[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Thu Oct 6 23:05:01 UTC 2022


The branch, master has been updated
       via  0bf8d136769 docs-xml: some fixes to acl parameter documentation
       via  a7fba3ff599 vfs_fruit: add missing calls to tevent_req_received()
       via  35c637f2e6c s3: VFS: fruit. Implement fsync_send()/fsync_recv().
       via  1b8a8732848 s4: smbtorture: Add fsync_resource_fork test to fruit tests.
      from  688be0177b0 ctdb: Fix a use-after-free in run_proc

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 0bf8d136769fd00f0de003c71e3551f936c5198e
Author: Björn Jacke <bj at sernet.de>
Date:   Sun Sep 25 15:56:56 2022 +0200

    docs-xml: some fixes to acl parameter documentation
    
    Signed-off-by: Bjoern Jacke <bjacke at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Thu Oct  6 23:04:51 UTC 2022 on sn-devel-184

commit a7fba3ff5996330158d3cc6bc24746a59492b690
Author: Ralph Boehme <slow at samba.org>
Date:   Thu Oct 6 14:31:08 2022 +0200

    vfs_fruit: add missing calls to tevent_req_received()
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15182
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Ralph Böhme <slow at samba.org>

commit 35c637f2e6c671acf8fb9c2a67774bd5e74dd7d0
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Sep 20 13:25:22 2022 -0700

    s3: VFS: fruit. Implement fsync_send()/fsync_recv().
    
    For type == ADOUBLE_META, fio->fake_fd is true so
    writes are already synchronous, just call tevent_req_post().
    
    For type == ADOUBLE_RSRC we know we are configured
    with FRUIT_RSRC_ADFILE (because fruit_must_handle_aio_stream()
    returned true), so we can just call SMB_VFS_NEXT_FSYNC_SEND()
    after replacing fsp with fio->ad_fsp.
    
    Remove knownfail.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15182
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Ralph Böhme <slow at samba.org>

commit 1b8a8732848169c632af12b7c2b4cd3ee73be244
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Sep 20 12:08:29 2022 -0700

    s4: smbtorture: Add fsync_resource_fork test to fruit tests.
    
    This shows we currently hang when sending an SMB2_OP_FLUSH on
    an AFP_Resource fork.
    
    Adds knownfail.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15182
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Ralph Böhme <slow at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 docs-xml/manpages/vfs_acl_xattr.8.xml         |  27 ++++--
 docs-xml/smbdotconf/filename/mapreadonly.xml  |   2 +-
 docs-xml/smbdotconf/protocol/ntaclsupport.xml |   2 +-
 source3/modules/vfs_fruit.c                   | 114 +++++++++++++++++++++++++-
 source4/torture/vfs/fruit.c                   |  80 ++++++++++++++++++
 5 files changed, 215 insertions(+), 10 deletions(-)


Changeset truncated at 500 lines:

diff --git a/docs-xml/manpages/vfs_acl_xattr.8.xml b/docs-xml/manpages/vfs_acl_xattr.8.xml
index 5a26359fa26..bb72f3facc6 100644
--- a/docs-xml/manpages/vfs_acl_xattr.8.xml
+++ b/docs-xml/manpages/vfs_acl_xattr.8.xml
@@ -29,16 +29,31 @@
 	<citerefentry><refentrytitle>samba</refentrytitle>
 	<manvolnum>7</manvolnum></citerefentry> suite.</para>
 
+	<para>This module is made for systems which do not support
+	standardized NFS4 ACLs but only a deprecated POSIX ACL
+	draft implementation. This is usually the case on Linux systems.
+	Systems that do support just use NFSv4 ACLs directly instead
+	of this module. Such support is usually provided by the filesystem
+	VFS module specific to the underlying filesystem that supports
+	NFS4 ACLs
+	</para>
+
 	<para>The <command>vfs_acl_xattr</command> VFS module stores
 	NTFS Access Control Lists (ACLs) in Extended Attributes (EAs).
 	This enables the full mapping of Windows ACLs on Samba
-	servers.
+	servers even if the ACL implementation is not capable of
+	doing so.
 	</para>
 
