[SCM] Samba Shared Repository - branch v4-15-test updated
Jule Anger
janger at samba.org
Tue Sep 6 07:32:02 UTC 2022
The branch, v4-15-test has been updated
via 6b5792b0a2c smbd: check for streams support in unix_convert()
via fa6012b63ab smbd: return NT_STATUS_OBJECT_NAME_INVALID if a share doesn't support streams
via c5796b0c7a3 smbtorture: add a test trying to create a stream on share without streams support
via 77d1d989d1c smbd: implement access checks for SMB2-GETINFO as per MS-SMB2 3.3.5.20.1
via 3e4d6d27213 smbtorture: check required access for SMB2-GETINFO
via 41131daece9 s4/libcli/smb2: avoid using smb2_composite_setpathinfo() in smb2_util_setatr()
via ab0f75acbbc smbd: directly pass fsp to SMB_VFS_FGETXATTR() in fget_ea_dos_attribute()
via 135b59d00a7 smbd: add and use vfs_fget_dos_attributes()
via 1115b311c37 smbtorture: add test smb2.stream.attributes2
via 6369f59f38a smbtorture: rename smb2.streams.attributes to smb2.streams.attributes1
via 1c5a02bfb41 vfs_default: assert all passed in fsp's and names are non-stream type
via 82342c74390 vfs_streams_xattr: restrict which fcntl's are allowed on streams
via a3f3f26a6bf smbd: skip access checks for stat-opens on streams in open_file()
via 0fb876b34b2 smbd: use metadata_fsp() in get_acl_group_bits()
via b1ebf29f202 smbd: ignore request to set the SPARSE attribute on streams
via 95e658ad866 smbd: use metadata_fsp() with SMB_VFS_FSET_DOS_ATTRIBUTES()
via ff3798ae0ff smbd: use metadata_fsp() with SMB_VFS_FGET_DOS_ATTRIBUTES()
via f0a52d43373 smbd: use metadata_fsp() with SMB_VFS_FSET_NT_ACL()
via fc6121cade5 smbd: use metadata_fsp() with SMB_VFS_FGET_NT_ACL()
via 2412d67678b CI: add a test trying to delete a stream on a pathref ("stat open") handle
via 216000dbe6d vfs_xattr_tdb: add "xattr_tdb:ignore_user_xattr" option
via a3795100e42 vfs_xattr_tdb: add a module config
via 6d8a013942e vfs_xattr_tdb: move close_xattr_db()
via d6c0c4e1c55 smdb: use fsp_is_alternate_stream() in open_file()
via 8391f3dce37 smbd: Introduce metadata_fsp()
via 0acf72bf2f3 smbd: Introduce fsp_is_alternate_stream()
from f6bb11dbaac lib:replace: Only include <sys/mount.h> on non-Linux systems
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test
- Log -----------------------------------------------------------------
commit 6b5792b0a2ca1b7d4114272165968aaea673fceb
Author: Ralph Boehme <slow at samba.org>
Date: Thu Sep 1 18:55:52 2022 +0200
smbd: check for streams support in unix_convert()
Fixes a regression introduced by the fixes for bug 15126 where we crash in
vfs_default in vfswrap_stat():
assert failed: !is_named_stream(smb_fname)
The frontend calls into the VFS from build_stream_path() with a stream path
without checking if the share supports streams.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15161
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
[slow at samba.org: change from master adapted for unix_convert()]
Autobuild-User(v4-15-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-15-test): Tue Sep 6 07:31:51 UTC 2022 on sn-devel-184
commit fa6012b63ab36704dfcfd6f95958ae0e089a94b5
Author: Ralph Boehme <slow at samba.org>
Date: Fri Sep 2 12:09:53 2022 +0200
smbd: return NT_STATUS_OBJECT_NAME_INVALID if a share doesn't support streams
This is what a Windows server returns. Tested with a share residing on a FAT
formatted drive, a Windows filesystem that doesn't support streams.
Combinations tested:
file::$DATA
file:stream
file:stream:$DATA
All three fail with NT_STATUS_OBJECT_NAME_INVALID.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15161
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 201e1969bf31af07e8bd52876ff7f4d72b48a848)
commit c5796b0c7a35f2cc96cab3c63502c21b6153abd8
Author: Ralph Boehme <slow at samba.org>
Date: Thu Sep 1 18:55:23 2022 +0200
smbtorture: add a test trying to create a stream on share without streams support
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15161
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(backported from commit 3dcdab86f13fabb7a8c6ce71c59a565287d11244)
[slow at samba.org: context changes from different tests]
commit 77d1d989d1c8077f11a788153909d06eeca68acd
Author: Ralph Boehme <slow at samba.org>
Date: Sun Aug 14 18:46:24 2022 +0200
smbd: implement access checks for SMB2-GETINFO as per MS-SMB2 3.3.5.20.1
The spec lists the following as requiring special access:
- for requiring FILE_READ_ATTRIBUTES:
FileBasicInformation
FileAllInformation
FileNetworkOpenInformation
FileAttributeTagInformation
- for requiring FILE_READ_EA:
FileFullEaInformation
All other infolevels are unrestricted.
