ERR("talloc_zero failed\n");
+ TALLOC_FREE(lp_ctx);
+ return NULL;
+ }
+
+ *lp_ctx->sDefault = _sDefault;
lp_ctx->services = NULL; /* We do not want to access this directly */
lp_ctx->bInGlobalSection = bInGlobalSection;
lp_ctx->flags = flags_list;
@@ -1600,7 +1613,7 @@ static bool lp_add_ipc(const char *ipc_name, bool guest_ok)
ServicePtrs[i]->guest_ok = guest_ok;
ServicePtrs[i]->printable = false;
ServicePtrs[i]->browseable = sDefault.browseable;
- ServicePtrs[i]->autoloaded = true;
+ ServicePtrs[i]->autoloaded = false;
DEBUG(3, ("adding IPC service\n"));
@@ -3858,6 +3871,7 @@ static bool lp_load_ex(const char *pszFname,
bInGlobalSection = true;
bGlobalOnly = global_only;
bAllowIncludeRegistry = allow_include_registry;
+ sDefault = _sDefault;
lp_ctx = setup_lp_context(talloc_tos());
diff --git a/source3/utils/status.c b/source3/utils/status.c
index abc0d26..dfb1d92 100644
--- a/source3/utils/status.c
+++ b/source3/utils/status.c
@@ -365,7 +365,7 @@ static int traverse_sessionid(const char *key, struct sessionid *session,
void *private_data)
{
TALLOC_CTX *mem_ctx = (TALLOC_CTX *)private_data;
- fstring uid_str, gid_str;
+ fstring uid_gid_str;
struct server_id_buf tmp;
char *machine_hostname = NULL;
int result = 0;
@@ -380,23 +380,40 @@ static int traverse_sessionid(const char *key, struct sessionid *session,
Ucrit_addPid(session->pid);
- fstrcpy(uid_str, "-1");
-
- if (session->uid != -1) {
- if (numeric_only) {
- fstr_sprintf(uid_str, "%u", (unsigned int)session->uid);
- } else {
- fstrcpy(uid_str, uidtoname(session->uid));
- }
- }
-
- fstrcpy(gid_str, "-1");
-
- if (session->gid != -1) {
- if (numeric_only) {
- fstr_sprintf(gid_str, "%u", (unsigned int)session->gid);
+ if (numeric_only) {
+ fstr_sprintf(uid_gid_str, "%-12u %-12u",
+ (unsigned int)session->uid,
+ (unsigned int)session->gid);
+ } else {
+ if (session->uid == -1 && session->gid == -1) {
+ /*
+ * The session is not fully authenticated yet.
+ */
+ fstrcpy(uid_gid_str, "(auth in progress)");
} else {
- fstrcpy(gid_str, gidtoname(session->gid));
+ /*
+ * In theory it should not happen that one of
+ * session->uid and session->gid is valid (ie != -1)
+ * while the other is not (ie = -1), so we a check for
+ * that case that bails out would be reasonable.
+ */
+ const char *uid_name = "-1";
+ const char *gid_name = "-1";
+
+ if (session->uid != -1) {
+ uid_name = uidtoname(session->uid);
+ if (uid_name == NULL) {
+ return -1;
+ }
+ }
+ if (session->gid != -1) {
+ gid_name = gidtoname(session->gid);
+ if (gid_name == NULL) {
+ return -1;
+ }
+ }
+ fstr_sprintf(uid_gid_str, "%-12s %-12s",
+ uid_name, gid_name);
}
}
@@ -457,9 +474,9 @@ static int traverse_sessionid(const char *key, struct sessionid *session,
}
- d_printf("%-7s %-12s %-12s %-41s %-17s %-20s %-21s\n",
+ d_printf("%-7s %-25s %-41s %-17s %-20s %-21s\n",
server_id_str_buf(session->pid, &tmp),
- uid_str, gid_str,
+ uid_gid_str,
machine_hostname,
session_dialect_str(session->connection_dialect),
encryption,
--
Samba Shared Repository
More information about the samba-cvs
mailing list