-	<para>The ACLs are stored in the Extended Attribute
-	<parameter>security.NTACL</parameter> of a file or directory.
-	This Attribute is <emphasis>not</emphasis> listed by
-	<command>getfattr -d <filename>filename</filename></command>.
+	<para>The NT ACLs are stored in the
+	<parameter>security.NTACL</parameter> extended attribute of files and
+	directories in a form containing the Windows SID representing the users
+	and groups in the ACL.
+	This is different from the uid and gids stored in local filesystem ACLs
+	and the mapping from users and groups to Windows SIDs must be
+	consistent in order to maintain the meaning of the stored NT ACL
+	That extended attribute is <emphasis>not</emphasis> listed by the Linux
+	command <command>getfattr -d <filename>filename</filename></command>.
 	To show the current value, the name of the EA must be specified
 	(e.g. <command>getfattr -n security.NTACL <filename>filename</filename>
 	</command>).
@@ -85,7 +100,7 @@
 		<listitem>
 		<para>
 		When set to <emphasis>yes</emphasis>, a best effort mapping
-		from/to the POSIX ACL layer will <emphasis>not</emphasis> be
+		from/to the POSIX draft ACL layer will <emphasis>not</emphasis> be
 		done by this module. The default is <emphasis>no</emphasis>,
 		which means that Samba keeps setting and evaluating both the
 		system ACLs and the NT ACLs. This is better if you need your
diff --git a/docs-xml/smbdotconf/filename/mapreadonly.xml b/docs-xml/smbdotconf/filename/mapreadonly.xml
index dae17c25614..633b0e958c4 100644
--- a/docs-xml/smbdotconf/filename/mapreadonly.xml
+++ b/docs-xml/smbdotconf/filename/mapreadonly.xml
@@ -32,7 +32,7 @@
 		<listitem><para>
 		<constant>Permissions</constant> - The read only DOS attribute is mapped to the effective permissions of
 		the connecting user, as evaluated by <citerefentry><refentrytitle>smbd</refentrytitle>
-		<manvolnum>8</manvolnum></citerefentry> by reading the unix permissions and POSIX ACL (if present).
+		<manvolnum>8</manvolnum></citerefentry> by reading the unix permissions and filesystem ACL (if present).
 		If the connecting user does not have permission to modify the file, the read only attribute
 		is reported as being set on the file.
 		</para></listitem>
diff --git a/docs-xml/smbdotconf/protocol/ntaclsupport.xml b/docs-xml/smbdotconf/protocol/ntaclsupport.xml
index 1b1f9477906..f1577dd86a4 100644
--- a/docs-xml/smbdotconf/protocol/ntaclsupport.xml
+++ b/docs-xml/smbdotconf/protocol/ntaclsupport.xml
@@ -7,7 +7,7 @@
     <manvolnum>8</manvolnum></citerefentry> will attempt to map 
     UNIX permissions into Windows NT access control lists.  The UNIX
     permissions considered are the traditional UNIX owner and
-    group permissions, as well as POSIX ACLs set on any files or
+    group permissions, as well as filesystem ACLs set on any files or
     directories.  This parameter was formally a global parameter in
     releases prior to 2.2.2.</para>
 </description>
diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
index 13033096dc9..4058d4834e7 100644
--- a/source3/modules/vfs_fruit.c
+++ b/source3/modules/vfs_fruit.c
@@ -2635,13 +2635,17 @@ static ssize_t fruit_pread_recv(struct tevent_req *req,
 {
 	struct fruit_pread_state *state = tevent_req_data(
 		req, struct fruit_pread_state);
+	ssize_t retval = -1;
 
 	if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) {
+		tevent_req_received(req);
 		return -1;
 	}
 
