[SCM] Samba Shared Repository - branch v4-13-stable updated
Karolin Seeger
kseeger at samba.org
Tue Jan 26 07:24:06 UTC 2021
The branch, v4-13-stable has been updated
via 19965edb713 VERSION: Disable GIT_SNAPSHOT for the 4.13.4 release.
via 54868d2d58e WHATSNEW: Add release notes for Samba 4.13.4.
via d5905865962 script/release.sh: always select the GPG key by it's ID
via cd0442f4147 ReleaseKey: add GnuPG key transition statement for the Samba release key
via 5817c495c59 script/release.sh: Use new GPG key.
via 4e48d658f8d s3: smbd: Add call to conn_setup_case_options() to create_conn_struct_as_root().
via d13354f08f5 s3: smbd: Factor out setting up case parameters for a share to a function - conn_setup_case_options().
via a6ec2580b4d build: remove smbd_conn private library
via 810b019db9e libcli/smb: allow unexpected padding in SMB2 IOCTL responses
via efb811f6e43 smbd: implement FSCTL_SMBTORTURE_IOCTL_RESPONSE_BODY_PADDING8 as reproducer for bug 14607
via 6ae3c220a93 s4:torture/smb2: add samba3.smb2.ioctl.bug14607
via 26e762a42e2 libcli/smb: split out smb2cli_ioctl_parse_buffer()
via 5e64e53fe2f libcli/smb: Allow smb2cli_validate_negotiate_info_done() to ignore NT_STATUS_INVALID_PARAMETER.
via bb951cd05c2 libcli/smb: Change some checks to SMB_ASSERTS
via fdeba394444 vfs_fruit: fix close for fake_fd
via 0391c7b55ff vfs_fruit: check fake_fd in fruit_pread_meta_stream()
via 800a3dae912 vfs_fruit: use "fake_fd" instead of "created"
via 124a7dc0680 vfs_streams_xattr: make use of vfs_fake_fd_close()
via 15e4e106fe4 vfs_fruit: make use of vfs_fake_fd_close()
via a01b3646a54 s3:smbd: add vfs_fake_fd_close() helper
via 1581c4c0752 s3:lib: Create the cache path of user gencache recursively
via c28deed6da1 lib:util: Add directory_create_or_exists_recursive()
via 9ab30ab1c80 vfs_virusfilter: Allocate separate memory for config char*
via fc15ff8951f Do not create an empty DB when accessing a sam.ldb
via c5159bd6d76 bootstrap: Cope with case changes in CentOS 8 repo names
via 6e6a16d8805 lib: Avoid declaring zero-length VLAs in various messaging functions
via 6f4f529dded VERSION: Bump version up to 4.13.4...
from 916472aebc9 VERSION: Disable GIT_SNAPSHOT for the 4.13.3 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
.gitlab-ci.yml | 2 +-
GPG_AA99442FB680B620_replaces_6F33915B6568B7EA.txt | 27 +++
VERSION | 2 +-
WHATSNEW.txt | 76 +++++++-
bootstrap/config.py | 6 +-
bootstrap/generated-dists/centos8/bootstrap.sh | 6 +-
bootstrap/sha1sum.txt | 2 +-
lib/util/samba_util.h | 14 ++
lib/util/tests/test_util.c | 118 +++++++++++-
lib/util/util.c | 40 ++++
libcli/smb/smb2_signing.c | 9 +-
libcli/smb/smb2cli_ioctl.c | 207 +++++++++++++--------
libcli/smb/smbXcli_base.c | 25 +++
libcli/smb/smb_constants.h | 2 +
script/release.sh | 10 +-
source3/lib/gencache.c | 2 +-
source3/lib/messages.c | 6 +-
source3/modules/vfs_fruit.c | 34 ++--
source3/modules/vfs_streams_xattr.c | 4 +-
source3/modules/vfs_virusfilter.c | 66 ++++++-
source3/smbd/conn.c | 19 ++
source3/smbd/msdfs.c | 2 +
source3/smbd/proto.h | 3 +
source3/smbd/service.c | 11 +-
source3/smbd/smb2_ioctl.c | 41 +++-
source3/smbd/smb2_ioctl_private.h | 1 +
source3/smbd/vfs.c | 9 +
source3/wscript_build | 7 +-
source4/dsdb/samdb/samdb.c | 3 +
source4/torture/smb2/ioctl.c | 53 ++++++
30 files changed, 647 insertions(+), 160 deletions(-)
create mode 100644 GPG_AA99442FB680B620_replaces_6F33915B6568B7EA.txt
Changeset truncated at 500 lines:
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index c657b4a1d8f..0004820968a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -23,7 +23,7 @@ variables:
