[SCM] Samba Shared Repository - branch v4-15-test updated

Jule Anger janger at samba.org
Mon Oct 18 09:08:02 UTC 2021


The branch, v4-15-test has been updated
       via  57ffd32d455 s3: smbspool. Remove last use of 'extern char **environ;'.
       via  d3b3aa9e19f Fix detection of rpc/xdr.h on macOS
       via  0d59b1fb326 vfs_preopen.c: Fix -Wformat error on macOS
       via  3ded98767d3 source3/smbd/statcache.c: Fix -Wformat build error on macOS
       via  4c89d9169a4 sec_ctx.c: Fix -Wunused-function warning on macOS
       via  0daa3af7042 source3/printing/queue_process.c: fix build on macOS
       via  80e9d89a97b audit_logging.c: fix compilation on macOS
       via  448f2acdcea charset_macosxfs.c: fix compilation on macOS
       via  d3df31162f0 ctdb-tests: add a comment to the generated public_addresses file used by eventscript UNIT tests
       via  63a3b7838e1 ctdb-tests: Fix typo in ctdb stub comment matching
       via  36621069e26 ctdb-scripts: filter out comments in public_addresses file
       via  dffca59ded1 s3: VFS: zfsacl: Ensure we use a pathref fd, not an io fd, for getting/setting ZFS ACLs.
       via  f2455a9023c s3: smbd: Ensure when we change security context we delete any $cwd cache.
       via  a55d4fe2208 s3: selftest: Add regression test to show the $cwd cache is misbehaving when we connect as a different user on a share.
      from  86738410826 .gitlab-ci: Allow a 1 hour to build Samba

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test


- Log -----------------------------------------------------------------
commit 57ffd32d455a4cf573eb886a6bde5ac57741c046
Author: Jeremy Allison <jra at samba.org>
Date:   Wed Oct 13 09:46:07 2021 -0700

    s3: smbspool. Remove last use of 'extern char **environ;'.
    
    This should come from lib/replace/replace.h to cope with
    system (MacOSX etc.) differences.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14862
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    
    Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
    Autobuild-Date(master): Thu Oct 14 19:51:59 UTC 2021 on sn-devel-184
    
    (cherry picked from commit 1d3e118f6f2274a67cdb8141dc8dade0c571c8f5)
    
    Autobuild-User(v4-15-test): Jule Anger <janger at samba.org>
    Autobuild-Date(v4-15-test): Mon Oct 18 09:07:06 UTC 2021 on sn-devel-184

commit d3b3aa9e19f3b9b3231d75ae56debce36e84d593
Author: Alex Richardson <Alexander.Richardson at cl.cam.ac.uk>
Date:   Wed Sep 8 14:42:57 2021 +0100

    Fix detection of rpc/xdr.h on macOS
    
    We need to include rpc/types.h first to include this header.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14862
    
    Signed-off-by: Alex Richardson <Alexander.Richardson at cl.cam.ac.uk>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Wed Oct 13 02:33:05 UTC 2021 on sn-devel-184
    
    (cherry picked from commit fc2347be4ed9a9083a56468ca5e43070059038c5)

commit 0d59b1fb326196c1dd58aeaf69c9f2f89311f761
Author: Alex Richardson <Alexander.Richardson at cl.cam.ac.uk>
Date:   Wed Sep 8 14:42:25 2021 +0100

    vfs_preopen.c: Fix -Wformat error on macOS
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14862
    
    Signed-off-by: Alex Richardson <Alexander.Richardson at cl.cam.ac.uk>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit 99ee7f3d89cce9b07b8ed3f55f7e8e67baed6ee1)

commit 3ded98767d34938c12f2b5d723a41d09391f48ae
Author: Alex Richardson <Alexander.Richardson at cl.cam.ac.uk>
Date:   Wed Sep 8 13:29:54 2021 +0100

    source3/smbd/statcache.c: Fix -Wformat build error on macOS
    
    The format string uses PRIx64, so we should be using uint64_t and not
    uintmax_t.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14862
    
