[SCM] Samba Shared Repository - branch v4-16-stable updated
Jule Anger
janger at samba.org
Mon May 2 09:47:23 UTC 2022
The branch, v4-16-stable has been updated
via 80503890e59 VERSION: Disable GIT_SNAPSHOT for the 4.16.1 release.
via e9d3b04328d WHATSNEW: Add release notes for Samba 4.16.1.
via 09b07aec702 vfs_gpfs: Ignore pathref fds for gpfs:recalls check
via 82d86282ca6 s4:kdc: strictly have 2 16-bit parts in krbtgt kvnos
via 6cbaa31fe0a s3:passdb: Also allow to handle UPNs in lookup_name_smbconf()
via 944ee14c512 s3:passdb: Refactor lookup_name_smbconf()
via 0b9a9c3a984 s3:passdb: Use already defined pointer in lookup_name_smbconf()
via e6cc5f94658 s3:passdb: Add support to handle UPNs in lookup_name()
via 80d3e7d45c8 s3:passdb: Remove trailing spaces in lookup_sid.c
via b444d0f7fee s3:winbind: Remove no longer used domain's private_data pointer
via 12e6a16911d s3:winbind: Do not use domain's private data to store the ADS_STRUCT
via be6712bd615 s3:winbind: Simplify open_cached_internal_pipe_conn()
via 621b80645a4 s3:winbind: Do not use domain's private data to store the SAMR pipes
via 41a2825ea57 s3: smbget: Fix auth_fn, order of //server/share parameters is mixed in prompt.
via ef77abc2c49 s3:auth: Fix user_in_list() for UNIX groups
via 5e59bd41a8c s3:tests Test "username map" for UNIX groups
via 2b9d29ceb8a selftest: Add to "username.map" mapping for jackthemappergroup
via 16038d75b2c selftest: Create groups "jackthemappergroup" and "jacknomappergroup"
via f09dfc53fd5 selftest: Create users "jackthemapper" and "jacknomapper"
via bf221a9b207 vfs_shadow_copy2: implement readdir()
via d6b48ec3795 CI: add a test listing a snapshotted directory
via 829f203c2f3 CI: avoid smb2.twrp being run by plansmbtorture4testsuite() directly
via 414d890b65e s3: smbd: Preserve the fsp->fsp_name->st buf across a MSG_SMB_FILE_RENAME message.
via a68c572869d s3: smbd: Preserve the fsp->fsp_name->st bufs across rename_open_files()
via 96a8922639d s4: torture: Add test_smb2_close_full_information() test to smb2.rename.
via 140670f6c05 s4: torture: Add CHECK_CREATED macro to smb2/rename.c. Not yet used.
via 60386712349 s4: torture: Add CHECK_VAL macro to smb2/rename.c. Not yet used.
via 552e0867848 s3: tests.py: Only run smb2.rename against fileserver.
via 0f0c12b64fd s3: smbd: smbd_smb2_setinfo_send(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
via c8b6ddb08c3 s3: smbd: smbd_smb2_getinfo_send(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
via c9763e71bc7 s3: cmd_vfs: cmd_set_nt_acl(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
via b88c1f1bc2f s3: cmd_vfs: cmd_open(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
via bbf4e324f73 s3: pysmbd.c: init_files_struct(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
via 6d66132ed26 s3: smbd: call_trans2setfilepathinfo(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
via c48414de71f s3: smbd: call_trans2qfilepathinfo(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
via 386325da318 s3: smbd: rename_internals_fsp(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
via 640b6a01bd8 s3: smbd: mkdir_internal(). 2 of 2. All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
via 2d7568cd415 s3: smbd: mkdir_internal(). 1 of 2. All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
via c2d6b29cf3a s3: smbd: open_file(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
via 09bc8b2bb82 s3: smbd: non_widelink_open(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
via f46dad0a2b9 s3: smbd: open_internal_dirfsp(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
via f1030ba8db3 s3: smbd: open_internal_dirfsp() add missing file_free() in error path.