# Set this to the contents of bootstrap/sha1sum.txt
# which is generated by bootstrap/template.py --render
#
- SAMBA_CI_CONTAINER_TAG: 1275dc52ac8c1de5981f267df88b85b6f87e299a
+ SAMBA_CI_CONTAINER_TAG: b5b78cacae2fa6cec91925170bc6d4e3774cac9b
#
# We use the ubuntu1804 image as default as
# it matches what we have on sn-devel-184.
diff --git a/GPG_AA99442FB680B620_replaces_6F33915B6568B7EA.txt b/GPG_AA99442FB680B620_replaces_6F33915B6568B7EA.txt
new file mode 100644
index 00000000000..8e240bae8db
--- /dev/null
+++ b/GPG_AA99442FB680B620_replaces_6F33915B6568B7EA.txt
@@ -0,0 +1,27 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+The GPG release key for Samba releases changed from:
+
+pub dsa1024/6F33915B6568B7EA 2007-02-04 [SC] [expires: 2021-02-05]
+ Key fingerprint = 52FB C0B8 6D95 4B08 4332 4CDC 6F33 915B 6568 B7EA
+uid [ full ] Samba Distribution Verification Key <samba-bugs at samba.org>
+sub elg2048/9C6ED163DA6DFB44 2007-02-04 [E] [expires: 2021-02-05]
+
+to the following new key:
+
+pub rsa4096/AA99442FB680B620 2020-12-21 [SC] [expires: 2022-12-21]
+ Key fingerprint = 81F5 E283 2BD2 545A 1897 B713 AA99 442F B680 B620
+uid [ultimate] Samba Distribution Verification Key <samba-bugs at samba.org>
+sub rsa4096/97EF9386FBFD4002 2020-12-21 [E] [expires: 2022-12-21]
+
+Starting from Jan 21th 2021, all Samba releases will be signed with the new key.
+
+This document is signed with the old key.
+
+-----BEGIN PGP SIGNATURE-----
+
+iF0EARECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCYAltCQAKCRBvM5FbZWi3
+6ofOAJ491tFEr36jLkf158ueIrDw9zNVtgCbBV3PgocOX5VH57s1NQdBOof+ihw=
+=wf56
+-----END PGP SIGNATURE-----
diff --git a/VERSION b/VERSION
index 3ffbca609ac..130087004f0 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=13
-SAMBA_VERSION_RELEASE=3
+SAMBA_VERSION_RELEASE=4
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 947fd89e3c3..544f4377bfd 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,74 @@
+ ==============================
+ Release Notes for Samba 4.13.4
+ January 26, 2021
+ ==============================
+
+
+This is the latest stable release of the Samba 4.13 release series.
+
+
+Changes since 4.13.3
+--------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 14607: Work around special SMB2 IOCTL response behavior of NetApp Ontap
+ 7.3.7.
+ * BUG 14612: Temporary DFS share setup doesn't set case parameters in the
+ same way as a regular share definition does.
+
+o Dimitry Andric <dimitry at andric.com>
+ * BUG 14605: lib: Avoid declaring zero-length VLAs in various messaging
+ functions.
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 14579: Do not create an empty DB when accessing a sam.ldb.
+
+o Ralph Boehme <slow at samba.org>
+ * BUG 14596: vfs_fruit may close wrong backend fd.
+ * BUG 14612: Temporary DFS share setup doesn't set case parameters in the
+ same way as a regular share definition does.
+
+o Arne Kreddig <arne at kreddig.net>
+ * BUG 14606: vfs_virusfilter: Allocate separate memory for config char*.
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 14596: vfs_fruit may close wrong backend fd.