We ignore the IPC related infolevels:
FilePipeInformation
FilePipeLocalInformation
FilePipeRemoteInformation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15153
RN: Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Aug 23 12:54:08 UTC 2022 on sn-devel-184
(cherry picked from commit 6d493a9d568c08cfe5242821ccbd5a5ee1fe5284)
commit 3e4d6d272136dc15d957b4249db696f73920c32e
Author: Ralph Boehme <slow at samba.org>
Date: Fri Aug 19 17:29:55 2022 +0200
smbtorture: check required access for SMB2-GETINFO
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15153
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 9b2d28157107602fcbe659664cf9ca25f08bb30b)
commit 41131daece9f84157aec4ac118b50483385485cc
Author: Ralph Boehme <slow at samba.org>
Date: Sun Aug 14 18:51:30 2022 +0200
s4/libcli/smb2: avoid using smb2_composite_setpathinfo() in smb2_util_setatr()
smb2_composite_setpathinfo() uses SEC_FLAG_MAXIMUM_ALLOWED which can
have unwanted side effects like breaking oplocks if the effective access
includes [READ|WRITE]_DATA.
For changing the DOS attributes we only need SEC_FILE_WRITE_ATTRIBUTE. With this
change test_smb2_oplock_batch25() doesn't trigger an oplock break anymore.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15153
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 66e40690bdd41800a01333ce4243bd62ee2b1894)
commit ab0f75acbbc8fc3c4f307c8a2fb9bfaf558af364
Author: Ralph Boehme <slow at samba.org>
Date: Sun Aug 14 16:39:37 2022 +0200
smbd: directly pass fsp to SMB_VFS_FGETXATTR() in fget_ea_dos_attribute()
We're now consistently passing the base_fsp to SMB_VFS_FSET_DOS_ATTRIBUTES(), so
we don't need to check for a stream_fsp here anymore.
Additionally vfs_default will assert a non-stream fsp inside
vfswrap_fgetxattr(), so in case any caller wrongly passes a stream fsp, this is
caught in vfs_default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 968a5ae89f0d0da219e7dd05dd1f7f7c96dbb910)
commit 135b59d00a71caef5a41636e20bad359195a158e
Author: Ralph Boehme <slow at samba.org>
Date: Thu Aug 11 17:18:13 2022 +0200
smbd: add and use vfs_fget_dos_attributes()
Commit d71ef1365cdde47aeb3465699181656b0655fa04 caused a regression where the
creation date on streams wasn't updated anymore on the stream fsp.
By adding a simple wrapper vfs_fget_dos_attributes() that takes care of
- passing only the base_fsp to the VFS, so the VFS can be completely agnostic of
all the streams related complexity like fake fds,
- propagating any updated btime from the base_fsp->fsp_name to the
stream_fsp->fsp_name
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(backported from commit 3f7d8db9945a325020e4d1574289dea9e8331c29)
[slow at samba.org: also update itime and file_id]
commit 1115b311c3715d8943dea26d8135455bd9e68c0f
Author: Ralph Boehme <slow at samba.org>
Date: Sat Aug 13 16:13:07 2022 +0200
smbtorture: add test smb2.stream.attributes2
Specifically torture the creation date is the same for the file and its streams.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit e74b10e17ee5df0f77ac5349242841be8d71c4e8)
commit 6369f59f38a217de1099237f2d8a258dd5a70264
Author: Ralph Boehme <slow at samba.org>
Date: Sat Aug 13 17:04:50 2022 +0200
smbtorture: rename smb2.streams.attributes to smb2.streams.attributes1
A subsequent commit adds another streams test named "attributes2", this change
avoids matching the new testname with the existing knownfail entries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit b5848d391be4f7633745d9c36e432ac8b1c9dba2)
commit 1c5a02bfb41249e6df965880aaacaef5156ad028
Author: Ralph Boehme <slow at samba.org>
Date: Wed Jul 27 18:40:21 2022 +0200
vfs_default: assert all passed in fsp's and names are non-stream type
Enforce fsp is a non-stream one in as many VFS operations as possible in
vfs_default. We really need an assert here instead of returning an error, as
otherwise he can have very hard to diagnose bugs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Aug 10 16:32:35 UTC 2022 on sn-devel-184
(backported from commit fc45fcfde51b0b0bdcd524c82a0f9eabf7273045)
[slow at samba.org: skip some hunks that are not applicable]
commit 82342c74390685a141874ee9ce76ce3ae849a496
Author: Ralph Boehme <slow at samba.org>
Date: Fri Jul 29 07:07:25 2022 +0200
vfs_streams_xattr: restrict which fcntl's are allowed on streams
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 51243e3849736acbbf1d8f52cc02cdec5995fde4)
commit a3f3f26a6bfced21532a189a34fe9711fc972a83
Author: Ralph Boehme <slow at samba.org>
Date: Wed Jul 27 15:58:37 2022 +0200
smbd: skip access checks for stat-opens on streams in open_file()
For streams, access is already checked in create_file_unixpath() by
check_base_file_access().