    Signed-off-by: Alex Richardson <Alexander.Richardson at cl.cam.ac.uk>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit 1d893f723207040c285ed061db3a690099f8c929)

commit 4c89d9169a4173997820e6ad1603bdb30ebfd808
Author: Alex Richardson <Alexander.Richardson at cl.cam.ac.uk>
Date:   Wed Sep 8 13:27:41 2021 +0100

    sec_ctx.c: Fix -Wunused-function warning on macOS
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14862
    
    Signed-off-by: Alex Richardson <Alexander.Richardson at cl.cam.ac.uk>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit 6dadf251fc02c2b3237c48d316f5cb8791ab4f76)

commit 0daa3af704218656414d1d941425881345bb1b70
Author: Alex Richardson <Alexander.Richardson at cl.cam.ac.uk>
Date:   Wed Sep 8 13:25:04 2021 +0100

    source3/printing/queue_process.c: fix build on macOS
    
    On macOS environ is defined to (*_NSGetEnviron()) in lib/replace/replace.h
    and otherwise the `extern char **environ` can be found there.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14862
    
    Signed-off-by: Alex Richardson <Alexander.Richardson at cl.cam.ac.uk>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit e4eb1f151011d2bd6a2d39b156663ddd9126d345)

commit 80e9d89a97baa42f261e75c4f33db84aa79d17bb
Author: Alex Richardson <Alexander.Richardson at cl.cam.ac.uk>
Date:   Wed Sep 8 12:57:03 2021 +0100

    audit_logging.c: fix compilation on macOS
    
    On macOS tv_usec is an int so failus the build with -Werror,-Wformat.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14862
    
    Signed-off-by: Alex Richardson <Alexander.Richardson at cl.cam.ac.uk>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit d3675e66fe8eec15076c6b88e47b627ee80c6f9e)

commit 448f2acdcea4b6c7f3e5b14a9852dfcbe455305f
Author: Alex Richardson <Alexander.Richardson at cl.cam.ac.uk>
Date:   Wed Sep 8 12:52:57 2021 +0100

    charset_macosxfs.c: fix compilation on macOS
    
    The DEBUG macro was missing and the CFStringGetBytes() was triggering a
    -Werror,-Wpointer-sign build failure.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14862
    
    Signed-off-by: Alex Richardson <Alexander.Richardson at cl.cam.ac.uk>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit 2564e96e8319b4cb4c987dd2a03cf8a293db985a)

commit d3df31162f0a36b7c813b5ffce158586536c1aa4
Author: Ralph Boehme <slow at samba.org>
Date:   Fri Oct 8 05:58:37 2021 +0200

    ctdb-tests: add a comment to the generated public_addresses file used by eventscript UNIT tests
    
    test stub code has been updated to handle this, so now let's put it
    to work.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14826
    RN: Correctly ignore comments in CTDB public addresses file
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Martin Schwenke <martin at meltin.net>
    (cherry picked from commit 4e3676cb3c4d24cd4c287703d2cd812a2a8c36ff)

commit 63a3b7838e19dd414580df91f11b40a5cd065cbc
Author: Martin Schwenke <martin at meltin.net>
Date:   Tue Oct 12 12:19:27 2021 +1100

    ctdb-tests: Fix typo in ctdb stub comment matching
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14826
    
    Signed-off-by: Martin Schwenke <martin at meltin.net>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 5426c104f5090751c1ea02f0c0667d8d071a4a83)

commit 36621069e261ed521b4b61495c14b949f543e2cc
Author: Ralph Boehme <slow at samba.org>
Date:   Wed Sep 8 16:53:12 2021 +0200

    ctdb-scripts: filter out comments in public_addresses file
    
    Note that order of sed expressions matters: the expression to delete
    comment lines must come first as the second expression would transform
    
      # comment
    
    to
    
      comment
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14826
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Martin Schwenke <martin at meltin.net>
    (cherry picked from commit 530e8d4b9e47601b88e20bcaefa2d502efcebe60)

commit dffca59ded19f39af7302ce6a42cbdfb06751486
Author: Jeremy Allison <jra at samba.org>
Date:   Mon Oct 11 12:26:57 2021 -0700

    s3: VFS: zfsacl: Ensure we use a pathref fd, not an io fd, for getting/setting ZFS ACLs.
    