+ * BUG 14607: Work around special SMB2 IOCTL response behavior of NetApp Ontap
+ 7.3.7.
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 14601: The cache directory for the user gencache should be created
+ recursively.
+
+o Martin Schwenke <martin at meltin.net>
+ * BUG 14594: Be more flexible with repository names in CentOS 8 test
+ environments.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+
==============================
Release Notes for Samba 4.13.3
December 15, 2020
@@ -66,10 +137,7 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
-
- ==============================
+---------------------------------------------------------------------- ==============================
Release Notes for Samba 4.13.2
November 03, 2020
==============================
diff --git a/bootstrap/config.py b/bootstrap/config.py
index 24f21a3c749..320a28e0f00 100644
--- a/bootstrap/config.py
+++ b/bootstrap/config.py
@@ -232,8 +232,10 @@ yum install -y dnf-plugins-core
yum install -y epel-release
yum -v repolist all
-yum config-manager --set-enabled PowerTools -y
-yum config-manager --set-enabled Devel -y
+yum config-manager --set-enabled PowerTools -y || \
+ yum config-manager --set-enabled powertools -y
+yum config-manager --set-enabled Devel -y || \
+ yum config-manager --set-enabled devel -y
yum update -y
yum install -y \
diff --git a/bootstrap/generated-dists/centos8/bootstrap.sh b/bootstrap/generated-dists/centos8/bootstrap.sh
index b494d0040dd..eeea0e8f3b3 100755
--- a/bootstrap/generated-dists/centos8/bootstrap.sh
+++ b/bootstrap/generated-dists/centos8/bootstrap.sh
@@ -12,8 +12,10 @@ yum install -y dnf-plugins-core
yum install -y epel-release
yum -v repolist all
-yum config-manager --set-enabled PowerTools -y
-yum config-manager --set-enabled Devel -y
+yum config-manager --set-enabled PowerTools -y || \
+ yum config-manager --set-enabled powertools -y
+yum config-manager --set-enabled Devel -y || \
+ yum config-manager --set-enabled devel -y
yum update -y
yum install -y \
diff --git a/bootstrap/sha1sum.txt b/bootstrap/sha1sum.txt
index 345d4a95e98..9101ad627cc 100644
--- a/bootstrap/sha1sum.txt
+++ b/bootstrap/sha1sum.txt
@@ -1 +1 @@
-1275dc52ac8c1de5981f267df88b85b6f87e299a
+b5b78cacae2fa6cec91925170bc6d4e3774cac9b
diff --git a/lib/util/samba_util.h b/lib/util/samba_util.h
index 5a81baa80b6..e788beac950 100644
--- a/lib/util/samba_util.h
+++ b/lib/util/samba_util.h
@@ -478,6 +478,20 @@ _PUBLIC_ bool file_check_permissions(const char *fname,
*/
_PUBLIC_ bool directory_create_or_exist(const char *dname, mode_t dir_perms);
+/**
+ * @brief Try to create a specified directory and the parent directory if they
+ * don't exist.
+ *
+ * @param[in] dname The directory path to create.
+ *
+ * @param[in] dir_perms The permission of the directories.
+ *
+ * @return true on success, false otherwise.
