[SCM] Samba Shared Repository - branch v4-13-stable updated

Karolin Seeger kseeger at samba.org
Tue Jan 26 07:24:06 UTC 2021


The branch, v4-13-stable has been updated
       via  19965edb713 VERSION: Disable GIT_SNAPSHOT for the 4.13.4 release.
       via  54868d2d58e WHATSNEW: Add release notes for Samba 4.13.4.
       via  d5905865962 script/release.sh: always select the GPG key by it's ID
       via  cd0442f4147 ReleaseKey: add GnuPG key transition statement for the Samba release key
       via  5817c495c59 script/release.sh: Use new GPG key.
       via  4e48d658f8d s3: smbd: Add call to conn_setup_case_options() to create_conn_struct_as_root().
       via  d13354f08f5 s3: smbd: Factor out setting up case parameters for a share to a function - conn_setup_case_options().
       via  a6ec2580b4d build: remove smbd_conn private library
       via  810b019db9e libcli/smb: allow unexpected padding in SMB2 IOCTL responses
       via  efb811f6e43 smbd: implement FSCTL_SMBTORTURE_IOCTL_RESPONSE_BODY_PADDING8 as reproducer for bug 14607
       via  6ae3c220a93 s4:torture/smb2: add samba3.smb2.ioctl.bug14607
       via  26e762a42e2 libcli/smb: split out smb2cli_ioctl_parse_buffer()
       via  5e64e53fe2f libcli/smb: Allow smb2cli_validate_negotiate_info_done() to ignore NT_STATUS_INVALID_PARAMETER.
       via  bb951cd05c2 libcli/smb: Change some checks to SMB_ASSERTS
       via  fdeba394444 vfs_fruit: fix close for fake_fd
       via  0391c7b55ff vfs_fruit: check fake_fd in fruit_pread_meta_stream()
       via  800a3dae912 vfs_fruit: use "fake_fd" instead of "created"
       via  124a7dc0680 vfs_streams_xattr: make use of vfs_fake_fd_close()
       via  15e4e106fe4 vfs_fruit: make use of vfs_fake_fd_close()
       via  a01b3646a54 s3:smbd: add vfs_fake_fd_close() helper
       via  1581c4c0752 s3:lib: Create the cache path of user gencache recursively
       via  c28deed6da1 lib:util: Add directory_create_or_exists_recursive()
       via  9ab30ab1c80 vfs_virusfilter: Allocate separate memory for config char*
       via  fc15ff8951f Do not create an empty DB when accessing a sam.ldb
       via  c5159bd6d76 bootstrap: Cope with case changes in CentOS 8 repo names
       via  6e6a16d8805 lib: Avoid declaring zero-length VLAs in various messaging functions
       via  6f4f529dded VERSION: Bump version up to 4.13.4...
      from  916472aebc9 VERSION: Disable GIT_SNAPSHOT for the 4.13.3 release.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-stable


- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 .gitlab-ci.yml                                     |   2 +-
 GPG_AA99442FB680B620_replaces_6F33915B6568B7EA.txt |  27 +++
 VERSION                                            |   2 +-
 WHATSNEW.txt                                       |  76 +++++++-
 bootstrap/config.py                                |   6 +-
 bootstrap/generated-dists/centos8/bootstrap.sh     |   6 +-
 bootstrap/sha1sum.txt                              |   2 +-
 lib/util/samba_util.h                              |  14 ++
 lib/util/tests/test_util.c                         | 118 +++++++++++-
 lib/util/util.c                                    |  40 ++++
 libcli/smb/smb2_signing.c                          |   9 +-
 libcli/smb/smb2cli_ioctl.c                         | 207 +++++++++++++--------
 libcli/smb/smbXcli_base.c                          |  25 +++
 libcli/smb/smb_constants.h                         |   2 +
 script/release.sh                                  |  10 +-
 source3/lib/gencache.c                             |   2 +-
 source3/lib/messages.c                             |   6 +-
 source3/modules/vfs_fruit.c                        |  34 ++--
 source3/modules/vfs_streams_xattr.c                |   4 +-
 source3/modules/vfs_virusfilter.c                  |  66 ++++++-
 source3/smbd/conn.c                                |  19 ++
 source3/smbd/msdfs.c                               |   2 +
 source3/smbd/proto.h                               |   3 +
 source3/smbd/service.c                             |  11 +-
 source3/smbd/smb2_ioctl.c                          |  41 +++-
 source3/smbd/smb2_ioctl_private.h                  |   1 +
 source3/smbd/vfs.c                                 |   9 +
 source3/wscript_build                              |   7 +-
 source4/dsdb/samdb/samdb.c                         |   3 +
 source4/torture/smb2/ioctl.c                       |  53 ++++++
 30 files changed, 647 insertions(+), 160 deletions(-)
 create mode 100644 GPG_AA99442FB680B620_replaces_6F33915B6568B7EA.txt


