[SCM] Samba Shared Repository - branch v4-14-stable updated
Karolin Seeger
kseeger at samba.org
Mon Mar 1 10:13:10 UTC 2021
The branch, v4-14-stable has been updated
via 205891fc5ac VERSION: Disable GIT_SNAPSHOT for the 4.14.0rc4 release.
via 93b47d319cc WHATSNEW: Add release notes for Samba 4.14.0rc4.
via 9baa3dddd0d smbd: don't overwrite _mode if neither a msdfs symlink nor get_dosmode is requested
via c19d3eacc2f CI: verify a symlink has FILE_ATTRIBUTE_NORMAL set
via cc3c704a84f vfs_aixacl: fix regression from f4c2f867f035fcbe3d547d5635d058b0aec7636a
via 72dcae2f569 vfs: restore platform specific POSIX sys_acl_set_file() functions
via 51577d22ef6 smbd: In conn_force_tdis_done() when forcing a connection closed force a full reload of services.
via 42dbd31f739 dbcheck: Check Deleted Objects and reduce noise in reports about expired tombstones
via b3cd04c1038 selftest: Confirm that we fix any errors on the Deleted Objects container itself
via 1f520ec35e1 printing: use correct error out in get_correct_cversion() when openat_pathref_fsp() fails
via b30a1950e26 printing: use correct error out in file_version_is_newer() when openat_pathref_fsp() fails
via 5b1a5b776a7 printing: use correct error out in file_version_is_newer() when openat_pathref_fsp() fails
via d339556659c VERSION: Bump version up to 4.14.0rc4...
from 0490e756e11 VERSION: Bump version up to 4.14.0rc3.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 22 ++++-
python/samba/dbchecker.py | 25 +++++-
source3/modules/vfs_aixacl.c | 27 +++++-
source3/modules/vfs_solarisacl.c | 97 ++++++++++++++++++++++
source3/modules/vfs_tru64acl.c | 46 ++++++++++
source3/printing/nt_printing.c | 12 ++-
source3/smbd/conn_idle.c | 10 ++-
source3/smbd/trans2.c | 16 ++--
source3/torture/test_posix.c | 14 ++++
...cted-dbcheck-link-output-lost-deleted-user3.txt | 16 ++--
testprogs/blackbox/dbcheck-links.sh | 2 +-
testprogs/blackbox/dbcheck-oldrelease.sh | 12 +++
13 files changed, 275 insertions(+), 26 deletions(-)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 485e6eb0aa1..bb77b697eb0 100644
--- a/VERSION
+++ b/VERSION
@@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE=
# e.g. SAMBA_VERSION_RC_RELEASE=1 #
# -> "3.0.0rc1" #
########################################################
-SAMBA_VERSION_RC_RELEASE=3
+SAMBA_VERSION_RC_RELEASE=4
########################################################
# To mark SVN snapshots this should be set to 'yes' #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index ca597378c9e..37805c35f26 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,7 +1,7 @@
Release Announcements
=====================
-This is the third release candidate of Samba 4.14. This is *not*
+This is the fourth release candidate of Samba 4.14. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
@@ -203,6 +203,26 @@ smb.conf changes
server smb encrypt New default
+CHANGES SINCE 4.14.0rc3
+=======================
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 14604: smbd: In conn_force_tdis_done() when forcing a connection closed
+ force a full reload of services.
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 14593: dbcheck: Check Deleted Objects and reduce noise in reports about
+ expired tombstones.
+
+o Ralph Boehme <slow at samba.org>
+ * BUG 14619: vfs: Restore platform specific POSIX sys_acl_set_file()
+ functions.
+ * BUG 14620: Fix the build on AIX.
+ * BUG 14629: smbd: Don't overwrite _mode if neither a msdfs symlink nor
+ get_dosmode is requested.
+ * BUG 14635: Fix printer driver upload.