We already skip the access check in this function when doing an IO open of a
file, see above in open_file(), also skip it for "stat opens".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(backported from commit f0299abf1b28a14518328710d9f84bef17fd2ecf)
[slow at samba.org: smbd_check_access_rights_fsp(dirfsp) -> smbd_check_access_rights_fsp(parent_dir->fsp)]
[slow at samba.org: posix_flags -> fsp->posix_flags & FSP_POSIX_FLAGS_OPEN]
commit 0fb876b34b2cd280e70d6f13785d29a83be11f76
Author: Ralph Boehme <slow at samba.org>
Date: Wed Jul 27 19:05:26 2022 +0200
smbd: use metadata_fsp() in get_acl_group_bits()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(backported from commit 06555c6bcb5644fc9eea35b3cbae8d8801c65ab6)
[slow at samba.org: metadata_fsp(fsp) -> metadata_fsp(smb_fname->fsp)]
commit b1ebf29f20229b01b408f4f9b99748604c407d46
Author: Ralph Boehme <slow at samba.org>
Date: Fri Jul 29 14:56:41 2022 +0200
smbd: ignore request to set the SPARSE attribute on streams
As per MS-FSA 2.1.1.5 this is a per stream attribute, but our backends don't
support it in a consistent way, therefor just pretend success and ignore the
request.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 3af8f8e8741cc8c889bbf416ccd38a1b702917ec)
commit 95e658ad86685029e02b0ebf6eaaca2807402a7d
Author: Ralph Boehme <slow at samba.org>
Date: Fri Jul 29 14:56:21 2022 +0200
smbd: use metadata_fsp() with SMB_VFS_FSET_DOS_ATTRIBUTES()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 55e55804bb2d0f21c1bbe207257bb40555f3b7a2)
commit ff3798ae0ff2219b366b40d02a97f220b834ada0
Author: Ralph Boehme <slow at samba.org>
Date: Fri Jul 29 14:55:08 2022 +0200
smbd: use metadata_fsp() with SMB_VFS_FGET_DOS_ATTRIBUTES()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 03b9ce84736d536ab2dd8a5ce1a2656e6a90c8c8)
commit f0a52d433730f38845cb0870a1afec04cf7a2ccf
Author: Ralph Boehme <slow at samba.org>
Date: Fri Jul 29 14:54:07 2022 +0200
smbd: use metadata_fsp() with SMB_VFS_FSET_NT_ACL()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 4ab29e2a345b48ebba652d5154e96adf954a6757)
commit fc6121cade5f032c21900c14516efe45994bf1f4
Author: Ralph Boehme <slow at samba.org>
Date: Fri Jul 29 14:49:56 2022 +0200
smbd: use metadata_fsp() with SMB_VFS_FGET_NT_ACL()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(backported from commit c949e4b2a42423ac3851e86e489fd0c5d46d7f1f)
[slow at samba.org: context mismatch due to smbd_check_access_rights_fname() call in master]
commit 2412d67678b7692b03d191bb62aeae5d727a68ee
Author: Ralph Boehme <slow at samba.org>
Date: Wed Jul 27 13:37:32 2022 +0200
CI: add a test trying to delete a stream on a pathref ("stat open") handle
When using vfs_streams_xattr, for a pathref handle of a stream the system fd
will be a fake fd created by pipe() in vfs_fake_fd().
For the following callchain we wrongly pass a stream fsp to
SMB_VFS_FGET_NT_ACL():
SMB_VFS_CREATE_FILE(..., "file:stream", ...)
=> open_file():
if (open_fd):
-> taking the else branch:
-> smbd_check_access_rights_fsp(stream_fsp)
-> SMB_VFS_FGET_NT_ACL(stream_fsp)
This is obviously wrong and can lead to strange permission errors when using
vfs_acl_xattr:
in vfs_acl_xattr we will try to read the stored ACL by calling
fgetxattr(fake-fd) which of course faild with EBADF. Now unfortunately the
vfs_acl_xattr code ignores the specific error and handles this as if there was
no ACL stored and subsequently runs the code to synthesize a default ACL
according to the setting of "acl:default acl style".