Changeset truncated at 500 lines:

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index c657b4a1d8f..0004820968a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -23,7 +23,7 @@ variables:
   # Set this to the contents of bootstrap/sha1sum.txt
   # which is generated by bootstrap/template.py --render
   #
-  SAMBA_CI_CONTAINER_TAG: 1275dc52ac8c1de5981f267df88b85b6f87e299a
+  SAMBA_CI_CONTAINER_TAG: b5b78cacae2fa6cec91925170bc6d4e3774cac9b
   #
   # We use the ubuntu1804 image as default as
   # it matches what we have on sn-devel-184.
diff --git a/GPG_AA99442FB680B620_replaces_6F33915B6568B7EA.txt b/GPG_AA99442FB680B620_replaces_6F33915B6568B7EA.txt
new file mode 100644
index 00000000000..8e240bae8db
--- /dev/null
+++ b/GPG_AA99442FB680B620_replaces_6F33915B6568B7EA.txt
@@ -0,0 +1,27 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+The GPG release key for Samba releases changed from:
+
+pub   dsa1024/6F33915B6568B7EA 2007-02-04 [SC] [expires: 2021-02-05]
+      Key fingerprint = 52FB C0B8 6D95 4B08 4332  4CDC 6F33 915B 6568 B7EA
+uid                 [  full  ] Samba Distribution Verification Key <samba-bugs at samba.org>
+sub   elg2048/9C6ED163DA6DFB44 2007-02-04 [E] [expires: 2021-02-05]
+
+to the following new key:
+
+pub   rsa4096/AA99442FB680B620 2020-12-21 [SC] [expires: 2022-12-21]
+      Key fingerprint = 81F5 E283 2BD2 545A 1897  B713 AA99 442F B680 B620
+uid                 [ultimate] Samba Distribution Verification Key <samba-bugs at samba.org>
+sub   rsa4096/97EF9386FBFD4002 2020-12-21 [E] [expires: 2022-12-21]
+
+Starting from Jan 21th 2021, all Samba releases will be signed with the new key.
+
+This document is signed with the old key.
+
+-----BEGIN PGP SIGNATURE-----
+
+iF0EARECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCYAltCQAKCRBvM5FbZWi3
+6ofOAJ491tFEr36jLkf158ueIrDw9zNVtgCbBV3PgocOX5VH57s1NQdBOof+ihw=
+=wf56
+-----END PGP SIGNATURE-----
diff --git a/VERSION b/VERSION
index 3ffbca609ac..130087004f0 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 ########################################################
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=13
-SAMBA_VERSION_RELEASE=3
+SAMBA_VERSION_RELEASE=4
 
 ########################################################
 # If a official release has a serious bug              #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 947fd89e3c3..544f4377bfd 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,74 @@
+                   ==============================
+                   Release Notes for Samba 4.13.4
+                          January 26, 2021
+                   ==============================
+
+
+This is the latest stable release of the Samba 4.13 release series.
+
+
+Changes since 4.13.3
+--------------------
+
+o  Jeremy Allison <jra at samba.org>
+   * BUG 14607: Work around special SMB2 IOCTL response behavior of NetApp Ontap
+     7.3.7.
+   * BUG 14612: Temporary DFS share setup doesn't set case parameters in the
+     same way as a regular share definition does.
+
+o  Dimitry Andric <dimitry at andric.com>
+   * BUG 14605: lib: Avoid declaring zero-length VLAs in various messaging
+     functions.
+
+o  Andrew Bartlett <abartlet at samba.org>
+   * BUG 14579: Do not create an empty DB when accessing a sam.ldb.
+
+o  Ralph Boehme <slow at samba.org>
+   * BUG 14596: vfs_fruit may close wrong backend fd.
+   * BUG 14612: Temporary DFS share setup doesn't set case parameters in the
+     same way as a regular share definition does.
+
+o  Arne Kreddig <arne at kreddig.net>
+   * BUG 14606: vfs_virusfilter: Allocate separate memory for config char*.
+
+o  Stefan Metzmacher <metze at samba.org>
+   * BUG 14596: vfs_fruit may close wrong backend fd.
+   * BUG 14607: Work around special SMB2 IOCTL response behavior of NetApp Ontap
+     7.3.7.
+
+o  Andreas Schneider <asn at samba.org>
+   * BUG 14601: The cache directory for the user gencache should be created
+     recursively.
+
+o  Martin Schwenke <martin at meltin.net>
+   * BUG 14594: Be more flexible with repository names in CentOS 8 test
+     environments.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+
                    ==============================
                    Release Notes for Samba 4.13.3
                           December 15, 2020
@@ -66,10 +137,7 @@ database (https://bugzilla.samba.org/).
 ======================================================================
 