via 061c2f52f30 s3: smbd: mdssvc: All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
via 008999b0cab s3: VFS: vxfs: All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
via 513ca8e0e57 s3: smbd: In set_ea_dos_attribute(), if we've stored btime and set XATTR_DOSINFO_CREATE_TIME successfully, we need to clear ST_EX_IFLAG_CALCULATED_BTIME.
via fff4845206e s3: smbd: In set_ea_dos_attribute() cause root fallback code to exit via the same place.
via 96bf06efad9 s4: torture: Add regression test for re-opening a durable handle after calling SMB2 setinfo (end of file).
via 19705602653 vfs_gpfs: Initialize litemask to 0
via ac73a58d751 builtools: Make abi_gen.sh less prone to errors
via 15035d82a58 vfs_shadow_copy2: remove async getxattrat
via e644e783060 CI: add a test for async dosmode on a file in a shadow_copy2 snapshot
via d67d5bd74f0 CI: enable "smbd async dosmode" on shadow_write share
via de314f93375 smbd: also check for NT_STATUS_NOT_SUPPORTED
via 310e334a59e CI: add test "smb2.async_dosmode"
via 16be7d70450 smbd: check "store dos attributes" settings in the async dosmode code
via 84504306f1d CI: remove shares referencing removed functionality
via 337301252b6 waf: Document the confusing --nonshared-binary, --builtin-libraries, --private-libraries and --bundled-libraries
via 7676cb51450 s3: smbd: Don't allow setting the delete on close bit on a directory if it contains non-visible files and "delete veto files = no".
via 5242660aa14 s3: torture: Add 2 new tests SMB2-DEL-ON-CLOSE-NONWRITE-DELETE-NO, SMB2-DEL-ON-CLOSE-NONWRITE-DELETE-YES.
via 7e410e4883f VERSION: Bump version up to Samba 4.16.1...
from e95d85f784a VERSION: Disable GIT_SNAPSHOT for the 4.16.0 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-16-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 72 +++++++
buildtools/scripts/abi_gen.sh | 9 +-
buildtools/wafsamba/wscript | 67 ++++++-
selftest/target/Samba3.pm | 96 +++++----
source3/auth/user_util.c | 12 +-
source3/modules/vfs_default.c | 8 +
source3/modules/vfs_gpfs.c | 5 +-
source3/modules/vfs_shadow_copy2.c | 93 ++++++++-
source3/modules/vfs_vxfs.c | 6 +-
source3/passdb/lookup_sid.c | 52 +++--
source3/rpc_server/mdssvc/mdssvc.c | 6 +-
source3/script/tests/test_shadow_copy_torture.sh | 64 ++++++
source3/script/tests/test_usernamemap.sh | 28 +++
source3/selftest/tests.py | 43 +++-
source3/smbd/dir.c | 16 +-
source3/smbd/dosmode.c | 24 ++-
source3/smbd/files.c | 8 +-
source3/smbd/open.c | 44 ++--
source3/smbd/pysmbd.c | 9 +-
source3/smbd/reply.c | 19 +-
source3/smbd/smb2_getinfo.c | 6 +-
source3/smbd/smb2_setinfo.c | 6 +-
source3/smbd/trans2.c | 15 +-
source3/torture/cmd_vfs.c | 21 +-
source3/torture/proto.h | 2 +
source3/torture/test_smb2.c | 244 +++++++++++++++++++++++
source3/torture/torture.c | 8 +
source3/utils/smbget.c | 2 +-
source3/winbindd/winbindd.h | 10 +-
source3/winbindd/winbindd_ads.c | 10 +-
source3/winbindd/winbindd_ndr.c | 7 +-
source3/winbindd/winbindd_pam.c | 6 +-
source3/winbindd/winbindd_samr.c | 27 +--
source4/kdc/db-glue.c | 51 ++++-
source4/selftest/tests.py | 2 +
source4/torture/smb2/create.c | 168 ++++++++++++++++
source4/torture/smb2/dosmode.c | 71 +++++++
source4/torture/smb2/durable_v2_open.c | 140 +++++++++++++
source4/torture/smb2/rename.c | 147 ++++++++++++++
source4/torture/smb2/smb2.c | 1 +
41 files changed, 1430 insertions(+), 197 deletions(-)
create mode 100755 source3/script/tests/test_usernamemap.sh
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index fb03b0852e9..1d75a4031c7 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=16
-SAMBA_VERSION_RELEASE=0
+SAMBA_VERSION_RELEASE=1
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 785650e269f..dfe17dcf110 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,75 @@
+ ==============================
+ Release Notes for Samba 4.16.1
+ May 02, 2022
+ ==============================
+
+
+This is the latest stable release of the Samba 4.16 release series.