As the correct access check for streams has already been carried out by calling
check_base_file_access() from create_file_unixpath(), the above problem is not
a security issue: it can only lead to "decreased" permissions resulting in
unexpected ACCESS_DENIED errors.
The fix is obviously going to be calling
smbd_check_access_rights_fsp(stream_fsp->base_fsp).
This test verifies that deleting a file works when the stored NT ACL grants
DELETE_FILE while the basic POSIX permissions (used in the acl_xattr fallback
code) do not.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 23bc760ec5d61208c2d8778991e3d7e202eab352)
commit 216000dbe6d844e0c2a593ef7e7ba18dbc3d74bf
Author: Ralph Boehme <slow at samba.org>
Date: Wed Jul 27 12:47:21 2022 +0200
vfs_xattr_tdb: add "xattr_tdb:ignore_user_xattr" option
Allows passing on "user." xattr to the backend. This can be useful for testing
specific aspects of operation on streams when "streams_xattr" is configured as
stream filesystem backend.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 92e0045d7ca7c0b94efd0244ba0e426cad0a05b6)
commit a3795100e42f1135733c77950eeaa43e4de409af
Author: Ralph Boehme <slow at samba.org>
Date: Wed Jul 27 11:59:54 2022 +0200
vfs_xattr_tdb: add a module config
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 451ad315a9bf32c627e1966ec30185542701c87e)
commit 6d8a013942eb7d6ed4d3b34a48f7e4b4ecb5ae32
Author: Ralph Boehme <slow at samba.org>
Date: Wed Jul 27 12:43:01 2022 +0200
vfs_xattr_tdb: move close_xattr_db()
This just makes the diff of the next commit smaller and easier to digest.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit b26dc252aaf3f4b960bdfdb6a3dfe612b89fcdd5)
commit d6c0c4e1c551a33e0c48b5f47b6b09db01889b45
Author: Ralph Boehme <slow at samba.org>
Date: Wed Jul 27 16:04:24 2022 +0200
smdb: use fsp_is_alternate_stream() in open_file()
No change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 0d3995cec10c5fae8c8b6a1df312062e38437e6f)
commit 8391f3dce37e808cc07f723cd990ad08c887a12f
Author: Volker Lendecke <vl at samba.org>
Date: Fri Feb 11 09:45:30 2022 +0100
smbd: Introduce metadata_fsp()
Centralize the pattern
if (fsp->base_fsp != NULL) {
fsp = fsp->base_fsp;
}
with a descriptive name.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(backported from commit ac58b0b942cd73210100ee346816a0cf23900716)
[slow at samba.org: only backport the function, skip all updated callers]
commit 0acf72bf2f35e9f06ba36a565e49820a316fdf11
Author: Volker Lendecke <vl at samba.org>
Date: Fri Feb 11 09:37:35 2022 +0100
smbd: Introduce fsp_is_alternate_stream()
To me this is more descriptive than "fsp->base_fsp != NULL". If this
turns out to be a performance problem, I would go and make this a
static inline in smbd/proto.h.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(backported from commit 21b380ca133417df096e2b262a5da41faff186ea)
[slow at samba.org: only backport the function, skip all changed callers]
-----------------------------------------------------------------------
Summary of changes:
selftest/knownfail | 3 +-
selftest/target/Samba3.pm | 7 +
source3/include/proto.h | 3 +
source3/modules/vfs_default.c | 94 +++++---
source3/modules/vfs_streams_xattr.c | 33 +++
source3/modules/vfs_xattr_tdb.c | 293 ++++++++++++++---------
source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 2 +-
source3/script/tests/test_delete_stream.sh | 123 ++++++++++
source3/selftest/tests.py | 3 +
source3/smbd/dir.c | 2 +-
source3/smbd/dosmode.c | 24 +-
source3/smbd/file_access.c | 2 +-
source3/smbd/filename.c | 9 +-
source3/smbd/files.c | 13 ++
source3/smbd/open.c | 65 +++---
source3/smbd/posix_acls.c | 2 +-
source3/smbd/proto.h | 2 +
source3/smbd/pysmbd.c | 4 +-