 
-Release notes for older releases follow:
-----------------------------------------
-
-                   ==============================
+----------------------------------------------------------------------                   ==============================
                    Release Notes for Samba 4.13.2
                           November 03, 2020
                    ==============================
diff --git a/bootstrap/config.py b/bootstrap/config.py
index 24f21a3c749..320a28e0f00 100644
--- a/bootstrap/config.py
+++ b/bootstrap/config.py
@@ -232,8 +232,10 @@ yum install -y dnf-plugins-core
 yum install -y epel-release
 
 yum -v repolist all
-yum config-manager --set-enabled PowerTools -y
-yum config-manager --set-enabled Devel -y
+yum config-manager --set-enabled PowerTools -y || \
+    yum config-manager --set-enabled powertools -y
+yum config-manager --set-enabled Devel -y || \
+    yum config-manager --set-enabled devel -y
 yum update -y
 
 yum install -y \
diff --git a/bootstrap/generated-dists/centos8/bootstrap.sh b/bootstrap/generated-dists/centos8/bootstrap.sh
index b494d0040dd..eeea0e8f3b3 100755
--- a/bootstrap/generated-dists/centos8/bootstrap.sh
+++ b/bootstrap/generated-dists/centos8/bootstrap.sh
@@ -12,8 +12,10 @@ yum install -y dnf-plugins-core
 yum install -y epel-release
 
 yum -v repolist all
-yum config-manager --set-enabled PowerTools -y
-yum config-manager --set-enabled Devel -y
+yum config-manager --set-enabled PowerTools -y || \
+    yum config-manager --set-enabled powertools -y
+yum config-manager --set-enabled Devel -y || \
+    yum config-manager --set-enabled devel -y
 yum update -y
 
 yum install -y \
diff --git a/bootstrap/sha1sum.txt b/bootstrap/sha1sum.txt
index 345d4a95e98..9101ad627cc 100644
--- a/bootstrap/sha1sum.txt
+++ b/bootstrap/sha1sum.txt
@@ -1 +1 @@
-1275dc52ac8c1de5981f267df88b85b6f87e299a
+b5b78cacae2fa6cec91925170bc6d4e3774cac9b
diff --git a/lib/util/samba_util.h b/lib/util/samba_util.h
index 5a81baa80b6..e788beac950 100644
--- a/lib/util/samba_util.h
+++ b/lib/util/samba_util.h
@@ -478,6 +478,20 @@ _PUBLIC_ bool file_check_permissions(const char *fname,
  */
 _PUBLIC_ bool directory_create_or_exist(const char *dname, mode_t dir_perms);
 
+/**
+ * @brief Try to create a specified directory and the parent directory if they
+ *        don't exist.
+ *
+ * @param[in]  dname     The directory path to create.
+ *
+ * @param[in]  dir_perms The permission of the directories.
+ *
+ * @return true on success, false otherwise.
+ */
+_PUBLIC_ bool directory_create_or_exists_recursive(
+		const char *dname,
+		mode_t dir_perms);
+
 _PUBLIC_ bool directory_create_or_exist_strict(const char *dname,
 					       uid_t uid,
 					       mode_t dir_perms);
diff --git a/lib/util/tests/test_util.c b/lib/util/tests/test_util.c
index eebba39e70c..a893e6175c2 100644
--- a/lib/util/tests/test_util.c
+++ b/lib/util/tests/test_util.c
@@ -4,6 +4,7 @@
  *  Unit test for util.c
  *
  *  Copyright (C) Christof Schmitt 2020
+ *  Copyright (C) Andreas Schneider 2020
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -19,13 +20,22 @@
  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
  */
 
-#include "lib/util/util.c"
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <setjmp.h>
 #include <cmocka.h>
 