+
+
CHANGES SINCE 4.14.0rc2
=======================
diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py
index 364dc9427d7..d10d765434c 100644
--- a/python/samba/dbchecker.py
+++ b/python/samba/dbchecker.py
@@ -1816,6 +1816,11 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
# old static provision dumps
return False
+ if dn in self.deleted_objects_containers:
+ # The Deleted Objects container will look like an expired
+ # tombstone
+ return False
+
repl = ndr_unpack(drsblobs.replPropertyMetaDataBlob, repl_val)
isDeleted = self.find_repl_attid(repl, drsuapi.DRSUAPI_ATTID_isDeleted)
@@ -1829,7 +1834,25 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
if delta <= tombstone_delta:
return False
- self.report("SKIPING: object %s is an expired tombstone" % dn)
+ expunge_time = delete_time + tombstone_delta
+
+ delta_days = delta / (24 * 60 * 60)
+
+ if delta_days <= 2:
+ self.report("SKIPPING additional checks on object "
+ "%s which very recently "
+ "became an expired tombstone (normal)" % dn)
+ self.report("INFO: it is expected this will be expunged "
+ "by the next daily task some time after %s, "
+ "%d hours ago"
+ % (time.ctime(expunge_time), delta // (60 * 60)))
+ else:
+ self.report("SKIPPING: object %s is an expired tombstone" % dn)
+ self.report("INFO: it was expected this object would have "
+ "been expunged soon after"
+ "%s, %d days ago"
+ % (time.ctime(expunge_time), delta_days))
+
self.report("isDeleted: attid=0x%08x version=%d invocation=%s usn=%s (local=%s) at %s" % (
isDeleted.attid,
isDeleted.version,
diff --git a/source3/modules/vfs_aixacl.c b/source3/modules/vfs_aixacl.c
index f7493794a45..e4c5f1ef7e2 100644
--- a/source3/modules/vfs_aixacl.c
+++ b/source3/modules/vfs_aixacl.c
@@ -133,6 +133,27 @@ SMB_ACL_T aixacl_sys_acl_get_fd(vfs_handle_struct *handle,
return NULL;*/
}
+int aixacl_sys_acl_set_file(vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname,
+ SMB_ACL_TYPE_T type,
+ SMB_ACL_T theacl)
+{
+ struct acl *file_acl = NULL;
+ unsigned int rc;
+
+ file_acl = aixacl_smb_to_aixacl(type, theacl);
+ if (!file_acl)
+ return -1;
+
+ rc = chacl((char *)smb_fname->base_name,file_acl,file_acl->acl_len);
+ DEBUG(10,("errno is %d\n",errno));
+ DEBUG(10,("return code is %d\n",rc));
+ SAFE_FREE(file_acl);
+ DEBUG(10,("Exiting the aixacl_sys_acl_set_file\n"));
+
+ return rc;
+}
+
int aixacl_sys_acl_set_fd(vfs_handle_struct *handle,
files_struct *fsp,
SMB_ACL_TYPE_T type,
@@ -149,9 +170,9 @@ int aixacl_sys_acl_set_fd(vfs_handle_struct *handle,
/*
* This is no longer a handle based call.
*/
- return = chacl(fsp->fsp_name->base_name,
- file_acl,
- file_acl->acl_len);
+ return chacl(fsp->fsp_name->base_name,
+ file_acl,
+ file_acl->acl_len);
}
rc = fchacl(fsp_get_io_fd(fsp),file_acl,file_acl->acl_len);
diff --git a/source3/modules/vfs_solarisacl.c b/source3/modules/vfs_solarisacl.c
index b43a57c9c9f..1b3b4ba0706 100644
--- a/source3/modules/vfs_solarisacl.c
+++ b/source3/modules/vfs_solarisacl.c
@@ -135,6 +135,103 @@ SMB_ACL_T solarisacl_sys_acl_get_fd(vfs_handle_struct *handle,
return result;
}
+int solarisacl_sys_acl_set_file(vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname_in,
+ SMB_ACL_TYPE_T type,
+ SMB_ACL_T theacl)
+{
+ int ret = -1;
+ SOLARIS_ACL_T solaris_acl = NULL;
+ int count;
+ struct smb_filename *smb_fname = NULL;
+
+ smb_fname = cp_smb_filename_nostream(talloc_tos(), smb_fname_in);
+ if (smb_fname == NULL) {
+ errno = ENOMEM;
+ goto done;
+ }
+
+ DEBUG(10, ("solarisacl_sys_acl_set_file called for file '%s'\n",
+ smb_fname->base_name));
+
+ if ((type != SMB_ACL_TYPE_ACCESS) && (type != SMB_ACL_TYPE_DEFAULT)) {
+ errno = EINVAL;
+ DEBUG(10, ("invalid smb acl type given (%d).\n", type));
+ goto done;
+ }
+ DEBUGADD(10, ("setting %s acl\n",
+ ((type == SMB_ACL_TYPE_ACCESS) ? "access" : "default")));
+
+ if(!smb_acl_to_solaris_acl(theacl, &solaris_acl, &count, type)) {
+ DEBUG(10, ("conversion smb_acl -> solaris_acl failed (%s).\n",
+ strerror(errno)));
+ goto done;
+ }
+
+ /*
+ * if the file is a directory, there is extra work to do:
+ * since the solaris acl call stores both the access acl and
+ * the default acl as provided, we have to get the acl part
+ * that has not been specified in "type" from the file first
+ * and concatenate it with the acl provided.