source3/smbd/smb2_getinfo.c | 28 +++
source3/smbd/vfs.c | 54 +++++
source3/torture/cmd_vfs.c | 12 +-
source4/libcli/smb2/util.c | 37 ++-
source4/selftest/tests.py | 1 +
source4/torture/smb2/create.c | 48 ++++
source4/torture/smb2/getinfo.c | 147 ++++++++++++
source4/torture/smb2/oplock.c | 10 +-
source4/torture/smb2/smb2.c | 1 +
source4/torture/smb2/streams.c | 361 ++++++++++++++++++++++++++++-
28 files changed, 1176 insertions(+), 207 deletions(-)
create mode 100755 source3/script/tests/test_delete_stream.sh
Changeset truncated at 500 lines:
diff --git a/selftest/knownfail b/selftest/knownfail
index cab556be477..1ff68338132 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -175,6 +175,7 @@
^samba4.smb2.oplock.stream1 # samba 4 oplocks are a mess
^samba4.smb2.oplock.statopen1\(ad_dc_ntvfs\)$ # fails with ACCESS_DENIED on a SYNCHRONIZE_ACCESS open
^samba4.smb2.getinfo.complex # streams on directories does not work
+^samba4.smb2.getinfo.getinfo_access\(ad_dc_ntvfs\) # Access checks not implemented
^samba4.smb2.getinfo.qfs_buffercheck # S4 does not do the INFO_LENGTH_MISMATCH/BUFFER_OVERFLOW thingy
^samba4.smb2.getinfo.qfile_buffercheck # S4 does not do the INFO_LENGTH_MISMATCH/BUFFER_OVERFLOW thingy
^samba4.smb2.getinfo.qsec_buffercheck # S4 does not do the BUFFER_TOO_SMALL thingy
@@ -206,10 +207,8 @@
^samba3.smb2.oplock.stream1
^samba3.smb2.streams.rename
^samba3.smb2.streams.rename2
-^samba3.smb2.streams.attributes
^samba3.smb2.streams streams_xattr.rename\(nt4_dc\)
^samba3.smb2.streams streams_xattr.rename2\(nt4_dc\)
-^samba3.smb2.streams streams_xattr.attributes\(nt4_dc\)
^samba3.smb2.getinfo.complex
^samba3.smb2.getinfo.fsinfo # quotas don't work yet
^samba3.smb2.setinfo.setinfo
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 43bce06c6d9..fdb550a8f66 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -3214,6 +3214,13 @@ sub provision($$)
copy = tmp
vfs objects = streams_xattr xattr_tdb
+[acl_streams_xattr]
+ copy = tmp
+ vfs objects = acl_xattr streams_xattr fake_acls xattr_tdb
+ acl_xattr:ignore system acls = yes
+ acl_xattr:security_acl_name = user.acl
+ xattr_tdb:ignore_user_xattr = yes
+
[compound_find]
copy = tmp
smbd:find async delay usec = 10000
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 20d026f83b3..f38b286cab1 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -82,6 +82,9 @@ NTSTATUS vfs_at_fspcwd(TALLOC_CTX *mem_ctx,
struct connection_struct *conn,
struct files_struct **_fsp);
+NTSTATUS vfs_fget_dos_attributes(struct files_struct *fsp,
+ uint32_t *dosmode);
+
#include "source3/lib/interface.h"
/* The following definitions come from lib/ldap_debug_handler.c */
diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index 26595d36848..569d3c1fb50 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -700,11 +700,7 @@ static int vfswrap_openat(vfs_handle_struct *handle,
START_PROFILE(syscall_openat);
- if (is_named_stream(smb_fname)) {
- errno = ENOENT;
- result = -1;
- goto out;
- }
+ SMB_ASSERT(!is_named_stream(smb_fname));
#ifdef O_PATH
have_opath = true;
@@ -729,7 +725,6 @@ static int vfswrap_openat(vfs_handle_struct *handle,
fsp->fsp_flags.have_proc_fds = fsp->conn->have_proc_fds;
-out:
END_PROFILE(syscall_openat);
return result;
}
@@ -1250,17 +1245,14 @@ static int vfswrap_renameat(vfs_handle_struct *handle,
START_PROFILE(syscall_renameat);
- if (is_named_stream(smb_fname_src) || is_named_stream(smb_fname_dst)) {
- errno = ENOENT;
- goto out;
- }
+ SMB_ASSERT(!is_named_stream(smb_fname_src));
+ SMB_ASSERT(!is_named_stream(smb_fname_dst));
result = renameat(fsp_get_pathref_fd(srcfsp),
smb_fname_src->base_name,
fsp_get_pathref_fd(dstfsp),
smb_fname_dst->base_name);
- out:
END_PROFILE(syscall_renameat);