    Don't use path-based calls.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14685
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Ralph Böhme <slow at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Tue Oct 12 18:14:27 UTC 2021 on sn-devel-184
    
    (cherry picked from commit 0a376b23dbaaec551d0ed48b7098129c09eec1bc)

commit f2455a9023ca39e32b38a3f905aaf477bc90463f
Author: Jeremy Allison <jra at samba.org>
Date:   Thu Oct 7 14:11:25 2021 -0700

    s3: smbd: Ensure when we change security context we delete any $cwd cache.
    
    This will ensure we *always* call into the VFS_SMB_CHDIR backends
    on security context switch. The $cwd was an optimization that
    was only looking at the raw filesystem path. We could delete it
    completely but that is a patch for another day.
    
    Remove knownfail on regression test.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14682
    RN: vfs_shadow_copy2: core dump in make_relative_path
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    
    Autobuild-User(master): Ralph Böhme <slow at samba.org>
    Autobuild-Date(master): Fri Oct  8 21:28:04 UTC 2021 on sn-devel-184
    
    (cherry picked from commit 4fe965836243928ac33eb95a67d3e889fdc15861)

commit a55d4fe22086ff4a8b66f00e4496d91556210384
Author: Jeremy Allison <jra at samba.org>
Date:   Thu Oct 7 14:08:48 2021 -0700

    s3: selftest: Add regression test to show the $cwd cache is misbehaving when we connect as a different user on a share.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14682
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 954e637ddc6f0f5291d0a15cdbcbc6a4f7a6cb13)

-----------------------------------------------------------------------

Summary of changes:
 ctdb/config/events/legacy/10.interface.script |   3 +-
 ctdb/config/functions                         |   3 +
 ctdb/tests/UNIT/eventscripts/scripts/local.sh |   1 +
 ctdb/tests/UNIT/eventscripts/stubs/ctdb       |   2 +-
 lib/audit_logging/audit_logging.c             |   2 +-
 lib/util/charset/charset_macosxfs.c           |   3 +-
 source3/client/smbspool_krb5_wrapper.c        |   5 +-
 source3/modules/vfs_preopen.c                 |   2 +-
 source3/modules/vfs_zfsacl.c                  |  17 ++---
 source3/printing/queue_process.c              |   2 -
 source3/script/tests/test_chdir_cache.sh      | 102 ++++++++++++++++++++++++++
 source3/selftest/tests.py                     |   9 +++
 source3/smbd/sec_ctx.c                        |  28 ++++---
 source3/smbd/statcache.c                      |   2 +-
 source3/wscript                               |   2 +-
 15 files changed, 150 insertions(+), 33 deletions(-)
 create mode 100755 source3/script/tests/test_chdir_cache.sh


Changeset truncated at 500 lines:

diff --git a/ctdb/config/events/legacy/10.interface.script b/ctdb/config/events/legacy/10.interface.script
index 72e0c101d47..d87f6c52c58 100755
--- a/ctdb/config/events/legacy/10.interface.script
+++ b/ctdb/config/events/legacy/10.interface.script
@@ -25,7 +25,8 @@ fi
 get_all_interfaces ()
 {
     # Get all the interfaces listed in the public_addresses file
-    all_interfaces=$(sed -e 's/^[^\t ]*[\t ]*//' \
+    all_interfaces=$(sed -e '/^#.*/d' \
+			 -e 's/^[^\t ]*[\t ]*//' \
 			 -e 's/,/ /g' \
 			 -e 's/[\t ]*$//' "$ctdb_public_addresses")
 
