[SCM] Samba Shared Repository - branch v4-14-test updated
Jule Anger
janger at samba.org
Mon Oct 18 08:42:01 UTC 2021
The branch, v4-14-test has been updated
via 44636fa0378 ctdb-tests: add a comment to the generated public_addresses file used by eventscript UNIT tests
via c10d2880356 ctdb-tests: Fix typo in ctdb stub comment matching
via a200f88452e ctdb-scripts: filter out comments in public_addresses file
via edf50886ec5 s3: smbd: Ensure when we change security context we delete any $cwd cache.
via de2150dc762 s3: selftest: Add regression test to show the $cwd cache is misbehaving when we connect as a different user on a share.
from 6f10103d076 VERSION: Bump version up to Samba 4.14.9...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test
- Log -----------------------------------------------------------------
commit 44636fa037814fe71d2397865ff3cfa88f8fd35c
Author: Ralph Boehme <slow at samba.org>
Date: Fri Oct 8 05:58:37 2021 +0200
ctdb-tests: add a comment to the generated public_addresses file used by eventscript UNIT tests
test stub code has been updated to handle this, so now let's put it
to work.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14826
RN: Correctly ignore comments in CTDB public addresses file
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit 4e3676cb3c4d24cd4c287703d2cd812a2a8c36ff)
Autobuild-User(v4-14-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-14-test): Mon Oct 18 08:41:16 UTC 2021 on sn-devel-184
commit c10d2880356ded48bc7aac1e4540acdc092d34dc
Author: Martin Schwenke <martin at meltin.net>
Date: Tue Oct 12 12:19:27 2021 +1100
ctdb-tests: Fix typo in ctdb stub comment matching
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14826
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 5426c104f5090751c1ea02f0c0667d8d071a4a83)
commit a200f88452e6daac6ece9738ab3192470224aac9
Author: Ralph Boehme <slow at samba.org>
Date: Wed Sep 8 16:53:12 2021 +0200
ctdb-scripts: filter out comments in public_addresses file
Note that order of sed expressions matters: the expression to delete
comment lines must come first as the second expression would transform
# comment
to
comment
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14826
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit 530e8d4b9e47601b88e20bcaefa2d502efcebe60)
commit edf50886ec524a58a8862c04347bbb29a8a29376
Author: Jeremy Allison <jra at samba.org>
Date: Thu Oct 7 14:11:25 2021 -0700
s3: smbd: Ensure when we change security context we delete any $cwd cache.
This will ensure we *always* call into the VFS_SMB_CHDIR backends
on security context switch. The $cwd was an optimization that
was only looking at the raw filesystem path. We could delete it
completely but that is a patch for another day.
Remove knownfail on regression test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14682
RN: vfs_shadow_copy2: core dump in make_relative_path
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Oct 8 21:28:04 UTC 2021 on sn-devel-184
(cherry picked from commit 4fe965836243928ac33eb95a67d3e889fdc15861)
commit de2150dc762bb911e320cd352ab5a41a0f92bc72
Author: Jeremy Allison <jra at samba.org>
Date: Thu Oct 7 14:08:48 2021 -0700
s3: selftest: Add regression test to show the $cwd cache is misbehaving when we connect as a different user on a share.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14682
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 954e637ddc6f0f5291d0a15cdbcbc6a4f7a6cb13)
-----------------------------------------------------------------------
Summary of changes:
ctdb/config/events/legacy/10.interface.script | 3 +-
ctdb/config/functions | 3 +
ctdb/tests/UNIT/eventscripts/scripts/local.sh | 1 +
ctdb/tests/UNIT/eventscripts/stubs/ctdb | 2 +-
source3/script/tests/test_chdir_cache.sh | 102 ++++++++++++++++++++++++++
source3/selftest/tests.py | 9 +++
source3/smbd/sec_ctx.c | 8 ++
7 files changed, 126 insertions(+), 2 deletions(-)
create mode 100755 source3/script/tests/test_chdir_cache.sh
Changeset truncated at 500 lines:
diff --git a/ctdb/config/events/legacy/10.interface.script b/ctdb/config/events/legacy/10.interface.script
index 72e0c101d47..d87f6c52c58 100755
--- a/ctdb/config/events/legacy/10.interface.script
+++ b/ctdb/config/events/legacy/10.interface.script
@@ -25,7 +25,8 @@ fi
get_all_interfaces ()
{
# Get all the interfaces listed in the public_addresses file
- all_interfaces=$(sed -e 's/^[^\t ]*[\t ]*//' \
+ all_interfaces=$(sed -e '/^#.*/d' \
+ -e 's/^[^\t ]*[\t ]*//' \
-e 's/,/ /g' \
-e 's/[\t ]*$//' "$ctdb_public_addresses")
diff --git a/ctdb/config/functions b/ctdb/config/functions
index 2395d8d4dc8..a4e73ad0594 100755
--- a/ctdb/config/functions
+++ b/ctdb/config/functions
@@ -611,6 +611,9 @@ drop_all_public_ips ()
# _x is intentionally ignored
# shellcheck disable=SC2034
while read _ip _x ; do
+ case "$_ip" in
+ \#*) continue ;;
+ esac
drop_ip "$_ip"
done <"${CTDB_BASE}/public_addresses"
}
diff --git a/ctdb/tests/UNIT/eventscripts/scripts/local.sh b/ctdb/tests/UNIT/eventscripts/scripts/local.sh
index 14017e95365..8d5c1eab612 100644
--- a/ctdb/tests/UNIT/eventscripts/scripts/local.sh
+++ b/ctdb/tests/UNIT/eventscripts/scripts/local.sh
@@ -281,6 +281,7 @@ setup_public_addresses ()
echo "Setting up public addresses in ${_f}"
cat >"$_f" <<EOF
+# This is a comment
10.0.0.1/24 dev123
10.0.0.2/24 dev123
10.0.0.3/24 dev123
diff --git a/ctdb/tests/UNIT/eventscripts/stubs/ctdb b/ctdb/tests/UNIT/eventscripts/stubs/ctdb
index 12627de16a5..fc7bd4fdd84 100755
--- a/ctdb/tests/UNIT/eventscripts/stubs/ctdb
+++ b/ctdb/tests/UNIT/eventscripts/stubs/ctdb
@@ -425,7 +425,7 @@ ctdb_ifaces()
# Assume -Y.
echo "|Name|LinkStatus|References|"
while read _ip _iface ; do
- case "_$ip" in
+ case "$_ip" in
\#*) : ;;
*)
_status=1
diff --git a/source3/script/tests/test_chdir_cache.sh b/source3/script/tests/test_chdir_cache.sh
new file mode 100755
index 00000000000..6287d17354a
--- /dev/null
+++ b/source3/script/tests/test_chdir_cache.sh
@@ -0,0 +1,102 @@
+#!/bin/bash
+#
+# Ensure we get a chdir_current_service error if CHDIR fails with EACCESS
+# for an SMB2 request.
+#
+# BUG:https://bugzilla.samba.org/show_bug.cgi?id=14682
+#
+# Copyright (C) 2021 Jeremy Allison
+
+if [ $# -lt 5 ]; then
+ echo Usage: test_chdir_user.sh \
+ --configfile=SERVERCONFFILE SMBCLIENT SMBCONTROL SERVER SHARE
+exit 1
+fi
+
+CONF=$1; shift 1
+SMBCLIENT=$1; shift 1
+SMBCONTROL=$1; shift 1
+SERVER=$1; shift 1
+SHARE=$1; shift 1
+
+# Do not let deprecated option warnings muck this up
+SAMBA_DEPRECATED_SUPPRESS=1
+export SAMBA_DEPRECATED_SUPPRESS
+
+conf_dir=$(dirname ${SERVERCONFFILE})
+
+log_file=${conf_dir}/../smbd_test.log
+
+error_inject_conf=${conf_dir}/error_inject.conf
+> ${error_inject_conf}
+
+incdir=$(dirname $0)/../../../testprogs/blackbox
+. $incdir/subunit.sh
+
+failed=0
+
+cd $SELFTEST_TMPDIR || exit 1
+
+rm -f smbclient-stdin smbclient-stdout smbclient-stderr
+mkfifo smbclient-stdin smbclient-stdout smbclient-stderr
+
+CLI_FORCE_INTERACTIVE=1; export CLI_FORCE_INTERACTIVE
+
+${SMBCLIENT} //${SERVER}/${SHARE} ${CONF} -U${USER}%${PASSWORD} \
+ < smbclient-stdin > smbclient-stdout 2>smbclient-stderr &
+CLIENT_PID=$!