+ */
+_PUBLIC_ bool directory_create_or_exists_recursive(
+ const char *dname,
+ mode_t dir_perms);
+
_PUBLIC_ bool directory_create_or_exist_strict(const char *dname,
uid_t uid,
mode_t dir_perms);
diff --git a/lib/util/tests/test_util.c b/lib/util/tests/test_util.c
index eebba39e70c..a893e6175c2 100644
--- a/lib/util/tests/test_util.c
+++ b/lib/util/tests/test_util.c
@@ -4,6 +4,7 @@
* Unit test for util.c
*
* Copyright (C) Christof Schmitt 2020
+ * Copyright (C) Andreas Schneider 2020
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -19,13 +20,22 @@
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
-#include "lib/util/util.c"
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <setjmp.h>
#include <cmocka.h>
+#include "lib/replace/replace.h"
+#include "system/dir.h"
+
+#include "lib/util/util.c"
+
struct test_paths {
char testdir[PATH_MAX];
char none[PATH_MAX];
char dir[PATH_MAX];
+ char dir_recursive[PATH_MAX];
mode_t dir_mode;
char file[PATH_MAX];
mode_t file_mode;
@@ -59,6 +69,12 @@ static int group_setup(void **state)
ret = mkdir(paths->dir, paths->dir_mode);
assert_return_code(ret, errno);
+ strlcpy(paths->dir_recursive, testdir, sizeof(paths->dir));
+ strlcat(paths->dir_recursive, "/dir_recursive", sizeof(paths->dir));
+ paths->dir_mode = 0750;
+ ret = mkdir(paths->dir_recursive, paths->dir_mode);
+ assert_return_code(ret, errno);
+
strlcpy(paths->file, testdir, sizeof(paths->file));
strlcat(paths->file, "/file", sizeof(paths->file));
paths->file_mode = 0640;
@@ -89,16 +105,79 @@ static int group_setup(void **state)
return 0;
}
+static int torture_rmdirs(const char *path)
+{
+ DIR *d;
+ struct dirent *dp;
+ struct stat sb;
+ char *fname;
+
+ if ((d = opendir(path)) != NULL) {
+ while(stat(path, &sb) == 0) {
+ /* if we can remove the directory we're done */
+ if (rmdir(path) == 0) {
+ break;
+ }
+ switch (errno) {
+ case ENOTEMPTY:
+ case EEXIST:
+ case EBADF:
+ break; /* continue */
+ default:
+ closedir(d);
+ return 0;
+ }
+
+ while ((dp = readdir(d)) != NULL) {
+ size_t len;
+ /* skip '.' and '..' */
+ if (dp->d_name[0] == '.' &&
+ (dp->d_name[1] == '\0' ||
+ (dp->d_name[1] == '.' && dp->d_name[2] == '\0'))) {
+ continue;
+ }
+
+ len = strlen(path) + strlen(dp->d_name) + 2;
+ fname = malloc(len);
+ if (fname == NULL) {
+ closedir(d);
+ return -1;
+ }
+ snprintf(fname, len, "%s/%s", path, dp->d_name);
+
+ /* stat the file */
+ if (lstat(fname, &sb) != -1) {
+ if (S_ISDIR(sb.st_mode) && !S_ISLNK(sb.st_mode)) {
+ if (rmdir(fname) < 0) { /* can't be deleted */
+ if (errno == EACCES) {
+ closedir(d);
+ SAFE_FREE(fname);
+ return -1;
+ }
+ torture_rmdirs(fname);
+ }
+ } else {
+ unlink(fname);
+ }
+ } /* lstat */
+ SAFE_FREE(fname);
+ } /* readdir */
+
+ rewinddir(d);
+ }
+ } else {
+ return -1;
+ }
+
+ closedir(d);
+ return 0;
+}
+
static int group_teardown(void **state)
{
struct test_paths *paths = *state;
int ret;
- return 0;
-
- ret = rmdir(paths->dir);
- assert_return_code(ret, errno);
-
ret = unlink(paths->file);
assert_return_code(ret, errno);
@@ -111,7 +190,7 @@ static int group_teardown(void **state)
ret = unlink(paths->symlink_file);
assert_return_code(ret, errno);
- ret = unlink(paths->testdir);
+ ret = torture_rmdirs(paths->testdir);
assert_return_code(ret, errno);
free(paths);
@@ -217,6 +296,30 @@ static void test_directory_create_or_exists_symlink_file(void **state)
assert_true(S_ISLNK(sbuf.st_mode));
}
+static void test_directory_create_or_exists_recursive(void **state)