diff --git a/ctdb/config/functions b/ctdb/config/functions
index 2395d8d4dc8..a4e73ad0594 100755
--- a/ctdb/config/functions
+++ b/ctdb/config/functions
@@ -611,6 +611,9 @@ drop_all_public_ips ()
 	# _x is intentionally ignored
 	# shellcheck disable=SC2034
 	while read _ip _x ; do
+		case "$_ip" in
+		\#*) continue ;;
+		esac
 		drop_ip "$_ip"
 	done <"${CTDB_BASE}/public_addresses"
 }
diff --git a/ctdb/tests/UNIT/eventscripts/scripts/local.sh b/ctdb/tests/UNIT/eventscripts/scripts/local.sh
index 0f78fcb3845..7460bf9748e 100644
--- a/ctdb/tests/UNIT/eventscripts/scripts/local.sh
+++ b/ctdb/tests/UNIT/eventscripts/scripts/local.sh
@@ -282,6 +282,7 @@ setup_public_addresses ()
 
 	echo "Setting up public addresses in ${_f}"
 	cat >"$_f" <<EOF
+# This is a comment
 10.0.0.1/24 dev123
 10.0.0.2/24 dev123
 10.0.0.3/24 dev123
diff --git a/ctdb/tests/UNIT/eventscripts/stubs/ctdb b/ctdb/tests/UNIT/eventscripts/stubs/ctdb
index 12627de16a5..fc7bd4fdd84 100755
--- a/ctdb/tests/UNIT/eventscripts/stubs/ctdb
+++ b/ctdb/tests/UNIT/eventscripts/stubs/ctdb
@@ -425,7 +425,7 @@ ctdb_ifaces()
 	# Assume -Y.
 	echo "|Name|LinkStatus|References|"
 	while read _ip _iface ; do
-		case "_$ip" in
+		case "$_ip" in
 		\#*) : ;;
 		*)
 			_status=1
diff --git a/lib/audit_logging/audit_logging.c b/lib/audit_logging/audit_logging.c
index 9fe2d3ba45d..87378e1bb95 100644
--- a/lib/audit_logging/audit_logging.c
+++ b/lib/audit_logging/audit_logging.c
@@ -70,7 +70,7 @@ char* audit_get_timestamp(TALLOC_CTX *frame)
 
 	strftime(buffer, sizeof(buffer)-1, "%a, %d %b %Y %H:%M:%S", tm_info);
 	strftime(tz, sizeof(tz)-1, "%Z", tm_info);
-	ts = talloc_asprintf(frame, "%s.%06ld %s", buffer, tv.tv_usec, tz);
+	ts = talloc_asprintf(frame, "%s.%06ld %s", buffer, (long)tv.tv_usec, tz);
 	if (ts == NULL) {
 		DBG_ERR("Out of memory formatting time stamp\n");
 	}
diff --git a/lib/util/charset/charset_macosxfs.c b/lib/util/charset/charset_macosxfs.c
index 55a6df85fb7..75dbb4bad87 100644
--- a/lib/util/charset/charset_macosxfs.c
+++ b/lib/util/charset/charset_macosxfs.c
@@ -32,6 +32,7 @@
 #include "replace.h"
 #include "charset.h"
 #include "charset_proto.h"
+#include "lib/util/debug.h"
 #undef realloc
 
 #ifdef DARWINOS
@@ -378,7 +379,7 @@ size_t macosxfs_encoding_push(
 	charsconverted = CFStringGetBytes(
 		cfstring, CFRangeMake(0,cfsize),
 		script_code, 0, false,
-		*outbuf, *outbytesleft, &outsize);
+		*(UInt8 **)outbuf, *outbytesleft, &outsize);
 
 	if (0 == charsconverted) {
 		debug_out("String conversion: "
diff --git a/source3/client/smbspool_krb5_wrapper.c b/source3/client/smbspool_krb5_wrapper.c
index 6a3e444f480..9abd1c6b868 100644
--- a/source3/client/smbspool_krb5_wrapper.c
+++ b/source3/client/smbspool_krb5_wrapper.c
@@ -319,10 +319,7 @@ create_env:
 #ifdef HAVE_CLEARENV
 	clearenv();
 #else
-	{
-		extern char **environ;
-		environ = calloc(3, sizeof(*environ));
-	}
+	environ = calloc(3, sizeof(*environ));
 #endif
 