+
+
+Changes since 4.16.0
+--------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 14831: Share and server swapped in smbget password prompt.
+ * BUG 15022: Durable handles won't reconnect if the leased file is written
+ to.
+ * BUG 15023: rmdir silently fails if directory contains unreadable files and
+ hide unreadable is yes.
+ * BUG 15038: SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information on
+ renamed file handle.
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 8731: Need to describe --builtin-libraries= better (compare with
+ --bundled-libraries).
+
+o Ralph Boehme <slow at samba.org>
+ * BUG 14957: vfs_shadow_copy2 breaks "smbd async dosmode" sync fallback.
+ * BUG 15035: shadow_copy2 fails listing snapshotted dirs with
+ shadow:fixinodes.
+
+o Samuel Cabrero <scabrero at samba.org>
+ * BUG 15046: PAM Kerberos authentication incorrectly fails with a clock skew
+ error.
+
+o Pavel Filipenský <pfilipen at redhat.com>
+ * BUG 15041: Username map - samba erroneously applies unix group memberships
+ to user account entries.
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 14951: KVNO off by 100000.
+
+o Christof Schmitt <cs at samba.org>
+ * BUG 15027: Uninitialized litemask in variable in vfs_gpfs module.
+ * BUG 15055: vfs_gpfs recalls=no option prevents listing files.
+
+o Andreas Schneider <asn at cryptomilk.org>
+ * BUG 15054: smbd doesn't handle UPNs for looking up names.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
==============================
Release Notes for Samba 4.16.0
March 21, 2022
diff --git a/buildtools/scripts/abi_gen.sh b/buildtools/scripts/abi_gen.sh
index 6dd6d321f77..ddb0a7cc36f 100755
--- a/buildtools/scripts/abi_gen.sh
+++ b/buildtools/scripts/abi_gen.sh
@@ -10,9 +10,14 @@ cat <<EOF
set height 0
set width 0
EOF
-nm "$SHAREDLIB" | cut -d' ' -f2- | egrep '^[BDGTRVWS]' | grep -v @ | egrep -v ' (__bss_start|_edata|_init|_fini|_end)' | cut -c3- | sort | while read s; do
+
+# On older linker versions _init|_fini symbols are not hidden.
+objdump --dynamic-syms "${SHAREDLIB}" | \
+ awk '$0 !~ /.hidden/ {if ($2 == "g" && $3 ~ /D(F|O)/ && $4 ~ /(.bss|.rodata|.text)/) print $NF}' | \
+ sort | \
+ while read -r s; do
echo "echo $s: "
- echo p $s
+ echo p "${s}"
done
) > $GDBSCRIPT
diff --git a/buildtools/wafsamba/wscript b/buildtools/wafsamba/wscript
index 62b63fef145..a4d6f3e5c49 100644
--- a/buildtools/wafsamba/wscript
+++ b/buildtools/wafsamba/wscript
@@ -30,11 +30,37 @@ def options(opt):
gr = opt.option_group('library handling options')
gr.add_option('--bundled-libraries',
- help=("comma separated list of bundled libraries. May include !LIBNAME to disable bundling a library. Can be 'NONE' or 'ALL' [auto]"),
+ help=(f'''comma separated list of bundled libraries.
+
+{Context.g_module.APPNAME} includes copies of externally maintained
+system libraries (such as popt, cmokca) as well as Samba-maintained
+libraries that can be found on the system already (such as talloc,
+tdb).