return result;
}
@@ -1272,14 +1264,11 @@ static int vfswrap_stat(vfs_handle_struct *handle,
START_PROFILE(syscall_stat);
- if (is_named_stream(smb_fname)) {
- errno = ENOENT;
- goto out;
- }
+ SMB_ASSERT(!is_named_stream(smb_fname));
result = sys_stat(smb_fname->base_name, &smb_fname->st,
lp_fake_directory_create_times(SNUM(handle->conn)));
- out:
+
END_PROFILE(syscall_stat);
return result;
}
@@ -1302,14 +1291,11 @@ static int vfswrap_lstat(vfs_handle_struct *handle,
START_PROFILE(syscall_lstat);
- if (is_named_stream(smb_fname)) {
- errno = ENOENT;
- goto out;
- }
+ SMB_ASSERT(!is_named_stream(smb_fname));
result = sys_lstat(smb_fname->base_name, &smb_fname->st,
lp_fake_directory_create_times(SNUM(handle->conn)));
- out:
+
END_PROFILE(syscall_lstat);
return result;
}
@@ -1407,6 +1393,8 @@ static NTSTATUS vfswrap_fsctl(struct vfs_handle_struct *handle,
char **out_data = (char **)_out_data;
NTSTATUS status;
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
switch (function) {
case FSCTL_SET_SPARSE:
{
@@ -1771,6 +1759,8 @@ static struct tevent_req *vfswrap_get_dos_attributes_send(
struct tevent_req *subreq = NULL;
struct vfswrap_get_dos_attributes_state *state = NULL;
+ SMB_ASSERT(!is_named_stream(smb_fname));
+
req = tevent_req_create(mem_ctx, &state,
struct vfswrap_get_dos_attributes_state);
if (req == NULL) {
@@ -1927,6 +1917,8 @@ static NTSTATUS vfswrap_fget_dos_attributes(struct vfs_handle_struct *handle,
{
bool offline;
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
offline = vfswrap_is_offline(handle->conn, fsp->fsp_name);
if (offline) {
*dosmode |= FILE_ATTRIBUTE_OFFLINE;
@@ -1939,6 +1931,8 @@ static NTSTATUS vfswrap_fset_dos_attributes(struct vfs_handle_struct *handle,
struct files_struct *fsp,
uint32_t dosmode)
{
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
return set_ea_dos_attribute(handle->conn, fsp->fsp_name, dosmode);
}
@@ -2607,15 +2601,12 @@ static int vfswrap_unlinkat(vfs_handle_struct *handle,
START_PROFILE(syscall_unlinkat);
- if (is_named_stream(smb_fname)) {
- errno = ENOENT;
- goto out;
- }
+ SMB_ASSERT(!is_named_stream(smb_fname));
+
result = unlinkat(fsp_get_pathref_fd(dirfsp),
smb_fname->base_name,
flags);
- out:
END_PROFILE(syscall_unlinkat);
return result;
}
@@ -3100,6 +3091,8 @@ static int vfswrap_linux_setlease(vfs_handle_struct *handle, files_struct *fsp,
START_PROFILE(syscall_linux_setlease);
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
#ifdef HAVE_KERNEL_OPLOCKS_LINUX
result = linux_setlease(fsp_get_io_fd(fsp), leasetype);
#else
@@ -3118,6 +3111,8 @@ static int vfswrap_symlinkat(vfs_handle_struct *handle,
START_PROFILE(syscall_symlinkat);
+ SMB_ASSERT(!is_named_stream(new_smb_fname));
+
result = symlinkat(link_target->base_name,
fsp_get_pathref_fd(dirfsp),
new_smb_fname->base_name);
@@ -3135,6 +3130,8 @@ static int vfswrap_readlinkat(vfs_handle_struct *handle,
START_PROFILE(syscall_readlinkat);
+ SMB_ASSERT(!is_named_stream(smb_fname));
+
result = readlinkat(fsp_get_pathref_fd(dirfsp),
smb_fname->base_name,
buf,
@@ -3155,6 +3152,9 @@ static int vfswrap_linkat(vfs_handle_struct *handle,
START_PROFILE(syscall_linkat);
+ SMB_ASSERT(!is_named_stream(old_smb_fname));
+ SMB_ASSERT(!is_named_stream(new_smb_fname));
+
result = linkat(fsp_get_pathref_fd(srcfsp),
old_smb_fname->base_name,
fsp_get_pathref_fd(dstfsp),
@@ -3175,6 +3175,8 @@ static int vfswrap_mknodat(vfs_handle_struct *handle,
START_PROFILE(syscall_mknodat);
+ SMB_ASSERT(!is_named_stream(smb_fname));
+
result = sys_mknodat(fsp_get_pathref_fd(dirfsp),
smb_fname->base_name,
mode,
@@ -3213,6 +3215,8 @@ static int vfswrap_fchflags(vfs_handle_struct *handle,
#ifdef HAVE_FCHFLAGS
int fd = fsp_get_pathref_fd(fsp);