 	*vfs_aio_state = state->vfs_aio_state;
-	return state->nread;
+	retval = state->nread;
+	tevent_req_received(req);
+	return retval;
 }
 
 static ssize_t fruit_pwrite_meta_stream(vfs_handle_struct *handle,
@@ -3062,13 +3066,117 @@ static ssize_t fruit_pwrite_recv(struct tevent_req *req,
 {
 	struct fruit_pwrite_state *state = tevent_req_data(
 		req, struct fruit_pwrite_state);
+	ssize_t retval = -1;
+
+	if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) {
+		tevent_req_received(req);
+		return -1;
+	}
+
+	*vfs_aio_state = state->vfs_aio_state;
+	retval = state->nwritten;
+	tevent_req_received(req);
+	return retval;
+}
+
+struct fruit_fsync_state {
+	int ret;
+	struct vfs_aio_state vfs_aio_state;
+};
+
+static void fruit_fsync_done(struct tevent_req *subreq);
+
+static struct tevent_req *fruit_fsync_send(
+	struct vfs_handle_struct *handle,
+	TALLOC_CTX *mem_ctx,
+	struct tevent_context *ev,
+	struct files_struct *fsp)
+{
+	struct tevent_req *req = NULL;
+	struct tevent_req *subreq = NULL;
+	struct fruit_fsync_state *state = NULL;
+	struct fio *fio = fruit_get_complete_fio(handle, fsp);
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct fruit_fsync_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	if (fruit_must_handle_aio_stream(fio)) {
+		struct adouble *ad = NULL;
+
+		if (fio->type == ADOUBLE_META) {
+			/*
+			 * We must never pass a fake_fd
+			 * to lower level fsync calls.
+			 * Everything is already done
+			 * synchronously, so just return
+			 * true.
+			 */
+			SMB_ASSERT(fio->fake_fd);
+			tevent_req_done(req);
+			return tevent_req_post(req, ev);
+		}
+
+		/*
+		 * We know the following must be true,
+		 * as it's the condition for fruit_must_handle_aio_stream()
+		 * to return true if fio->type == ADOUBLE_RSRC.
+		 */
+		SMB_ASSERT(fio->config->rsrc == FRUIT_RSRC_ADFILE);
+		if (fio->ad_fsp == NULL) {
+			tevent_req_error(req, EBADF);
+			return tevent_req_post(req, ev);
+		}
+		ad = ad_fget(talloc_tos(), handle, fio->ad_fsp, ADOUBLE_RSRC);
+		if (ad == NULL) {
+			tevent_req_error(req, ENOMEM);
+			return tevent_req_post(req, ev);
+		}
+		fsp = fio->ad_fsp;
+	}
+
+	subreq = SMB_VFS_NEXT_FSYNC_SEND(state, ev, handle, fsp);
+	if (tevent_req_nomem(req, subreq)) {
+		return tevent_req_post(req, ev);
+	}
+	tevent_req_set_callback(subreq, fruit_fsync_done, req);
+	return req;
+}
+
+static void fruit_fsync_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req = tevent_req_callback_data(
+		subreq, struct tevent_req);
+	struct fruit_fsync_state *state = tevent_req_data(
+		req, struct fruit_fsync_state);
+
+	state->ret = SMB_VFS_FSYNC_RECV(subreq, &state->vfs_aio_state);
+	TALLOC_FREE(subreq);
+	if (state->ret != 0) {
+		tevent_req_error(req, errno);
+		return;
+	}
+	tevent_req_done(req);
+}
+
+static int fruit_fsync_recv(struct tevent_req *req,
+					struct vfs_aio_state *vfs_aio_state)
+{
+	struct fruit_fsync_state *state = tevent_req_data(
+		req, struct fruit_fsync_state);
+	int retval = -1;
 
 	if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) {
+		tevent_req_received(req);
 		return -1;
 	}
 
 	*vfs_aio_state = state->vfs_aio_state;
-	return state->nwritten;
+	retval = state->ret;
+	tevent_req_received(req);
+	return retval;
 }
 
