[SCM] Samba Shared Repository - branch v4-16-test updated
Jule Anger
janger at samba.org
Tue Sep 6 08:50:02 UTC 2022
The branch, v4-16-test has been updated
via 1761ad3dff2 smbd: check for streams support in unix_convert()
via 7c83b7788ec smbd: return NT_STATUS_OBJECT_NAME_INVALID if a share doesn't support streams
via b807f3624d1 smbtorture: add a test trying to create a stream on share without streams support
via bc81ebe3e39 smbd: implement access checks for SMB2-GETINFO as per MS-SMB2 3.3.5.20.1
via 6e091cc59ac smbtorture: check required access for SMB2-GETINFO
via d89294ecfc7 s4/libcli/smb2: avoid using smb2_composite_setpathinfo() in smb2_util_setatr()
via 1d244421838 smbd: directly pass fsp to SMB_VFS_FGETXATTR() in fget_ea_dos_attribute()
via 5a9aa7aa84e smbd: add and use vfs_fget_dos_attributes()
via 3d54c1b6ebc smbtorture: add test smb2.stream.attributes2
via 6ee18ad9eaf smbtorture: rename smb2.streams.attributes to smb2.streams.attributes1
via a13748d2427 vfs_default: assert all passed in fsp's and names are non-stream type
via e661087a9e2 vfs_streams_xattr: restrict which fcntl's are allowed on streams
via 06b5438132e smbd: skip access checks for stat-opens on streams in open_file()
via 2ae309348ad smbd: use metadata_fsp() in get_acl_group_bits()
via 8d0581a8ab1 smbd: ignore request to set the SPARSE attribute on streams
via 39129be4fef smbd: use metadata_fsp() with SMB_VFS_FSET_DOS_ATTRIBUTES()
via eab9c65b075 smbd: use metadata_fsp() with SMB_VFS_FGET_DOS_ATTRIBUTES()
via 11947a8e59a smbd: use metadata_fsp() with SMB_VFS_FSET_NT_ACL()
via 9823e919994 smbd: use metadata_fsp() with SMB_VFS_FGET_NT_ACL()
via 3e6566222c9 CI: add a test trying to delete a stream on a pathref ("stat open") handle
via 00ce839865c vfs_xattr_tdb: add "xattr_tdb:ignore_user_xattr" option
via 6d66f432297 vfs_xattr_tdb: add a module config
via b83ff1252ed vfs_xattr_tdb: move close_xattr_db()
via 56ab8361573 smdb: use fsp_is_alternate_stream() in open_file()
via 20a425fcde0 smbd: Introduce metadata_fsp()
via 3160ff28e87 smbd: Introduce fsp_is_alternate_stream()
from df7d6f0c486 lib:replace: Only include <sys/mount.h> on non-Linux systems
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-16-test
- Log -----------------------------------------------------------------
commit 1761ad3dff2e887593a06a9d9d47828427133bfd
Author: Ralph Boehme <slow at samba.org>
Date: Thu Sep 1 18:55:52 2022 +0200
smbd: check for streams support in unix_convert()
Fixes a regression introduced by the fixes for bug 15126 where we crash in
vfs_default in vfswrap_stat():
assert failed: !is_named_stream(smb_fname)
The frontend calls into the VFS from build_stream_path() with a stream path
without checking if the share supports streams.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15161
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
[slow at samba.org: change from master adapted for unix_convert()]
Autobuild-User(v4-16-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-16-test): Tue Sep 6 08:49:51 UTC 2022 on sn-devel-184
commit 7c83b7788ec022551a2fd9381a1a5ff8e4adf5bc
Author: Ralph Boehme <slow at samba.org>
Date: Fri Sep 2 12:09:53 2022 +0200
smbd: return NT_STATUS_OBJECT_NAME_INVALID if a share doesn't support streams
This is what a Windows server returns. Tested with a share residing on a FAT
formatted drive, a Windows filesystem that doesn't support streams.
Combinations tested:
file::$DATA
file:stream
file:stream:$DATA
All three fail with NT_STATUS_OBJECT_NAME_INVALID.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15161
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 201e1969bf31af07e8bd52876ff7f4d72b48a848)
commit b807f3624d1f720ad3d60c7ee51a69d89183633f
Author: Ralph Boehme <slow at samba.org>
Date: Thu Sep 1 18:55:23 2022 +0200
smbtorture: add a test trying to create a stream on share without streams support
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15161
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(backported from commit 3dcdab86f13fabb7a8c6ce71c59a565287d11244)
[slow at samba.org: context changes from different tests]
commit bc81ebe3e393767c4275c6fb5a50599b00f858c4
Author: Ralph Boehme <slow at samba.org>
Date: Sun Aug 14 18:46:24 2022 +0200
smbd: implement access checks for SMB2-GETINFO as per MS-SMB2 3.3.5.20.1
The spec lists the following as requiring special access:
- for requiring FILE_READ_ATTRIBUTES:
FileBasicInformation
FileAllInformation
FileNetworkOpenInformation
FileAttributeTagInformation
- for requiring FILE_READ_EA:
FileFullEaInformation
All other infolevels are unrestricted.