+
+# Count the number of chdir_current_service: vfs_ChDir.*failed: Permission denied
+# errors that are already in the log (should be zero).
+num_errs=`grep "chdir_current_service: vfs_ChDir.*failed: Permission denied" ${log_file} | wc -l`
+
+sleep 1
+
+exec 100>smbclient-stdin 101<smbclient-stdout 102<smbclient-stderr
+
+# consume the smbclient startup messages
+head -n 1 <&101
+
+# Do an 'ls' as ${USER} to make sure we've done a CHDIR into
+# the share directory.
+echo "ls" >&100
+
+# consume the smbclient output
+head -n 4 <&101
+
+# Now change user to user2, and connect to the share.
+# This should leave us in the same share directory.
+echo "logon user2 ${PASSWORD}" >&100
+echo "tcon ${SHARE}" >&100
+
+# consume the smbclient output
+head -n 4 <&101
+
+# Ensure any chdir will give EACCESS.
+echo "error_inject:chdir = EACCES" > ${error_inject_conf}
+${SMBCONTROL} ${CONF} 0 reload-config
+
+sleep 1
+
+# Do an 'ls' as user2. Changing users should have
+# deleted the CHDIR cache, so we should now see
+# a chdir_current_service: vfs_ChDir.*failed: Permission denied
+# error message in the log.
+echo 'ls' >&100
+
+kill ${CLIENT_PID}
+rm -f smbclient-stdin smbclient-stdout smbclient-stderr
+
+# Remove the chdir inject.
+> ${error_inject_conf}
+${SMBCONTROL} ${CONF} 0 reload-config
+
+# Now look for chdir_current_service: vfs_ChDir.*failed: Permission denied
+# in the smb log. There should be one more than before.
+
+num_errs1=`grep "chdir_current_service: vfs_ChDir.*failed: Permission denied" ${log_file} | wc -l`
+
+testit "Verify we got at least one chdir error" \
+ test $num_errs1 -gt $num_errs || failed=$(expr $failed + 1)
+
+testok $0 $failed
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 660b228e0b4..651be239825 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -1011,6 +1011,15 @@ plantestsuite("samba3.blackbox.open-eintr", "simpleserver:local",
'$SERVER_IP',
"error_inject"])
+plantestsuite("samba3.blackbox.chdir-cache", "simpleserver:local",
+ [os.path.join(samba3srcdir,
+ "script/tests/test_chdir_cache.sh"),
+ configuration,
+ os.path.join(bindir(), "smbclient"),
+ os.path.join(bindir(), "smbcontrol"),
+ '$SERVER_IP',
+ "error_inject"])
+
plantestsuite("samba3.blackbox.netfileenum", "simpleserver:local",
[os.path.join(samba3srcdir,
"script/tests/test_netfileenum.sh"),
diff --git a/source3/smbd/sec_ctx.c b/source3/smbd/sec_ctx.c
index 5e0710e0ecb..d80069d4a89 100644
--- a/source3/smbd/sec_ctx.c
+++ b/source3/smbd/sec_ctx.c
@@ -360,6 +360,14 @@ static void set_sec_ctx_internal(uid_t uid, gid_t gid,
current_user.ut.ngroups = ngroups;
current_user.ut.groups = groups;
current_user.nt_user_token = ctx_p->token;
+
+ /*
+ * Delete any ChDir cache. We can't assume
+ * the new uid has access to current working
+ * directory.
+ * BUG: https://bugzilla.samba.org/show_bug.cgi?id=14682
+ */
+ SAFE_FREE(LastDir);
}
void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, const struct security_token *token)
--
Samba Shared Repository
More information about the samba-cvs
mailing list