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
if (!fsp->fsp_flags.is_pathref) {
return fchflags(fd, flags);
}
@@ -3288,6 +3292,8 @@ static NTSTATUS vfswrap_fstreaminfo(vfs_handle_struct *handle,
struct stream_struct *streams = *pstreams;
NTSTATUS status;
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
if (fsp->fsp_flags.is_directory) {
/*
* No default streams on directories
@@ -3388,6 +3394,9 @@ static NTSTATUS vfswrap_fget_nt_acl(vfs_handle_struct *handle,
NTSTATUS result;
START_PROFILE(fget_nt_acl);
+
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
result = posix_fget_nt_acl(fsp, security_info,
mem_ctx, ppdesc);
END_PROFILE(fget_nt_acl);
@@ -3399,6 +3408,9 @@ static NTSTATUS vfswrap_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp
NTSTATUS result;
START_PROFILE(fset_nt_acl);
+
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
result = set_nt_acl(fsp, security_info_sent, psd);
END_PROFILE(fset_nt_acl);
return result;
@@ -3418,6 +3430,8 @@ static SMB_ACL_T vfswrap_sys_acl_get_fd(vfs_handle_struct *handle,
SMB_ACL_TYPE_T type,
TALLOC_CTX *mem_ctx)
{
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
return sys_acl_get_fd(handle, fsp, type, mem_ctx);
}
@@ -3426,12 +3440,16 @@ static int vfswrap_sys_acl_set_fd(vfs_handle_struct *handle,
SMB_ACL_TYPE_T type,
SMB_ACL_T theacl)
{
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
return sys_acl_set_fd(handle, fsp, type, theacl);
}
static int vfswrap_sys_acl_delete_def_fd(vfs_handle_struct *handle,
files_struct *fsp)
{
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
return sys_acl_delete_def_fd(handle, fsp);
}
@@ -3447,6 +3465,8 @@ static ssize_t vfswrap_fgetxattr(struct vfs_handle_struct *handle,
{
int fd = fsp_get_pathref_fd(fsp);
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
if (!fsp->fsp_flags.is_pathref) {
return fgetxattr(fd, name, value, size);
}
@@ -3517,6 +3537,8 @@ static struct tevent_req *vfswrap_getxattrat_send(
bool have_per_thread_creds = false;
bool do_async = false;
+ SMB_ASSERT(!is_named_stream(smb_fname));
+
req = tevent_req_create(mem_ctx, &state,
struct vfswrap_getxattrat_state);
if (req == NULL) {
@@ -3623,14 +3645,9 @@ static void vfswrap_getxattrat_do_sync(struct tevent_req *req)
{
struct vfswrap_getxattrat_state *state = tevent_req_data(
req, struct vfswrap_getxattrat_state);
- struct files_struct *fsp = state->smb_fname->fsp;
-
- if (fsp->base_fsp != NULL) {
- fsp = fsp->base_fsp;
- }
state->xattr_size = vfswrap_fgetxattr(state->handle,
- fsp,
+ state->smb_fname->fsp,
state->xattr_name,
state->xattr_value,
talloc_array_length(state->xattr_value));
@@ -3650,11 +3667,6 @@ static void vfswrap_getxattrat_do_async(void *private_data)
struct timespec start_time;
struct timespec end_time;
int ret;
- struct files_struct *fsp = state->smb_fname->fsp;
-
- if (fsp->base_fsp != NULL) {
- fsp = fsp->base_fsp;
- }
PROFILE_TIMESTAMP(&start_time);
SMBPROFILE_BYTES_ASYNC_SET_BUSY(state->profile_bytes);
@@ -3678,7 +3690,7 @@ static void vfswrap_getxattrat_do_async(void *private_data)
}
state->xattr_size = vfswrap_fgetxattr(state->handle,
- fsp,
+ state->smb_fname->fsp,
state->xattr_name,
state->xattr_value,
talloc_array_length(state->xattr_value));
@@ -3779,6 +3791,8 @@ static ssize_t vfswrap_flistxattr(struct vfs_handle_struct *handle, struct files
{
int fd = fsp_get_pathref_fd(fsp);
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
if (!fsp->fsp_flags.is_pathref) {
return flistxattr(fd, list, size);
}
@@ -3805,6 +3819,8 @@ static int vfswrap_fremovexattr(struct vfs_handle_struct *handle, struct files_s
{
int fd = fsp_get_pathref_fd(fsp);
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
if (!fsp->fsp_flags.is_pathref) {