+ *
+ * We can directly use SMB_VFS_STAT here, as if this was a
+ * POSIX call on a symlink, we've already refused it.
+ * For a Windows acl mapped call on a symlink, we want to follow
+ * it.
+ */
+ ret = SMB_VFS_STAT(handle->conn, smb_fname);
+ if (ret != 0) {
+ DEBUG(10, ("Error in stat call: %s\n", strerror(errno)));
+ goto done;
+ }
+ if (S_ISDIR(smb_fname->st.st_ex_mode)) {
+ SOLARIS_ACL_T other_acl = NULL;
+ int other_count;
+ SMB_ACL_TYPE_T other_type;
+
+ other_type = (type == SMB_ACL_TYPE_ACCESS)
+ ? SMB_ACL_TYPE_DEFAULT
+ : SMB_ACL_TYPE_ACCESS;
+ DEBUGADD(10, ("getting acl from filesystem\n"));
+ if (!solaris_acl_get_file(smb_fname->base_name,
+ &other_acl, &other_count)) {
+ DEBUG(10, ("error getting acl from directory\n"));
+ goto done;
+ }
+ DEBUG(10, ("adding %s part of fs acl to given acl\n",
+ ((other_type == SMB_ACL_TYPE_ACCESS)
+ ? "access"
+ : "default")));
+ if (!solaris_add_to_acl(&solaris_acl, &count, other_acl,
+ other_count, other_type))
+ {
+ DEBUG(10, ("error adding other acl.\n"));
+ SAFE_FREE(other_acl);
+ goto done;
+ }
+ SAFE_FREE(other_acl);
+ }
+ else if (type != SMB_ACL_TYPE_ACCESS) {
+ errno = EINVAL;
+ goto done;
+ }
+
+ if (!solaris_acl_sort(solaris_acl, count)) {
+ DEBUG(10, ("resulting acl is not valid!\n"));
+ goto done;
+ }
+
+ ret = acl(smb_fname->base_name, SETACL, count, solaris_acl);
+
+ done:
+ DEBUG(10, ("solarisacl_sys_acl_set_file %s.\n",
+ ((ret != 0) ? "failed" : "succeeded")));
+ SAFE_FREE(solaris_acl);
+ TALLOC_FREE(smb_fname);
+ return ret;
+}
+
/*
* set the access ACL on the file referred to by a fd
*/
diff --git a/source3/modules/vfs_tru64acl.c b/source3/modules/vfs_tru64acl.c
index 12b50ea042c..24e9a69bf89 100644
--- a/source3/modules/vfs_tru64acl.c
+++ b/source3/modules/vfs_tru64acl.c
@@ -87,6 +87,52 @@ SMB_ACL_T tru64acl_sys_acl_get_fd(vfs_handle_struct *handle,
return result;
}
+int tru64acl_sys_acl_set_file(vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname,
+ SMB_ACL_TYPE_T type,
+ SMB_ACL_T theacl)
+{
+ int res;
+ acl_type_t the_acl_type;
+ acl_t tru64_acl;
+
+ DEBUG(10, ("tru64acl_sys_acl_set_file called with name %s, type %d\n",
+ smb_fname->base_name, type));
+
+ switch(type) {
+ case SMB_ACL_TYPE_ACCESS:
+ DEBUGADD(10, ("got acl type ACL_TYPE_ACCESS\n"));
+ the_acl_type = ACL_TYPE_ACCESS;
+ break;
+ case SMB_ACL_TYPE_DEFAULT:
+ DEBUGADD(10, ("got acl type ACL_TYPE_DEFAULT\n"));
+ the_acl_type = ACL_TYPE_DEFAULT;
+ break;
+ default:
+ DEBUGADD(10, ("invalid acl type\n"));
+ errno = EINVAL;
+ goto fail;
+ }
+
+ tru64_acl = smb_acl_to_tru64_acl(theacl);
+ if (tru64_acl == NULL) {
+ DEBUG(10, ("smb_acl_to_tru64_acl failed!\n"));
+ goto fail;
+ }
+ DEBUG(10, ("got tru64 acl...\n"));
+ res = acl_set_file((char *)smb_fname->base_name,
+ the_acl_type, tru64_acl);
+ acl_free(tru64_acl);
+ if (res != 0) {
+ DEBUG(10, ("acl_set_file failed: %s\n", strerror(errno)));
+ goto fail;
+ }
+ return res;
+fail:
+ DEBUG(1, ("tru64acl_sys_acl_set_file failed!\n"));
+ return -1;
+}
+
int tru64acl_sys_acl_set_fd(vfs_handle_struct *handle,
files_struct *fsp,
SMB_ACL_TYPE_T type,
