[SCM] Samba Shared Repository - branch v4-9-test updated

Karolin Seeger kseeger at samba.org
Mon Jan 14 12:35:07 UTC 2019


The branch, v4-9-test has been updated
       via  0a3a26179f8 s3: net: Do not set NET_FLAGS_ANONYMOUS with -k
       via  d94403d1dc7 s3-vfs-fruit: add close call
       via  16bd1112e2a s3-vfs-streams_xattr: add close call
       via  f6ff49b3da8 audit_logging: auth_json_audit required auth_json
       via  d1027b4b8e6 dns: changing onelevel search for wildcard to subtree
      from  1d927b23f63 samba-tool: don't print backtrace on simple DNS errors

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test


- Log -----------------------------------------------------------------
commit 0a3a26179f8cd7b78ea7f970dd21fc75da2c46cd
Author: Justin Stephenson <jstephen at redhat.com>
Date:   Mon Dec 17 11:26:11 2018 -0500

    s3: net: Do not set NET_FLAGS_ANONYMOUS with -k
    
    This affects net rpc getsid and net rpc changetrustpw commands.
    This avoids an anonymous IPC connection being made when -k is used,
    this only affects net rpc getsid and net rpc changetrustpw commands.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13726
    
    Signed-off-by: Justin Stephenson <jstephen at redhat.com>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Noel Power <npower at samba.org>
    
    Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
    Autobuild-Date(v4-9-test): Mon Jan 14 13:34:32 CET 2019 on sn-devel-144

commit d94403d1dc77c1d56c0dfa23e649c8d8315f4c8b
Author: Günther Deschner <gd at samba.org>
Date:   Tue Dec 18 17:18:33 2018 +0100

    s3-vfs-fruit: add close call
    
    https://bugzilla.samba.org/show_bug.cgi?id=13725
    
    We cannot always rely on vfs_default to close the fake fds. This mostly is
    relevant when used with another non-local VFS filesystem module such as
    gluster.
    
    Guenther
    
    Signed-off-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Fri Dec 21 07:20:49 CET 2018 on sn-devel-144
    
    (cherry picked from commit ba016939aa91e0806f509c8b8ce9506bebceb7e5)

commit 16bd1112e2a0e8369219b5ebab16a128a380e324
Author: Günther Deschner <gd at samba.org>
Date:   Tue Dec 18 17:20:29 2018 +0100

    s3-vfs-streams_xattr: add close call
    
    https://bugzilla.samba.org/show_bug.cgi?id=13725
    
    We cannot always rely on vfs_default to close the fake fds. This mostly is
    relevant when used with another non-local VFS filesystem module such as
    gluster.
    
    Guenther
    
    Signed-off-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Thu Dec 20 07:18:20 CET 2018 on sn-devel-144
    
    (cherry picked from commit 1b263ed631c86bf4117c9388fce3fa1f24cea4c9)

commit f6ff49b3da8432f061b557c7ca3eb04680228f79
Author: Gary Lockyer <gary at catalyst.net.nz>
Date:   Mon Jan 14 09:53:13 2019 +1300

    audit_logging: auth_json_audit required auth_json
    
    To log JSON the human-readable logs must also have been enabled
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13715
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
    
    Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
    Autobuild-Date(master): Fri Dec 14 14:32:25 CET 2018 on sn-devel-144
    
    (cherry picked from commit 31957c7fe9d0f67bef08177e982043a23b172c7d)
    
    Edited to apply to y4.9: Gary Lockyer <gary at catalyst.net.nz>

commit d1027b4b8e65d8bede4e4fb9316c484f941f6b2a
Author: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Date:   Wed Jan 9 16:22:40 2019 +1300

    dns: changing onelevel search for wildcard to subtree
    
    SCOPE_ONELEVEL is used on wildcard dns searches, but onelevel searches
    currently have a performance problem related to GUID indexing, so this
    patch changes the search scope to SCOPE_SUBTREE.
    In this case, as the onelevel and subtree sets of records are roughly
    the same, and the query is matching against the DN itself, we don't
    believe there's any benefit in using SCOPE_ONELEVEL over SCOPE_SUBTREE.
    