+
+This option, most useful for packagers, controls if each library
+should be forced to be obtained from inside Samba (bundled), forced to
+be obtained from the system (bundling disabled, ensuing that
+dependency errors are not silently missed) or if that choice should be
+automatic (best for end users).
+
+May include !LIBNAME to disable bundling a library.
+
+Can be 'NONE' or 'ALL' [auto]'''),
action="store", dest='BUNDLED_LIBS', default='')
gr.add_option('--private-libraries',
- help=("comma separated list of normally public libraries to build instead as private libraries. May include !LIBNAME to disable making a library private in order to limit the effect of 'ALL'"),
+ help=(f'''comma separated list of normally public libraries to build instead as private libraries.
+
+By default {Context.g_module.APPNAME} will publish a number of public
+libraries for use by other software. For Samba this would include
+libwbclient, libsmbclient and others.
+
+This allows that to be disabled, to ensure that other software does
+not use these libraries and they are placed in a private filesystem
+prefix.
+
+May include !LIBNAME to disable making a library private in order to
+limit the effect of 'ALL' '''),
action="store", dest='PRIVATE_LIBS', default='')
extension_default = default_value('PRIVATE_EXTENSION_DEFAULT')
@@ -48,12 +74,33 @@ def options(opt):
action="store", dest='PRIVATE_EXTENSION_EXCEPTION', default=extension_exception)
builtin_default = default_value('BUILTIN_LIBRARIES_DEFAULT')
- gr.add_option('--builtin-libraries',
- help=("command separated list of libraries to build directly into binaries [%s]" % builtin_default),
- action="store", dest='BUILTIN_LIBRARIES', default=builtin_default)
+ gr.add_option('--builtin-libraries', help=(
+f'''comma separated list of libraries to build directly into binaries.
+
+By default {Context.g_module.APPNAME} will build a large number of
+shared libraries, to reduce binary size. This overrides this
+behaviour and essentially statically links the specified libraries into
+each binary [{builtin_default}]'''),
+ action="store",
+ dest='BUILTIN_LIBRARIES', default=builtin_default)
gr.add_option('--minimum-library-version',
- help=("list of minimum system library versions (LIBNAME1:version,LIBNAME2:version)"),
+ help=(
+f'''list of minimum system library versions for otherwise bundled
+libraries.
+
+{Context.g_module.APPNAME} by default requires that, in order to match
+what is tested in our continuous integration (CI) test-suite, that the
+versions of libraries that we include match that found on the system,
+before we will select not to 'bundle'.
+
+This option, possibly useful for packagers, allows that specified
+version to be overridden (say, if it is absolutely known that a the
+newer version included in this tarball has no relevant changes).
+
+Use this with extreme care
+
+(LIBNAME1:version,LIBNAME2:version)'''),
action="store", dest='MINIMUM_LIBRARY_VERSION', default='')
gr.add_option('--disable-rpath',
@@ -66,7 +113,13 @@ def options(opt):
help=("Disable use of rpath for private library path in installed files"),
action="store_true", dest='disable_rpath_private_install', default=False)
gr.add_option('--nonshared-binary',
- help=("Disable use of shared libs for the listed binaries"),
+ help=(
+f'''Disable use of shared libaries internal to {Context.g_module.APPNAME} for the listed binaries.
+
+The resulting binaries are 'statically linked' with regard to components provided by
+{Context.g_module.APPNAME}, but remain dynamically linked to (eg) libc.so and libgnutls.so
+
+Currently the only tested value is 'smbtorture,smbd/smbd' for Samba'''),
action="store", dest='NONSHARED_BINARIES', default='')
gr.add_option('--disable-symbol-versions',
help=("Disable use of the --version-script linker option"),
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 2cc2d13d9e0..e1d301898d3 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -1472,8 +1472,10 @@ sub setup_ad_member_idmap_nss
my $extra_member_options = "