 	CUPS_SMB_DEBUG("Setting KRB5CCNAME to '%s'", gen_cc);
diff --git a/source3/modules/vfs_preopen.c b/source3/modules/vfs_preopen.c
index ab0080c69f3..8d85dda92ec 100644
--- a/source3/modules/vfs_preopen.c
+++ b/source3/modules/vfs_preopen.c
@@ -642,7 +642,7 @@ static int preopen_openat(struct vfs_handle_struct *handle,
 	new_end = new_start + new_digits;
 
 	DBG_PREFIX(state->founddigits_dbglvl, (
-		   "Pattern(idx=%zd) found num_digits[%d] start_offset[%zd] parsed_num[%lu] fullpath[%s]\n",
+		   "Pattern(idx=%zd) found num_digits[%d] start_offset[%zd] parsed_num[%"PRIu64"] fullpath[%s]\n",
 		   match_idx, new_digits, new_start, num, new_template));
 
 	if (state->last_match_idx != match_idx) {
diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c
index b04c6e560ad..69a1db59249 100644
--- a/source3/modules/vfs_zfsacl.c
+++ b/source3/modules/vfs_zfsacl.c
@@ -235,13 +235,12 @@ static bool zfs_process_smbacl(vfs_handle_struct *handle, files_struct *fsp,
 	SMB_ASSERT(i == naces);
 
 	/* store acl */
-	fd = fsp_get_io_fd(fsp);
-	if (fd != -1) {
-		rv = facl(fd, ACE_SETACL, naces, acebuf);
-	}
-	else {
-		rv = acl(fsp->fsp_name->base_name, ACE_SETACL, naces, acebuf);
+	fd = fsp_get_pathref_fd(fsp);
+	if (fd == -1) {
+		errno = EBADF;
+		return false;
 	}
+	rv = facl(fd, ACE_SETACL, naces, acebuf);
 	if (rv != 0) {
 		if(errno == ENOSYS) {
 			DEBUG(9, ("acl(ACE_SETACL, %s): Operation is not "
@@ -322,11 +321,11 @@ static int fget_zfsacl(TALLOC_CTX *mem_ctx,
 	ace_t *acebuf = NULL;
 	int fd;
 
-	fd = fsp_get_io_fd(fsp);
+	fd = fsp_get_pathref_fd(fsp);
 	if (fd == -1) {
-		return get_zfsacl(mem_ctx, fsp->fsp_name, outbuf);
+		errno = EBADF;
+		return -1;
 	}
-
 	naces = facl(fd, ACE_GETACLCNT, 0, NULL);
 	if (naces == -1) {
 		int dbg_level = 10;
diff --git a/source3/printing/queue_process.c b/source3/printing/queue_process.c
index 9e1d21469ff..64414bb7d65 100644
--- a/source3/printing/queue_process.c
+++ b/source3/printing/queue_process.c
@@ -343,8 +343,6 @@ fail:
 	return NULL;
 }
 