    The onelevel performance problem will be fixed separately later, but in
    the meantime this solves the DNS performance problem.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13738
    
    Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
    Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
    (cherry picked from commit ef379880037c10589ceeab7f985e3245817908a4)

-----------------------------------------------------------------------

Summary of changes:
 auth/auth_log.c                       |  4 +-
 source3/modules/vfs_fruit.c           | 82 +++++++++++++++++++++++++++++++++++
 source3/modules/vfs_streams_xattr.c   | 26 +++++++++++
 source3/utils/net_rpc.c               | 10 ++++-
 source4/dns_server/dnsserver_common.c |  2 +-
 5 files changed, 119 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/auth/auth_log.c b/auth/auth_log.c
index 67d23c12a1b..38d29db4396 100644
--- a/auth/auth_log.c
+++ b/auth/auth_log.c
@@ -201,7 +201,7 @@ static void log_authentication_event_json(
 		 lp_ctx,
 		 &wrapper,
 		 AUTH_JSON_TYPE,
-		 DBGC_AUTH_AUDIT,
+		 DBGC_AUTH_AUDIT_JSON,
 		 debug_level);
 	json_free(&wrapper);
 }
@@ -281,7 +281,7 @@ static void log_successful_authz_event_json(
 		 lp_ctx,
 		 &wrapper,
 		 AUTHZ_JSON_TYPE,
-		 DBGC_AUTH_AUDIT,
+		 DBGC_AUTH_AUDIT_JSON,
 		 debug_level);
 	json_free(&wrapper);
 }
diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
index 9d6efb2c38c..90fcd5d5d34 100644
--- a/source3/modules/vfs_fruit.c
+++ b/source3/modules/vfs_fruit.c
@@ -3719,6 +3719,87 @@ static int fruit_open(vfs_handle_struct *handle,
 	return fd;
 }
 
+static int fruit_close_meta(vfs_handle_struct *handle,
+			    files_struct *fsp)
+{
+	int ret;
+	struct fruit_config_data *config = NULL;
+
+	SMB_VFS_HANDLE_GET_DATA(handle, config,
+				struct fruit_config_data, return -1);
+
+	switch (config->meta) {
+	case FRUIT_META_STREAM:
+		ret = SMB_VFS_NEXT_CLOSE(handle, fsp);
+		break;
+
+	case FRUIT_META_NETATALK:
+		ret = close(fsp->fh->fd);
+		fsp->fh->fd = -1;
+		break;
+
+	default:
+		DBG_ERR("Unexpected meta config [%d]\n", config->meta);
+		return -1;
+	}
+
+	return ret;
+}
+
+
+static int fruit_close_rsrc(vfs_handle_struct *handle,
+			    files_struct *fsp)
+{
+	int ret;
+	struct fruit_config_data *config = NULL;
+
+	SMB_VFS_HANDLE_GET_DATA(handle, config,
+				struct fruit_config_data, return -1);
+
+	switch (config->rsrc) {
+	case FRUIT_RSRC_STREAM:
+	case FRUIT_RSRC_ADFILE:
+		ret = SMB_VFS_NEXT_CLOSE(handle, fsp);
+		break;
+
+	case FRUIT_RSRC_XATTR:
+		ret = close(fsp->fh->fd);
+		fsp->fh->fd = -1;
+		break;
+
+	default:
+		DBG_ERR("Unexpected rsrc config [%d]\n", config->rsrc);
+		return -1;
+	}
+
+	return ret;
+}
+
+static int fruit_close(vfs_handle_struct *handle,
+                       files_struct *fsp)
+{
+	int ret;
+	int fd;
+
+	fd = fsp->fh->fd;
+
+	DBG_DEBUG("Path [%s] fd [%d]\n", smb_fname_str_dbg(fsp->fsp_name), fd);
+
+	if (!is_ntfs_stream_smb_fname(fsp->fsp_name)) {
+		return SMB_VFS_NEXT_CLOSE(handle, fsp);
+	}
+
+	if (is_afpinfo_stream(fsp->fsp_name)) {
+		ret = fruit_close_meta(handle, fsp);
+	} else if (is_afpresource_stream(fsp->fsp_name)) {
+		ret = fruit_close_rsrc(handle, fsp);
+	} else {
+		ret = SMB_VFS_NEXT_CLOSE(handle, fsp);
+	}
+
+	return ret;
+}
+
 static int fruit_rename(struct vfs_handle_struct *handle,
 			const struct smb_filename *smb_fname_src,
 			const struct smb_filename *smb_fname_dst)
@@ -7024,6 +7105,7 @@ static struct vfs_fn_pointers vfs_fruit_fns = {
 	.rename_fn = fruit_rename,
 	.rmdir_fn = fruit_rmdir,
 	.open_fn = fruit_open,
+	.close_fn = fruit_close,
 	.pread_fn = fruit_pread,
 	.pwrite_fn = fruit_pwrite,
 	.pread_send_fn = fruit_pread_send,
diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c
index 87c5589395a..ae80effc544 100644
--- a/source3/modules/vfs_streams_xattr.c
+++ b/source3/modules/vfs_streams_xattr.c
@@ -544,6 +544,31 @@ static int streams_xattr_open(vfs_handle_struct *handle,
 	return -1;
 }
 