# bob:x:65521:65531:localbob gecos:/:/bin/false
# jane:x:65520:65531:localjane gecos:/:/bin/false
+ # jackthemapper:x:65519:65531:localjackthemaper gecos:/:/bin/false
+ # jacknomapper:x:65518:65531:localjacknomaper gecos:/:/bin/false
idmap config $dcvars->{DOMAIN} : backend = nss
- idmap config $dcvars->{DOMAIN} : range = 65520-65521
+ idmap config $dcvars->{DOMAIN} : range = 65518-65521
# Support SMB1 so that we can use posix_whoami().
client min protocol = CORE
@@ -1494,6 +1496,8 @@ sub setup_ad_member_idmap_nss
open(USERMAP, ">$prefix/lib/username.map") or die("Unable to open $prefix/lib/username.map");
print USERMAP "
+!jacknomapper = \@jackthemappergroup
+!root = jacknomappergroup
root = $dcvars->{DOMAIN}/root
bob = $dcvars->{DOMAIN}/bob
";
@@ -1545,31 +1549,11 @@ sub setup_simpleserver
aio_pthread:aio open = yes
smbd async dosmode = yes
-[vfs_aio_pthread_async_dosmode_force_sync1]
+[async_dosmode_shadow_copy2]
path = $prefix_abs/share
read only = no
- vfs objects = aio_pthread
- store dos attributes = yes
- aio_pthread:aio open = yes
- smbd async dosmode = yes
- # This simulates non linux systems
- smbd:force sync user path safe threadpool = yes
- smbd:force sync user chdir safe threadpool = yes
- smbd:force sync root path safe threadpool = yes
- smbd:force sync root chdir safe threadpool = yes
-
-[vfs_aio_pthread_async_dosmode_force_sync2]
- path = $prefix_abs/share
- read only = no
- vfs objects = aio_pthread xattr_tdb
- store dos attributes = yes
- aio_pthread:aio open = yes
+ vfs objects = shadow_copy2 xattr_tdb
smbd async dosmode = yes
- # This simulates non linux systems
- smbd:force sync user path safe threadpool = yes
- smbd:force sync user chdir safe threadpool = yes
- smbd:force sync root path safe threadpool = yes
- smbd:force sync root chdir safe threadpool = yes
[vfs_aio_fork]
path = $prefix_abs/share
@@ -1697,6 +1681,11 @@ sub setup_fileserver
my $virusfilter_sharedir="$share_dir/virusfilter";
push(@dirs,$virusfilter_sharedir);
+ my $delete_unwrite_sharedir="$share_dir/delete_unwrite";
+ push(@dirs,$delete_unwrite_sharedir);
+ push(@dirs, "$delete_unwrite_sharedir/delete_veto_yes");
+ push(@dirs, "$delete_unwrite_sharedir/delete_veto_no");
+
my $ip4 = Samba::get_ipv4_addr("FILESERVER");
my $fileserver_options = "
kernel change notify = yes
@@ -1821,6 +1810,18 @@ sub setup_fileserver
path = $veto_sharedir
delete veto files = yes
+[delete_yes_unwrite]
+ read only = no
+ path = $delete_unwrite_sharedir
+ hide unwriteable files = yes
+ delete veto files = yes
+
+[delete_no_unwrite]
+ read only = no
+ path = $delete_unwrite_sharedir
+ hide unwriteable files = yes
+ delete veto files = no
+
[virusfilter]
path = $virusfilter_sharedir
vfs objects = acl_xattr virusfilter
@@ -1907,6 +1908,14 @@ sub setup_fileserver
##
create_file_chmod("$bad_iconv_sharedir/\xED\x9F\xBF", 0644) or return undef;
+ ##
+ ## create unwritable files inside inside the delete unwrite veto share dirs.