-extern char **environ;
-
 /****************************************************************************
 main thread of the background lpq updater
 ****************************************************************************/
diff --git a/source3/script/tests/test_chdir_cache.sh b/source3/script/tests/test_chdir_cache.sh
new file mode 100755
index 00000000000..6287d17354a
--- /dev/null
+++ b/source3/script/tests/test_chdir_cache.sh
@@ -0,0 +1,102 @@
+#!/bin/bash
+#
+# Ensure we get a chdir_current_service error if CHDIR fails with EACCESS
+# for an SMB2 request.
+#
+# BUG:https://bugzilla.samba.org/show_bug.cgi?id=14682
+#
+# Copyright (C) 2021 Jeremy Allison
+
+if [ $# -lt 5 ]; then
+    echo Usage: test_chdir_user.sh \
+	 --configfile=SERVERCONFFILE SMBCLIENT SMBCONTROL SERVER SHARE
+exit 1
+fi
+
+CONF=$1; shift 1
+SMBCLIENT=$1; shift 1
+SMBCONTROL=$1; shift 1
+SERVER=$1; shift 1
+SHARE=$1; shift 1
+
+# Do not let deprecated option warnings muck this up
+SAMBA_DEPRECATED_SUPPRESS=1
+export SAMBA_DEPRECATED_SUPPRESS
+
+conf_dir=$(dirname ${SERVERCONFFILE})
+
+log_file=${conf_dir}/../smbd_test.log
+
+error_inject_conf=${conf_dir}/error_inject.conf
+> ${error_inject_conf}
+
+incdir=$(dirname $0)/../../../testprogs/blackbox
+. $incdir/subunit.sh
+
+failed=0
+
+cd $SELFTEST_TMPDIR || exit 1
+
+rm -f smbclient-stdin smbclient-stdout smbclient-stderr
+mkfifo smbclient-stdin smbclient-stdout smbclient-stderr
+
+CLI_FORCE_INTERACTIVE=1; export CLI_FORCE_INTERACTIVE
+
+${SMBCLIENT} //${SERVER}/${SHARE} ${CONF} -U${USER}%${PASSWORD} \
+	     < smbclient-stdin > smbclient-stdout 2>smbclient-stderr &
+CLIENT_PID=$!
+
+# Count the number of chdir_current_service: vfs_ChDir.*failed: Permission denied
+# errors that are already in the log (should be zero).
+num_errs=`grep "chdir_current_service: vfs_ChDir.*failed: Permission denied" ${log_file} | wc -l`
+
+sleep 1
+
+exec 100>smbclient-stdin 101<smbclient-stdout 102<smbclient-stderr
+
+# consume the smbclient startup messages
+head -n 1 <&101
+
+# Do an 'ls' as ${USER} to make sure we've done a CHDIR into
+# the share directory.
+echo "ls" >&100
+
+# consume the smbclient output
+head -n 4 <&101
+
+# Now change user to user2, and connect to the share.
+# This should leave us in the same share directory.
+echo "logon user2 ${PASSWORD}" >&100
+echo "tcon ${SHARE}" >&100
+
+# consume the smbclient output
+head -n 4 <&101
+
+# Ensure any chdir will give EACCESS.
+echo "error_inject:chdir = EACCES" > ${error_inject_conf}
+${SMBCONTROL} ${CONF} 0 reload-config
+
+sleep 1
+
+# Do an 'ls' as user2. Changing users should have
+# deleted the CHDIR cache, so we should now see
+# a chdir_current_service: vfs_ChDir.*failed: Permission denied
+# error message in the log.
+echo 'ls' >&100
+
+kill ${CLIENT_PID}
+rm -f smbclient-stdin smbclient-stdout smbclient-stderr
+
+# Remove the chdir inject.
+> ${error_inject_conf}
+${SMBCONTROL} ${CONF} 0 reload-config
+
+# Now look for chdir_current_service: vfs_ChDir.*failed: Permission denied
+# in the smb log. There should be one more than before.
+
+num_errs1=`grep "chdir_current_service: vfs_ChDir.*failed: Permission denied" ${log_file} | wc -l`
+
+testit "Verify we got at least one chdir error" \
+       test $num_errs1 -gt $num_errs || failed=$(expr $failed + 1)
+
+testok $0 $failed
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index dd573547a7b..d8f0db69b8c 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -1078,6 +1078,15 @@ plantestsuite("samba3.blackbox.open-eintr", "simpleserver:local",
                '$SERVER_IP',
                "error_inject"])
 
