[SCM] Samba Shared Repository - branch master updated

Ralph Böhme slow at samba.org
Tue May 12 19:53:02 UTC 2020 

The branch, master has been updated
       via  bf04ca5658d s3/locking: prime flags in a fresh sharemode data object
       via  59f55aa083c smbd: fix for bug 14375
       via  3f37008edaa smbd: make conflicting_access available to other functions
       via  2ace545a637 s4/torture: reproducer for bug 14375
       via  c83ef1d9057 selftest: split a knownfail entry
      from  6b17dcfd263 winbind.service: drop quotes from $WINBINDOPTIONS variable

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit bf04ca5658dcf7d7cdf5f718eec0e5e21f9a0d64
Author: Ralph Boehme <slow at samba.org>
Date:   Mon May 11 11:35:04 2020 +0200

    s3/locking: prime flags in a fresh sharemode data object
    
    This is needed to prime the logic in share_mode_flags_restrict() for the
    following scenario:
    
    * (First) CREATE on a file with FILE_SHARE_NONE and
      access_mask=FILE_READ_ATTRIBUTES (a stat-open).
    
    * share_mode_flags_restrict() gets called with
    
        share_mode_flags_restrict(flags=0,
                                  access_mask=0x80,
                                  share_mode=0,
                                  lease_type=UINT32_MAX)
    
      and returns a value where none of the FILE_SHARE_* flags is set.
    
    As a result share_mode_data.flags doesn't reflect the share-modes in effect.
    
    This doesn't change any current visible behaviour outside of open_mode_check(),
    but it avoids calling share_mode_forall_entries() in open_mode_check_fn().
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14375
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    
    Autobuild-User(master): Ralph Böhme <slow at samba.org>
    Autobuild-Date(master): Tue May 12 19:52:48 UTC 2020 on sn-devel-184

commit 59f55aa083ce2d87ad6f43dc941f725c79c8ec59
Author: Ralph Boehme <slow at samba.org>
Date:   Sat May 9 15:13:54 2020 +0200

    smbd: fix for bug 14375
    
    ... with many thanks to an enthusiastic Samba user from Poland for helping to
    track this down.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14375
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>

commit 3f37008edaa31c3bc8c9b291dc1af00550ce4f9a
Author: Ralph Boehme <slow at samba.org>
Date:   Mon May 11 13:42:39 2020 +0200

    smbd: make conflicting_access available to other functions
    
    The next commit adds more users of conflicting_access.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14375
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>

commit 2ace545a6378970ca3d8a1a30d4c7da66aaa9721
Author: Ralph Boehme <slow at samba.org>
Date:   Sat May 9 15:29:15 2020 +0200

    s4/torture: reproducer for bug 14375
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14375
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>

commit c83ef1d90573fdc9db3d0acbc1335a5b2325f5c5
Author: Ralph Boehme <slow at samba.org>
Date:   Mon May 11 15:56:58 2020 +0200

    selftest: split a knownfail entry
    
    Lists the two existing subtests indidivually in preparation of adding a third
    that is going to pass against ad_dc_ntvfs.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14375
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 selftest/knownfail                |   3 +-
 source3/locking/share_mode_lock.c |   3 +
 source3/smbd/open.c               |  22 +++++---
 source4/torture/smb2/sharemode.c  | 114 ++++++++++++++++++++++++++++++++++++++
 4 files changed, 133 insertions(+), 9 deletions(-)


Changeset truncated at 500 lines:

diff --git a/selftest/knownfail b/selftest/knownfail
index 6394a2957c3..57a4d93a37d 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -175,7 +175,8 @@
 ^samba4.smb2.getinfo.qfs_buffercheck # S4 does not do the INFO_LENGTH_MISMATCH/BUFFER_OVERFLOW thingy
 ^samba4.smb2.getinfo.qfile_buffercheck # S4 does not do the INFO_LENGTH_MISMATCH/BUFFER_OVERFLOW thingy
 ^samba4.smb2.getinfo.qsec_buffercheck # S4 does not do the BUFFER_TOO_SMALL thingy
-^samba4.smb2.sharemode
+^samba4.smb2.sharemode.sharemode-access
+^samba4.smb2.sharemode.access-sharemode
 ^samba4.ntvfs.cifs.krb5.base.createx_access.createx_access\(.*\)$
 ^samba4.rpc.lsa.forest.trust #Not fully provided by Samba4
 ^samba4.blackbox.upgradeprovision.alpha13.ldapcmp_sd\(none\) # Due to something rewriting the NT ACL on DNS objects
diff --git a/source3/locking/share_mode_lock.c b/source3/locking/share_mode_lock.c
index de59b8d2545..ff77f12d1f7 100644
--- a/source3/locking/share_mode_lock.c
+++ b/source3/locking/share_mode_lock.c
@@ -530,6 +530,9 @@ static struct share_mode_data *fresh_share_mode_lock(
 		goto fail;
 	}
 	d->old_write_time = full_timespec_to_nt_time(old_write_time);
+	d->flags = SHARE_MODE_SHARE_DELETE |
+		SHARE_MODE_SHARE_WRITE |
+		SHARE_MODE_SHARE_READ;
 	d->modified = false;
 	d->fresh = true;
 	return d;
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index b6a326531aa..cc71cce4df4 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -1493,17 +1493,18 @@ static bool mask_conflict(
  Returns True if conflict, False if not.
 ****************************************************************************/
 