+ ##
+ unlink("$delete_unwrite_sharedir/delete_veto_yes/file_444");
+ create_file_chmod("$delete_unwrite_sharedir/delete_veto_yes/file_444", 0444) or return undef;
+ unlink("$delete_unwrite_sharedir/delete_veto_no/file_444");
+ create_file_chmod("$delete_unwrite_sharedir/delete_veto_no/file_444", 0444) or return undef;
+
return $vars;
}
@@ -1945,32 +1954,6 @@ sub setup_fileserver_smb1
aio_pthread:aio open = yes
smbd async dosmode = yes
-[vfs_aio_pthread_async_dosmode_force_sync1]
- path = $prefix_abs/share
- read only = no
- vfs objects = aio_pthread
- store dos attributes = yes
- aio_pthread:aio open = yes
- smbd async dosmode = yes
- # This simulates non linux systems
- smbd:force sync user path safe threadpool = yes
- smbd:force sync user chdir safe threadpool = yes
- smbd:force sync root path safe threadpool = yes
- smbd:force sync root chdir safe threadpool = yes
-
-[vfs_aio_pthread_async_dosmode_force_sync2]
- path = $prefix_abs/share
- read only = no
- vfs objects = aio_pthread xattr_tdb
- store dos attributes = yes
- aio_pthread:aio open = yes
- smbd async dosmode = yes
- # This simulates non linux systems
- smbd:force sync user path safe threadpool = yes
- smbd:force sync user chdir safe threadpool = yes
- smbd:force sync root path safe threadpool = yes
- smbd:force sync root chdir safe threadpool = yes
-
[vfs_aio_fork]
path = $prefix_abs/share
vfs objects = aio_fork
@@ -2587,6 +2570,8 @@ sub provision($$)
my ($gid_nobody, $gid_nogroup, $gid_root, $gid_domusers, $gid_domadmins);
my ($gid_userdup, $gid_everyone);
my ($gid_force_user);
+ my ($gid_jackthemapper);
+ my ($gid_jacknomapper);
my ($uid_user1);
my ($uid_user2);
my ($uid_gooduser);
@@ -2594,6 +2579,8 @@ sub provision($$)
my ($uid_slashuser);
my ($uid_localbob);
my ($uid_localjane);
+ my ($uid_localjackthemapper);
+ my ($uid_localjacknomapper);
if ($unix_uid < 0xffff - 13) {
$max_uid = 0xffff;
@@ -2616,6 +2603,8 @@ sub provision($$)
$uid_slashuser = $max_uid - 13;
$uid_localbob = $max_uid - 14;
$uid_localjane = $max_uid - 15;
+ $uid_localjackthemapper = $max_uid - 16;
+ $uid_localjacknomapper = $max_uid - 17;
if ($unix_gids[0] < 0xffff - 8) {
$max_gid = 0xffff;
@@ -2631,6 +2620,8 @@ sub provision($$)
$gid_userdup = $max_gid - 6;
$gid_everyone = $max_gid - 7;
$gid_force_user = $max_gid - 8;
+ $gid_jackthemapper = $max_gid - 9;
+ $gid_jacknomapper = $max_gid - 10;
##
## create conffile
@@ -3188,6 +3179,7 @@ sub provision($$)
error_inject:pwrite = EBADF
shadow:mountpoint = $shadow_tstdir
shadow:fixinodes = yes
+ smbd async dosmode = yes
[dfq]
path = $shrdir/dfree
@@ -3359,6 +3351,8 @@ eviluser:x:$uid_eviluser:$gid_domusers:eviluser gecos::/bin/false
slashuser:x:$uid_slashuser:$gid_domusers:slashuser gecos:/:/bin/false
bob:x:$uid_localbob:$gid_domusers:localbob gecos:/:/bin/false
jane:x:$uid_localjane:$gid_domusers:localjane gecos:/:/bin/false
+jackthemapper:x:$uid_localjackthemapper:$gid_domusers:localjackthemaper gecos:/:/bin/false
+jacknomapper:x:$uid_localjacknomapper:$gid_domusers:localjacknomaper gecos:/:/bin/false
";
if ($unix_uid != 0) {
print PASSWD "root:x:$uid_root:$gid_root:root gecos:$prefix_abs:/bin/false
@@ -3378,6 +3372,8 @@ domadmins:X:$gid_domadmins:
userdup:x:$gid_userdup:$unix_name
everyone:x:$gid_everyone:
force_user:x:$gid_force_user:
+jackthemappergroup:x:$gid_jackthemapper:jackthemapper
+jacknomappergroup:x:$gid_jacknomapper:jacknomapper
";
if ($unix_gids[0] != 0) {
print GROUP "root:x:$gid_root:
@@ -3423,6 +3419,8 @@ force_user:x:$gid_force_user:
createuser($self, "gooduser", $password, $conffile, \%createuser_env) || die("Unable to create gooduser");
createuser($self, "eviluser", $password, $conffile, \%createuser_env) || die("Unable to create eviluser");
createuser($self, "slashuser", $password, $conffile, \%createuser_env) || die("Unable to create slashuser");
+ createuser($self, "jackthemapper", "mApsEcrEt", $conffile, \%createuser_env) || die("Unable to create jackthemapper");
+ createuser($self, "jacknomapper", "nOmApsEcrEt", $conffile, \%createuser_env) || die("Unable to create jacknomapper");
open(DNS_UPDATE_LIST, ">$prefix/dns_update_list") or die("Unable to open $$prefix/dns_update_list");
print DNS_UPDATE_LIST "A $server. $server_ip\n";
diff --git a/source3/auth/user_util.c b/source3/auth/user_util.c
index 70b4f320c5e..aa765c2a692 100644
--- a/source3/auth/user_util.c
+++ b/source3/auth/user_util.c
@@ -143,11 +143,11 @@ bool user_in_list(TALLOC_CTX *ctx, const char *user, const char * const *list)
return false;
}
- DBG_DEBUG("Checking user %s in list\n", user);
-
while (*list) {
const char *p = *list;
- bool ok;
+ bool check_unix_group = false;
+
+ DBG_DEBUG("Checking user '%s' in list '%s'.\n", user, *list);
/* Check raw username */
if (strequal(user, p)) {
@@ -155,11 +155,13 @@ bool user_in_list(TALLOC_CTX *ctx, const char *user, const char * const *list)
}
while (*p == '@' || *p == '&' || *p == '+') {
+ if (*p == '@' || *p == '+') {
+ check_unix_group = true;
+ }
p++;
}
- ok = user_in_group(user, p);
- if (ok) {
+ if (check_unix_group && user_in_group(user, p)) {
return true;
}
diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index c52d29dc2fe..5977122a512 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -1784,6 +1784,14 @@ static struct tevent_req *vfswrap_get_dos_attributes_send(
.smb_fname = smb_fname,
};
+ if (!lp_store_dos_attributes(SNUM(dir_fsp->conn))) {
+ DBG_ERR("%s: \"smbd async dosmode\" enabled, but "
+ "\"store dos attributes\" is disabled\n",
+ dir_fsp->conn->connectpath);
+ tevent_req_nterror(req, NT_STATUS_NOT_IMPLEMENTED);
+ return tevent_req_post(req, ev);
+ }
+
subreq = SMB_VFS_GETXATTRAT_SEND(state,
ev,
dir_fsp,
diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c
index f6f162b3b57..e6b2a5d142b 100644
--- a/source3/modules/vfs_gpfs.c
+++ b/source3/modules/vfs_gpfs.c
@@ -1474,7 +1474,7 @@ static NTSTATUS vfs_gpfs_fget_dos_attributes(struct vfs_handle_struct *handle,
char buf[PATH_MAX];
const char *p = NULL;
struct gpfs_iattr64 iattr = { };
- unsigned int litemask;
+ unsigned int litemask = 0;
struct timespec ts;
uint64_t file_id;
NTSTATUS status;
@@ -1980,7 +1980,7 @@ static int vfs_gpfs_check_pathref_fstat_x(struct gpfs_config_data *config,
struct connection_struct *conn)
{
struct gpfs_iattr64 iattr = {0};
- unsigned int litemask;
+ unsigned int litemask = 0;
int saved_errno;
int fd;
int ret;
@@ -2370,6 +2370,7 @@ static int vfs_gpfs_openat(struct vfs_handle_struct *handle,
return -1);
if (config->hsm && !config->recalls &&
--
Samba Shared Repository
More information about the samba-cvs
mailing list