return fremovexattr(fd, name);
}
@@ -3831,6 +3847,8 @@ static int vfswrap_fsetxattr(struct vfs_handle_struct *handle, struct files_stru
{
int fd = fsp_get_pathref_fd(fsp);
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
if (!fsp->fsp_flags.is_pathref) {
return fsetxattr(fd, name, value, size, flags);
}
diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c
index aa6ed82e472..c955f38d5d5 100644
--- a/source3/modules/vfs_streams_xattr.c
+++ b/source3/modules/vfs_streams_xattr.c
@@ -1551,6 +1551,38 @@ static bool streams_xattr_strict_lock_check(struct vfs_handle_struct *handle,
return true;
}
+static int streams_xattr_fcntl(vfs_handle_struct *handle,
+ files_struct *fsp,
+ int cmd,
+ va_list cmd_arg)
+{
+ va_list dup_cmd_arg;
+ void *arg;
+ int ret;
+
+ if (fsp_is_alternate_stream(fsp)) {
+ switch (cmd) {
+ case F_GETFL:
+ case F_SETFL:
+ break;
+ default:
+ DBG_ERR("Unsupported fcntl() cmd [%d] on [%s]\n",
+ cmd, fsp_str_dbg(fsp));
+ errno = EINVAL;
+ return -1;
+ }
+ }
+
+ va_copy(dup_cmd_arg, cmd_arg);
+ arg = va_arg(dup_cmd_arg, void *);
+
+ ret = SMB_VFS_NEXT_FCNTL(handle, fsp, cmd, arg);
+
+ va_end(dup_cmd_arg);
+
+ return ret;
+}
+
static struct vfs_fn_pointers vfs_streams_xattr_fns = {
.fs_capabilities_fn = streams_xattr_fs_capabilities,
.connect_fn = streams_xattr_connect,
@@ -1579,6 +1611,7 @@ static struct vfs_fn_pointers vfs_streams_xattr_fns = {
.kernel_flock_fn = streams_xattr_kernel_flock,
.linux_setlease_fn = streams_xattr_linux_setlease,
.strict_lock_check_fn = streams_xattr_strict_lock_check,
+ .fcntl_fn = streams_xattr_fcntl,
.fchown_fn = streams_xattr_fchown,
.fchmod_fn = streams_xattr_fchmod,
diff --git a/source3/modules/vfs_xattr_tdb.c b/source3/modules/vfs_xattr_tdb.c
index 42c570b54b3..2b698f048e4 100644
--- a/source3/modules/vfs_xattr_tdb.c
+++ b/source3/modules/vfs_xattr_tdb.c
@@ -29,7 +29,21 @@
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_VFS
-static bool xattr_tdb_init(int snum, TALLOC_CTX *mem_ctx, struct db_context **p_db);
+struct xattr_tdb_config {
+ struct db_context *db;
+ bool ignore_user_xattr;
+};
+
+static bool xattr_tdb_init(struct vfs_handle_struct *handle,
+ struct xattr_tdb_config **_config);
+
+static bool is_user_xattr(const char *xattr_name)
+{
+ int match;
+
+ match = strncmp(xattr_name, "user.", strlen("user."));
+ return (match == 0);
+}
static int xattr_tdb_get_file_id(struct vfs_handle_struct *handle,
const char *path, struct file_id *id)
@@ -68,6 +82,8 @@ struct xattr_tdb_getxattrat_state {
uint8_t *xattr_value;
};
+static void xattr_tdb_getxattrat_done(struct tevent_req *subreq);
+
static struct tevent_req *xattr_tdb_getxattrat_send(
TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
@@ -77,16 +93,21 @@ static struct tevent_req *xattr_tdb_getxattrat_send(
const char *xattr_name,
size_t alloc_hint)
{
+ struct xattr_tdb_config *config = NULL;
struct tevent_req *req = NULL;
+ struct tevent_req *subreq = NULL;
struct xattr_tdb_getxattrat_state *state = NULL;
struct smb_filename *cwd = NULL;
- struct db_context *db = NULL;
struct file_id id;
int ret;
int error;
int cwd_ret;
DATA_BLOB xattr_blob;
+ if (!xattr_tdb_init(handle, &config)) {
+ return NULL;
+ }
+
req = tevent_req_create(mem_ctx, &state,
struct xattr_tdb_getxattrat_state);
if (req == NULL) {
@@ -94,11 +115,20 @@ static struct tevent_req *xattr_tdb_getxattrat_send(
}
state->xattr_size = -1;
- SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context,
- if (!xattr_tdb_init(-1, state, &db)) {
- tevent_req_error(req, EIO);
- return tevent_req_post(req, ev);
- });
+ if (config->ignore_user_xattr && is_user_xattr(xattr_name)) {
--
Samba Shared Repository
More information about the samba-cvs
mailing list