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index ffee1d51e5f..64033043675 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -833,7 +833,8 @@ static int file_version_is_newer(connection_struct *conn, fstring new_file, fstr
status = openat_pathref_fsp(conn->cwd_fsp, smb_fname);
if (!NT_STATUS_IS_OK(status)) {
- return false;
+ ret = 1;
+ goto done;
}
status = SMB_VFS_CREATE_FILE(
@@ -892,7 +893,9 @@ static int file_version_is_newer(connection_struct *conn, fstring new_file, fstr
status = openat_pathref_fsp(conn->cwd_fsp, smb_fname);
if (!NT_STATUS_IS_OK(status)) {
- return false;
+ DBG_NOTICE("Can't open new file [%s], errno = %d\n",
+ smb_fname_str_dbg(smb_fname), errno);
+ goto error_exit;
}
status = SMB_VFS_CREATE_FILE(
@@ -1101,7 +1104,10 @@ static uint32_t get_correct_cversion(const struct auth_session_info *session_inf
nt_status = openat_pathref_fsp(conn->cwd_fsp, smb_fname);
if (!NT_STATUS_IS_OK(nt_status)) {
- return false;
+ DBG_NOTICE("Can't open file [%s], errno =%d\n",
+ smb_fname_str_dbg(smb_fname), errno);
+ *perr = WERR_ACCESS_DENIED;
+ goto error_exit;
}
nt_status = SMB_VFS_CREATE_FILE(
diff --git a/source3/smbd/conn_idle.c b/source3/smbd/conn_idle.c
index ca697383877..56a6ef896fb 100644
--- a/source3/smbd/conn_idle.c
+++ b/source3/smbd/conn_idle.c
@@ -273,5 +273,13 @@ static void conn_force_tdis_done(struct tevent_req *req)
* uid in the meantime. Ensure we're still root.
*/
change_to_root_user();
- reload_services(sconn, conn_snum_used, true);
+ /*
+ * Use 'false' in the last parameter (test) to force
+ * a full reload of services. Prevents
+ * reload_services caching the fact it's
+ * been called multiple times in a row.
+ * See BUG: https://bugzilla.samba.org/show_bug.cgi?id=14604
+ * for details.
+ */
+ reload_services(sconn, conn_snum_used, false);
}
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index f3a0d7da75f..7196b0fcc72 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -1755,7 +1755,6 @@ static bool smbd_dirptr_lanman2_mode_fn(TALLOC_CTX *ctx,
struct smbd_dirptr_lanman2_state *state =
(struct smbd_dirptr_lanman2_state *)private_data;
bool ms_dfs_link = false;
- uint32_t mode = 0;
if (smb_fname->flags & SMB_FILENAME_POSIX_PATH) {
if (SMB_VFS_LSTAT(state->conn, smb_fname) != 0) {
@@ -1765,6 +1764,7 @@ static bool smbd_dirptr_lanman2_mode_fn(TALLOC_CTX *ctx,
strerror(errno)));
return false;
}
+ return true;
} else if (!VALID_STAT(smb_fname->st) &&
SMB_VFS_STAT(state->conn, smb_fname) != 0) {
/* Needed to show the msdfs symlinks as
@@ -1779,16 +1779,18 @@ static bool smbd_dirptr_lanman2_mode_fn(TALLOC_CTX *ctx,
strerror(errno)));
return false;
}
+
+ *_mode = dos_mode_msdfs(state->conn, smb_fname);
+ return true;
}
- if (ms_dfs_link) {
- mode = dos_mode_msdfs(state->conn, smb_fname);
- } else if (get_dosmode) {
- mode = fdos_mode(smb_fname->fsp);
- smb_fname->st = smb_fname->fsp->fsp_name->st;
+ if (!get_dosmode) {
+ return true;
}
- *_mode = mode;
+ *_mode = fdos_mode(smb_fname->fsp);
+ smb_fname->st = smb_fname->fsp->fsp_name->st;
+
return true;
}
diff --git a/source3/torture/test_posix.c b/source3/torture/test_posix.c