+static int streams_xattr_close(vfs_handle_struct *handle,
+			       files_struct *fsp)
+{
+	int ret;
+	int fd;
+
+	fd = fsp->fh->fd;
+
+	DBG_DEBUG("streams_xattr_close called [%s] fd [%d]\n",
+			smb_fname_str_dbg(fsp->fsp_name), fd);
+
+	if (!is_ntfs_stream_smb_fname(fsp->fsp_name)) {
+		return SMB_VFS_NEXT_CLOSE(handle, fsp);
+	}
+
+	if (is_ntfs_default_stream_smb_fname(fsp->fsp_name)) {
+		return SMB_VFS_NEXT_CLOSE(handle, fsp);
+	}
+
+	ret = close(fd);
+	fsp->fh->fd = -1;
+
+	return ret;
+}
+
 static int streams_xattr_unlink(vfs_handle_struct *handle,
 				const struct smb_filename *smb_fname)
 {
@@ -1643,6 +1668,7 @@ static struct vfs_fn_pointers vfs_streams_xattr_fns = {
 	.fs_capabilities_fn = streams_xattr_fs_capabilities,
 	.connect_fn = streams_xattr_connect,
 	.open_fn = streams_xattr_open,
+	.close_fn = streams_xattr_close,
 	.stat_fn = streams_xattr_stat,
 	.fstat_fn = streams_xattr_fstat,
 	.lstat_fn = streams_xattr_lstat,
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index b99a036fca1..67fff2f4d1b 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -316,6 +316,12 @@ static NTSTATUS rpc_changetrustpw_internals(struct net_context *c,
 
 int net_rpc_changetrustpw(struct net_context *c, int argc, const char **argv)
 {
+	int conn_flags = NET_FLAGS_PDC;
+
+	if (!c->opt_user_specified && !c->opt_kerberos) {
+		conn_flags |= NET_FLAGS_ANONYMOUS;
+	}
+
 	if (c->display_usage) {
 		d_printf(  "%s\n"
 			   "net rpc changetrustpw\n"
@@ -326,7 +332,7 @@ int net_rpc_changetrustpw(struct net_context *c, int argc, const char **argv)
 	}
 
 	return run_rpc_command(c, NULL, &ndr_table_netlogon,
-			       NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
+			       conn_flags,
 			       rpc_changetrustpw_internals,
 			       argc, argv);
 }
@@ -863,7 +869,7 @@ int net_rpc_getsid(struct net_context *c, int argc, const char **argv)
 {
 	int conn_flags = NET_FLAGS_PDC;
 
-	if (!c->opt_user_specified) {
+	if (!c->opt_user_specified && !c->opt_kerberos) {
 		conn_flags |= NET_FLAGS_ANONYMOUS;
 	}
 
diff --git a/source4/dns_server/dnsserver_common.c b/source4/dns_server/dnsserver_common.c
index cc24a6c1b52..e76cc09ac5e 100644
--- a/source4/dns_server/dnsserver_common.c
+++ b/source4/dns_server/dnsserver_common.c
@@ -482,7 +482,7 @@ static int dns_wildcard_lookup(struct ldb_context *samdb,
 				      samdb,
 				      frame,
 				      parent,
-				      LDB_SCOPE_ONELEVEL,
+				      LDB_SCOPE_SUBTREE,
 				      query,
 				      attrs,
 				      NULL,


-- 
Samba Shared Repository



More information about the samba-cvs mailing list