+#include "lib/replace/replace.h"
+#include "system/dir.h"
+
+#include "lib/util/util.c"
+
 struct test_paths {
 	char testdir[PATH_MAX];
 	char none[PATH_MAX];
 	char dir[PATH_MAX];
+	char dir_recursive[PATH_MAX];
 	mode_t dir_mode;
 	char file[PATH_MAX];
 	mode_t file_mode;
@@ -59,6 +69,12 @@ static int group_setup(void **state)
 	ret = mkdir(paths->dir, paths->dir_mode);
 	assert_return_code(ret, errno);
 
+	strlcpy(paths->dir_recursive, testdir, sizeof(paths->dir));
+	strlcat(paths->dir_recursive, "/dir_recursive", sizeof(paths->dir));
+	paths->dir_mode = 0750;
+	ret = mkdir(paths->dir_recursive, paths->dir_mode);
+	assert_return_code(ret, errno);
+
 	strlcpy(paths->file, testdir, sizeof(paths->file));
 	strlcat(paths->file, "/file", sizeof(paths->file));
 	paths->file_mode = 0640;
@@ -89,16 +105,79 @@ static int group_setup(void **state)
 	return 0;
 }
 
+static int torture_rmdirs(const char *path)
+{
+	DIR *d;
+	struct dirent *dp;
+	struct stat sb;
+	char *fname;
+
+	if ((d = opendir(path)) != NULL) {
+		while(stat(path, &sb) == 0) {
+			/* if we can remove the directory we're done */
+			if (rmdir(path) == 0) {
+				break;
+			}
+			switch (errno) {
+				case ENOTEMPTY:
+				case EEXIST:
+				case EBADF:
+					break; /* continue */
+				default:
+					closedir(d);
+					return 0;
+			}
+
+			while ((dp = readdir(d)) != NULL) {
+				size_t len;
+				/* skip '.' and '..' */
+				if (dp->d_name[0] == '.' &&
+						(dp->d_name[1] == '\0' ||
+						 (dp->d_name[1] == '.' && dp->d_name[2] == '\0'))) {
+					continue;
+				}
+
+				len = strlen(path) + strlen(dp->d_name) + 2;
+				fname = malloc(len);
+				if (fname == NULL) {
+					closedir(d);
+					return -1;
+				}
+				snprintf(fname, len, "%s/%s", path, dp->d_name);
+
+				/* stat the file */
+				if (lstat(fname, &sb) != -1) {
+					if (S_ISDIR(sb.st_mode) && !S_ISLNK(sb.st_mode)) {
+						if (rmdir(fname) < 0) { /* can't be deleted */
+							if (errno == EACCES) {
+								closedir(d);
+								SAFE_FREE(fname);
+								return -1;
+							}
+							torture_rmdirs(fname);
+						}
+					} else {
+						unlink(fname);
+					}
+				} /* lstat */
+				SAFE_FREE(fname);
+			} /* readdir */
+
+			rewinddir(d);
+		}
+	} else {
+		return -1;
+	}
+
+	closedir(d);
+	return 0;
+}
+
 static int group_teardown(void **state)
 {
 	struct test_paths *paths = *state;
 	int ret;
 
-	return 0;
-
-	ret = rmdir(paths->dir);
-	assert_return_code(ret, errno);
-
 	ret = unlink(paths->file);
 	assert_return_code(ret, errno);
 
@@ -111,7 +190,7 @@ static int group_teardown(void **state)
 	ret = unlink(paths->symlink_file);
 	assert_return_code(ret, errno);
 
-	ret = unlink(paths->testdir);
+	ret = torture_rmdirs(paths->testdir);
 	assert_return_code(ret, errno);
 
 	free(paths);
@@ -217,6 +296,30 @@ static void test_directory_create_or_exists_symlink_file(void **state)
 	assert_true(S_ISLNK(sbuf.st_mode));
 }
 