index 415460cf86c..3ccb51d222b 100644
--- a/source3/torture/test_posix.c
+++ b/source3/torture/test_posix.c
@@ -31,6 +31,7 @@ struct posix_test_entry {
const char *name;
const char *target;
const char *expected;
+ uint32_t attr;
uint64_t returned_size;
bool ok;
};
@@ -44,6 +45,9 @@ static NTSTATUS posix_ls_fn(struct file_info *finfo,
for (; state->name != NULL; state++) {
if (strequal(finfo->name, state->expected)) {
+ if (state->attr != finfo->attr) {
+ break;
+ }
state->ok = true;
state->returned_size = finfo->size;
break;
@@ -57,6 +61,7 @@ static void posix_test_entries_reset(struct posix_test_entry *state)
{
for (; state->name != NULL; state++) {
state->ok = false;
+ state->returned_size = 0;
}
}
@@ -111,14 +116,17 @@ bool run_posix_ls_wildcard_test(int dummy)
.name = symlnk_dangling,
.target = symlnk_dst_dangling,
.expected = symlnk_dangling,
+ .attr = FILE_ATTRIBUTE_NORMAL,
}, {
.name = symlnk_in_share,
.target = symlnk_dst_in_share,
.expected = symlnk_in_share,
+ .attr = FILE_ATTRIBUTE_NORMAL,
}, {
.name = symlnk_outside_share,
.target = symlnk_dst_outside_share,
.expected = symlnk_outside_share,
+ .attr = FILE_ATTRIBUTE_NORMAL,
}, {
.name = NULL,
}
@@ -275,14 +283,17 @@ bool run_posix_ls_single_test(int dummy)
.name = symlnk_dangling,
.target = symlnk_dst_dangling,
.expected = symlnk_dangling,
+ .attr = FILE_ATTRIBUTE_NORMAL,
}, {
.name = symlnk_in_share,
.target = symlnk_dst_in_share,
.expected = symlnk_in_share,
+ .attr = FILE_ATTRIBUTE_NORMAL,
}, {
.name = symlnk_outside_share,
.target = symlnk_dst_outside_share,
.expected = symlnk_outside_share,
+ .attr = FILE_ATTRIBUTE_NORMAL,
}, {
.name = NULL,
}
@@ -457,14 +468,17 @@ bool run_posix_readlink_test(int dummy)
.name = symlnk_dangling,
.target = symlnk_dst_dangling,
.expected = symlnk_dangling,
+ .attr = FILE_ATTRIBUTE_NORMAL,
}, {
.name = symlnk_in_share,
.target = symlnk_dst_in_share,
.expected = symlnk_in_share,
+ .attr = FILE_ATTRIBUTE_NORMAL,
}, {
.name = symlnk_outside_share,
.target = symlnk_dst_outside_share,
.expected = symlnk_outside_share,
+ .attr = FILE_ATTRIBUTE_NORMAL,
}, {
.name = NULL,
}
diff --git a/source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output-lost-deleted-user3.txt b/source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output-lost-deleted-user3.txt
index d014bfacae2..ea9b630df08 100644
--- a/source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output-lost-deleted-user3.txt
+++ b/source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output-lost-deleted-user3.txt
@@ -1,19 +1,19 @@
Checking 232 objects
-SKIPING: object CN=fred\0ADEL:2301a64c-1122-5566-851e-12d4a711cfb4,OU=removed,DC=release-4-5-0-pre1,DC=samba,DC=corp is an expired tombstone
+SKIPPING: object CN=fred\0ADEL:2301a64c-1122-5566-851e-12d4a711cfb4,OU=removed,DC=release-4-5-0-pre1,DC=samba,DC=corp is an expired tombstone
isDeleted: attid=0x00020030 version=1 invocation=4e4496a3-7fb8-4f97-8a33-d238db8b5e2d usn=3746 (local=3746) at Wed Jun 29 04:36:39 2016
--
Samba Shared Repository
More information about the samba-cvs
mailing list