+plantestsuite("samba3.blackbox.chdir-cache", "simpleserver:local",
+              [os.path.join(samba3srcdir,
+                            "script/tests/test_chdir_cache.sh"),
+               configuration,
+               os.path.join(bindir(), "smbclient"),
+               os.path.join(bindir(), "smbcontrol"),
+               '$SERVER_IP',
+               "error_inject"])
+
 plantestsuite("samba3.blackbox.netfileenum", "simpleserver:local",
               [os.path.join(samba3srcdir,
                             "script/tests/test_netfileenum.sh"),
diff --git a/source3/smbd/sec_ctx.c b/source3/smbd/sec_ctx.c
index d6fd11cd4a3..56fdf1fe476 100644
--- a/source3/smbd/sec_ctx.c
+++ b/source3/smbd/sec_ctx.c
@@ -92,15 +92,6 @@ static bool become_gid(gid_t gid)
 	return True;
 }
 
-/****************************************************************************
- Become the specified uid and gid.
-****************************************************************************/
-
-static bool become_id(uid_t uid, gid_t gid)
-{
-	return become_gid(gid) && become_uid(uid);
-}
-
 /****************************************************************************
  Drop back to root privileges in order to change to another user.
 ****************************************************************************/
@@ -237,12 +228,19 @@ bool push_sec_ctx(void)
 	return True;
 }
 
+#ifndef HAVE_DARWIN_INITGROUPS
 /****************************************************************************
- Change UNIX security context. Calls panic if not successful so no return value.
+ Become the specified uid and gid.
 ****************************************************************************/
 
-#ifndef HAVE_DARWIN_INITGROUPS
+static bool become_id(uid_t uid, gid_t gid)
+{
+	return become_gid(gid) && become_uid(uid);
+}
 
+/****************************************************************************
+ Change UNIX security context. Calls panic if not successful so no return value.
+****************************************************************************/
 /* Normal credential switch path. */
 
 static void set_unix_security_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups)
@@ -360,6 +358,14 @@ static void set_sec_ctx_internal(uid_t uid, gid_t gid,
 	current_user.ut.ngroups = ngroups;
 	current_user.ut.groups = groups;
 	current_user.nt_user_token = ctx_p->token;
+
+	/*
+	 * Delete any ChDir cache. We can't assume
+	 * the new uid has access to current working
+	 * directory.
+	 * BUG: https://bugzilla.samba.org/show_bug.cgi?id=14682
+	 */
+	SAFE_FREE(LastDir);
 }
 
 void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, const struct security_token *token)
diff --git a/source3/smbd/statcache.c b/source3/smbd/statcache.c
index 63f41db1b1b..ddbd663ad5b 100644
--- a/source3/smbd/statcache.c
+++ b/source3/smbd/statcache.c
@@ -425,7 +425,7 @@ void stat_cache_delete(const char *name)
 
 	lname = talloc_asprintf(talloc_tos(),
 				STAT_CACHE_TWRP_TOKEN,
-				(uintmax_t)0,
+				(uint64_t)0,
 				upper);
 	TALLOC_FREE(upper);
 	if (lname == NULL) {
diff --git a/source3/wscript b/source3/wscript
index 87dbc00f191..2cc34a8b2f5 100644
--- a/source3/wscript
+++ b/source3/wscript
@@ -1867,7 +1867,7 @@ main() {
         conf.env.with_spotlight = True
 
     if not conf.CONFIG_SET('HAVE_RPC_XDR_H'):
-        conf.CHECK_HEADERS('rpc/xdr.h', lib='tirpc')
+        conf.CHECK_HEADERS('rpc/types.h rpc/xdr.h', together=True, lib='tirpc')
 
     if conf.CHECK_FUNCS_IN('nscd_flush_cache', 'nscd', headers='libnscd.h'):
         conf.DEFINE('HAVE_NSCD_FLUSH_CACHE', '1')


-- 
Samba Shared Repository



More information about the samba-cvs mailing list