+static void test_directory_create_or_exists_recursive(void **state)
+{
+	struct test_paths *paths = *state;
+	char recursive_testdir[PATH_MAX] = {0};
+	struct stat sbuf = {0};
+	bool ok;
+	int ret;
+
+	ret = snprintf(recursive_testdir,
+		       sizeof(recursive_testdir),
+		       "%s/wurst/brot",
+		       paths->dir_recursive);
+	assert_int_not_equal(ret, -1);
+
+	ok = directory_create_or_exists_recursive(recursive_testdir,
+						  0700);
+	assert_true(ok);
+
+	ret = lstat(recursive_testdir, &sbuf);
+	assert_return_code(ret, errno);
+	assert_int_equal(sbuf.st_mode & 0777, 0700);
+	assert_true(S_ISDIR(sbuf.st_mode));
+}
+
 int main(int argc, char **argv)
 {
 	const struct CMUnitTest tests[] = {
@@ -226,6 +329,7 @@ int main(int argc, char **argv)
 		cmocka_unit_test(test_directory_create_or_exists_symlink_none),
 		cmocka_unit_test(test_directory_create_or_exists_symlink_dir),
 		cmocka_unit_test(test_directory_create_or_exists_symlink_file),
+		cmocka_unit_test(test_directory_create_or_exists_recursive),
 	};
 
 	cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
diff --git a/lib/util/util.c b/lib/util/util.c
index 59dc7bd6b71..ac1aefa347b 100644
--- a/lib/util/util.c
+++ b/lib/util/util.c
@@ -35,6 +35,7 @@
 #include "debug.h"
 #include "samba_util.h"
 #include "lib/util/select.h"
+#include <libgen.h>
 
 #ifdef HAVE_SYS_PRCTL_H
 #include <sys/prctl.h>
@@ -398,6 +399,45 @@ _PUBLIC_ bool directory_create_or_exist(const char *dname,
 	return true;
 }
 
+_PUBLIC_ bool directory_create_or_exists_recursive(
+		const char *dname,
+		mode_t dir_perms)
+{
+	bool ok;
+
+	ok = directory_create_or_exist(dname, dir_perms);
+	if (!ok) {
+		if (!directory_exist(dname)) {
+			char tmp[PATH_MAX] = {0};
+			char *parent = NULL;
+			size_t n;
+
+			/* Use the null context */
+			n = strlcpy(tmp, dname, sizeof(tmp));
+			if (n < strlen(dname)) {
+				DBG_ERR("Path too long!\n");
+				return false;
+			}
+
+			parent = dirname(tmp);
+			if (parent == NULL) {
+				DBG_ERR("Failed to create dirname!\n");
+				return false;
+			}
+
+			ok = directory_create_or_exists_recursive(parent,
+								  dir_perms);
+			if (!ok) {
+				return false;
+			}
+
+			ok = directory_create_or_exist(dname, dir_perms);
+		}
+	}
+
+	return ok;
+}
+
 /**
  * @brief Try to create a specified directory if it doesn't exist.
  *
diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c
index cc03607d789..230475480c2 100644
--- a/libcli/smb/smb2_signing.c
+++ b/libcli/smb/smb2_signing.c
@@ -189,13 +189,8 @@ NTSTATUS smb2_signing_check_pdu(struct smb2_signing_key *signing_key,
 	static const uint8_t zero_sig[16] = { 0, };
 	int i;
 
-	if (count < 2) {
-		return NT_STATUS_INVALID_PARAMETER;
-	}
-
-	if (vector[0].iov_len != SMB2_HDR_BODY) {
-		return NT_STATUS_INVALID_PARAMETER;
-	}
+	SMB_ASSERT(count >= 2);
+	SMB_ASSERT(vector[0].iov_len == SMB2_HDR_BODY);
 
 	hdr = (const uint8_t *)vector[0].iov_base;
 
diff --git a/libcli/smb/smb2cli_ioctl.c b/libcli/smb/smb2cli_ioctl.c
index 2b572baeb23..f9abcc57bab 100644
--- a/libcli/smb/smb2cli_ioctl.c
+++ b/libcli/smb/smb2cli_ioctl.c
@@ -160,6 +160,97 @@ struct tevent_req *smb2cli_ioctl_send(TALLOC_CTX *mem_ctx,
 	return req;
 }
 
+static NTSTATUS smb2cli_ioctl_parse_buffer(uint32_t dyn_offset,
+					   const DATA_BLOB dyn_buffer,
+					   uint32_t min_offset,
+					   uint32_t buffer_offset,
+					   uint32_t buffer_length,
+					   uint32_t max_length,
+					   uint32_t *next_offset,
+					   DATA_BLOB *buffer)
+{
+	uint32_t offset;
+	bool oob;
+
+	*buffer = data_blob_null;
+	*next_offset = dyn_offset;
+
+	if (buffer_offset == 0) {


-- 
Samba Shared Repository



More information about the samba-cvs mailing list