+static const uint32_t conflicting_access =
+	FILE_WRITE_DATA|
+	FILE_APPEND_DATA|
+	FILE_READ_DATA|
+	FILE_EXECUTE|
+	DELETE_ACCESS;
+
 static bool share_conflict(uint32_t e_access_mask,
 			   uint32_t e_share_access,
 			   uint32_t access_mask,
 			   uint32_t share_access)
 {
-	const uint32_t conflicting_access =
-		FILE_WRITE_DATA|
-		FILE_APPEND_DATA|
-		FILE_READ_DATA|
-		FILE_EXECUTE|
-		DELETE_ACCESS;
 	bool conflict;
 
 	DBG_DEBUG("existing access_mask = 0x%"PRIx32", "
@@ -1754,7 +1755,9 @@ static uint16_t share_mode_flags_restrict(
 		&existing_lease_type);
 
 	existing_access_mask |= access_mask;
-	existing_share_mode &= share_mode;
+	if (access_mask & conflicting_access) {
+		existing_share_mode &= share_mode;
+	}
 	existing_lease_type |= lease_type;
 
 	ret = share_mode_flags_set(
@@ -1793,7 +1796,10 @@ static bool open_mode_check_fn(
 	}
 
 	access_mask = state->access_mask | e->access_mask;
-	share_access = state->share_access & e->share_access;
+	share_access = state->share_access;
+	if (e->access_mask & conflicting_access) {
+		share_access &= e->share_access;
+	}
 	lease_type = state->lease_type | get_lease_type(e, state->fid);
 
 	if ((access_mask == state->access_mask) &&
diff --git a/source4/torture/smb2/sharemode.c b/source4/torture/smb2/sharemode.c
index 6a581cd60ab..87f2f852c1c 100644
--- a/source4/torture/smb2/sharemode.c
+++ b/source4/torture/smb2/sharemode.c
@@ -625,6 +625,118 @@ done:
 	return ret;
 }
 
+/*
+ * Test initial stat open with share nothing doesn't trigger SHARING_VIOLTION
+ * errors.
+ */
+static bool test_smb2_bug14375(struct torture_context *tctx,
+			       struct smb2_tree *tree)
+{
+	const char *fname = "test_bug14375";
+	struct smb2_create cr1;
+	struct smb2_create cr2;
+	struct smb2_create cr3;
+	NTSTATUS status;
+	bool ret = true;
+
+	smb2_util_unlink(tree, fname);
+
+	cr1 = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_READ_ATTRIBUTE,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_NONE,
+		.in.create_disposition = NTCREATEX_DISP_CREATE,
+		.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS,
+		.in.fname = fname,
+	};
+
+	status = smb2_create(tree, tctx, &cr1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"CREATE file failed\n");
+
+	cr2 = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_READ_DATA,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS,
+		.in.fname = fname,
+	};
+
+	status = smb2_create(tree, tctx, &cr2);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"CREATE file failed\n");
+
+	cr3 = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_READ_DATA,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS,
+		.in.fname = fname,
+	};
+
+	status = smb2_create(tree, tctx, &cr3);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"CREATE file failed\n");
+
+	status = smb2_util_close(tree, cr1.out.file.handle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"CLOSE file failed\n");
+	status = smb2_util_close(tree, cr2.out.file.handle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"CLOSE file failed\n");
+	status = smb2_util_close(tree, cr3.out.file.handle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"CLOSE file failed\n");
+
+	cr1 = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_READ_DATA,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS,
+		.in.fname = fname,
+	};
+
+	status = smb2_create(tree, tctx, &cr1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"CREATE file failed\n");
+
+	cr2 = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_READ_ATTRIBUTE,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_NONE,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS,
+		.in.fname = fname,
+	};
+
+	status = smb2_create(tree, tctx, &cr2);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"CREATE file failed\n");
+
+	cr3 = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_READ_DATA,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS,
+		.in.fname = fname,
+	};
+
+	status = smb2_create(tree, tctx, &cr3);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"CREATE file failed\n");
+
+done:
+	smb2_util_close(tree, cr1.out.file.handle);
+	smb2_util_close(tree, cr2.out.file.handle);
+	smb2_util_close(tree, cr3.out.file.handle);
+	smb2_util_unlink(tree, fname);
+	return ret;
+}
+
 struct torture_suite *torture_smb2_sharemode_init(TALLOC_CTX *ctx)
 {
 	struct torture_suite *suite = torture_suite_create(ctx, "sharemode");
@@ -633,6 +745,8 @@ struct torture_suite *torture_smb2_sharemode_init(TALLOC_CTX *ctx)
 				     test_smb2_sharemode_access);
 	torture_suite_add_2smb2_test(suite, "access-sharemode",
 				     test_smb2_access_sharemode);
+	torture_suite_add_1smb2_test(suite, "bug14375",
+				     test_smb2_bug14375);
 
 	suite->description = talloc_strdup(suite, "SMB2-SHAREMODE tests");
 


-- 
Samba Shared Repository

More information about the samba-cvs mailing list