+{
+ struct test_paths *paths = *state;
+ char recursive_testdir[PATH_MAX] = {0};
+ struct stat sbuf = {0};
+ bool ok;
+ int ret;
+
+ ret = snprintf(recursive_testdir,
+ sizeof(recursive_testdir),
+ "%s/wurst/brot",
+ paths->dir_recursive);
+ assert_int_not_equal(ret, -1);
+
+ ok = directory_create_or_exists_recursive(recursive_testdir,
+ 0700);
+ assert_true(ok);
+
+ ret = lstat(recursive_testdir, &sbuf);
+ assert_return_code(ret, errno);
+ assert_int_equal(sbuf.st_mode & 0777, 0700);
+ assert_true(S_ISDIR(sbuf.st_mode));
+}
+
int main(int argc, char **argv)
{
const struct CMUnitTest tests[] = {
@@ -226,6 +329,7 @@ int main(int argc, char **argv)
cmocka_unit_test(test_directory_create_or_exists_symlink_none),
cmocka_unit_test(test_directory_create_or_exists_symlink_dir),
cmocka_unit_test(test_directory_create_or_exists_symlink_file),
+ cmocka_unit_test(test_directory_create_or_exists_recursive),
};
cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
diff --git a/lib/util/util.c b/lib/util/util.c
index 59dc7bd6b71..ac1aefa347b 100644
--- a/lib/util/util.c
+++ b/lib/util/util.c
@@ -35,6 +35,7 @@
#include "debug.h"
#include "samba_util.h"
#include "lib/util/select.h"
+#include <libgen.h>
#ifdef HAVE_SYS_PRCTL_H
#include <sys/prctl.h>
@@ -398,6 +399,45 @@ _PUBLIC_ bool directory_create_or_exist(const char *dname,
return true;
}
+_PUBLIC_ bool directory_create_or_exists_recursive(
+ const char *dname,
+ mode_t dir_perms)
+{
+ bool ok;
+
+ ok = directory_create_or_exist(dname, dir_perms);
+ if (!ok) {
+ if (!directory_exist(dname)) {
+ char tmp[PATH_MAX] = {0};
+ char *parent = NULL;
+ size_t n;
+
+ /* Use the null context */
+ n = strlcpy(tmp, dname, sizeof(tmp));
+ if (n < strlen(dname)) {
+ DBG_ERR("Path too long!\n");
+ return false;
+ }
+
+ parent = dirname(tmp);
+ if (parent == NULL) {
+ DBG_ERR("Failed to create dirname!\n");
+ return false;
+ }
+
+ ok = directory_create_or_exists_recursive(parent,
+ dir_perms);
+ if (!ok) {
+ return false;
+ }
+
+ ok = directory_create_or_exist(dname, dir_perms);
+ }
+ }
+
+ return ok;
+}
+
/**
* @brief Try to create a specified directory if it doesn't exist.
*
diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c
index cc03607d789..230475480c2 100644
--- a/libcli/smb/smb2_signing.c
+++ b/libcli/smb/smb2_signing.c
@@ -189,13 +189,8 @@ NTSTATUS smb2_signing_check_pdu(struct smb2_signing_key *signing_key,
static const uint8_t zero_sig[16] = { 0, };
int i;
- if (count < 2) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (vector[0].iov_len != SMB2_HDR_BODY) {
- return NT_STATUS_INVALID_PARAMETER;
- }
+ SMB_ASSERT(count >= 2);
+ SMB_ASSERT(vector[0].iov_len == SMB2_HDR_BODY);
hdr = (const uint8_t *)vector[0].iov_base;
diff --git a/libcli/smb/smb2cli_ioctl.c b/libcli/smb/smb2cli_ioctl.c
index 2b572baeb23..f9abcc57bab 100644
--- a/libcli/smb/smb2cli_ioctl.c
+++ b/libcli/smb/smb2cli_ioctl.c
@@ -160,6 +160,97 @@ struct tevent_req *smb2cli_ioctl_send(TALLOC_CTX *mem_ctx,
return req;
}
+static NTSTATUS smb2cli_ioctl_parse_buffer(uint32_t dyn_offset,
+ const DATA_BLOB dyn_buffer,
+ uint32_t min_offset,
+ uint32_t buffer_offset,
+ uint32_t buffer_length,
+ uint32_t max_length,
+ uint32_t *next_offset,
+ DATA_BLOB *buffer)
+{
+ uint32_t offset;
+ bool oob;
+
+ *buffer = data_blob_null;
+ *next_offset = dyn_offset;
+
+ if (buffer_offset == 0) {
--
Samba Shared Repository
More information about the samba-cvs
mailing list