 /**
@@ -5305,6 +5413,8 @@ static struct vfs_fn_pointers vfs_fruit_fns = {
 	.pread_recv_fn = fruit_pread_recv,
 	.pwrite_send_fn = fruit_pwrite_send,
 	.pwrite_recv_fn = fruit_pwrite_recv,
+	.fsync_send_fn = fruit_fsync_send,
+	.fsync_recv_fn = fruit_fsync_recv,
 	.stat_fn = fruit_stat,
 	.lstat_fn = fruit_lstat,
 	.fstat_fn = fruit_fstat,
diff --git a/source4/torture/vfs/fruit.c b/source4/torture/vfs/fruit.c
index fa758794368..3621fec460c 100644
--- a/source4/torture/vfs/fruit.c
+++ b/source4/torture/vfs/fruit.c
@@ -2718,6 +2718,85 @@ done:
 	return ret;
 }
 
+/*
+ * BUG: https://bugzilla.samba.org/show_bug.cgi?id=15182
+ */
+
+static bool test_rfork_fsync(struct torture_context *tctx,
+			      struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	const char *fname = BASEDIR "\\torture_rfork_fsync";
+	const char *rfork = BASEDIR "\\torture_rfork_fsync" AFPRESOURCE_STREAM;
+	NTSTATUS status;
+	struct smb2_handle testdirh;
+	bool ret = true;
+	struct smb2_create create;
+	struct smb2_handle fh1;
+	struct smb2_flush f;
+
+	ZERO_STRUCT(fh1);
+
+	ret = enable_aapl(tctx, tree);
+	torture_assert_goto(tctx, ret == true, ret, done, "enable_aapl failed");
+
+	smb2_util_unlink(tree, fname);
+
+	status = torture_smb2_testdir(tree, BASEDIR, &testdirh);
+	torture_assert_ntstatus_ok_goto(tctx,
+					status,
+					ret,
+					done,
+					"torture_smb2_testdir");
+	smb2_util_close(tree, testdirh);
+
+	ret = torture_setup_file(mem_ctx, tree, fname, false);
+	if (ret == false) {
+		goto done;
+	}
+
+	torture_comment(tctx, "(%s) create resource fork %s\n",
+		__location__,
+		rfork);
+
+	ZERO_STRUCT(create);
+	create.in.create_disposition  = NTCREATEX_DISP_OPEN_IF;
+	create.in.desired_access      = SEC_STD_READ_CONTROL | SEC_FILE_ALL;
+	create.in.file_attributes     = FILE_ATTRIBUTE_NORMAL;
+	create.in.fname               = rfork;
+	create.in.share_access        = NTCREATEX_SHARE_ACCESS_DELETE |
+		NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	status = smb2_create(tree, mem_ctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_create");
+	fh1 = create.out.file.handle;
+
+	torture_comment(tctx, "(%s) Write 10 bytes to resource fork %s\n",
+		__location__,
+		rfork);
+
+	status = smb2_util_write(tree, fh1, "1234567890", 0, 10);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_write failed\n");
+
+	torture_comment(tctx, "(%s) fsync on resource fork %s\n",
+		__location__,
+		rfork);
+
+	f.in.file.handle = fh1;
+	status = smb2_flush(tree, &f);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_flush failed\n");
+
+done:
+
+	smb2_util_close(tree, fh1);
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, BASEDIR);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
 static bool test_rfork_create_ro(struct torture_context *tctx,
 				 struct smb2_tree *tree)
 {
@@ -6961,6 +7040,7 @@ struct torture_suite *torture_vfs_fruit(TALLOC_CTX *ctx)
 	torture_suite_add_1smb2_test(suite, "stream names", test_stream_names);
 	torture_suite_add_1smb2_test(suite, "truncate resource fork to 0 bytes", test_rfork_truncate);
 	torture_suite_add_1smb2_test(suite, "opening and creating resource fork", test_rfork_create);
+	torture_suite_add_1smb2_test(suite, "fsync_resource_fork", test_rfork_fsync);
 	torture_suite_add_1smb2_test(suite, "rename_dir_openfile", test_rename_dir_openfile);
 	torture_suite_add_1smb2_test(suite, "File without AFP_AfpInfo", test_afpinfo_enoent);
 	torture_suite_add_1smb2_test(suite, "create delete-on-close AFP_AfpInfo", test_create_delete_on_close);


-- 
Samba Shared Repository



More information about the samba-cvs mailing list