We ignore the IPC related infolevels:
FilePipeInformation
FilePipeLocalInformation
FilePipeRemoteInformation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15153
RN: Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Aug 23 12:54:08 UTC 2022 on sn-devel-184
(cherry picked from commit 6d493a9d568c08cfe5242821ccbd5a5ee1fe5284)
commit 6e091cc59ac1021e66832dc5041cfb2880513482
Author: Ralph Boehme <slow at samba.org>
Date: Fri Aug 19 17:29:55 2022 +0200
smbtorture: check required access for SMB2-GETINFO
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15153
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 9b2d28157107602fcbe659664cf9ca25f08bb30b)
commit d89294ecfc72b6e238e969fd7a3938a8df1cf058
Author: Ralph Boehme <slow at samba.org>
Date: Sun Aug 14 18:51:30 2022 +0200
s4/libcli/smb2: avoid using smb2_composite_setpathinfo() in smb2_util_setatr()
smb2_composite_setpathinfo() uses SEC_FLAG_MAXIMUM_ALLOWED which can
have unwanted side effects like breaking oplocks if the effective access
includes [READ|WRITE]_DATA.
For changing the DOS attributes we only need SEC_FILE_WRITE_ATTRIBUTE. With this
change test_smb2_oplock_batch25() doesn't trigger an oplock break anymore.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15153
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 66e40690bdd41800a01333ce4243bd62ee2b1894)
commit 1d2444218383eccab86a89797c2d05b8e3b026a5
Author: Ralph Boehme <slow at samba.org>
Date: Sun Aug 14 16:39:37 2022 +0200
smbd: directly pass fsp to SMB_VFS_FGETXATTR() in fget_ea_dos_attribute()
We're now consistently passing the base_fsp to SMB_VFS_FSET_DOS_ATTRIBUTES(), so
we don't need to check for a stream_fsp here anymore.
Additionally vfs_default will assert a non-stream fsp inside
vfswrap_fgetxattr(), so in case any caller wrongly passes a stream fsp, this is
caught in vfs_default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 968a5ae89f0d0da219e7dd05dd1f7f7c96dbb910)
commit 5a9aa7aa84e9492448b9bdba182c73cb4501f7e0
Author: Ralph Boehme <slow at samba.org>
Date: Thu Aug 11 17:18:13 2022 +0200
smbd: add and use vfs_fget_dos_attributes()
Commit d71ef1365cdde47aeb3465699181656b0655fa04 caused a regression where the
creation date on streams wasn't updated anymore on the stream fsp.
By adding a simple wrapper vfs_fget_dos_attributes() that takes care of
- passing only the base_fsp to the VFS, so the VFS can be completely agnostic of
all the streams related complexity like fake fds,
- propagating any updated btime from the base_fsp->fsp_name to the
stream_fsp->fsp_name
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(backported from commit 3f7d8db9945a325020e4d1574289dea9e8331c29)
[slow at samba.org: also update itime and file_id]
commit 3d54c1b6ebc3c876ab910af159e3aea44336654a
Author: Ralph Boehme <slow at samba.org>
Date: Sat Aug 13 16:13:07 2022 +0200
smbtorture: add test smb2.stream.attributes2
Specifically torture the creation date is the same for the file and its streams.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit e74b10e17ee5df0f77ac5349242841be8d71c4e8)
commit 6ee18ad9eaff5b97a720dfcca7cb561cf73a919d
Author: Ralph Boehme <slow at samba.org>
Date: Sat Aug 13 17:04:50 2022 +0200
smbtorture: rename smb2.streams.attributes to smb2.streams.attributes1
A subsequent commit adds another streams test named "attributes2", this change
avoids matching the new testname with the existing knownfail entries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit b5848d391be4f7633745d9c36e432ac8b1c9dba2)
commit a13748d24272ae7dafdacb6461cbd295c636089c
Author: Ralph Boehme <slow at samba.org>
Date: Wed Jul 27 18:40:21 2022 +0200
vfs_default: assert all passed in fsp's and names are non-stream type
Enforce fsp is a non-stream one in as many VFS operations as possible in
vfs_default. We really need an assert here instead of returning an error, as
otherwise he can have very hard to diagnose bugs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Aug 10 16:32:35 UTC 2022 on sn-devel-184
(backported from commit fc45fcfde51b0b0bdcd524c82a0f9eabf7273045)
[slow at samba.org: skip some hunks that are not applicable]
commit e661087a9e2268d3d3725bd416289d10c4e19e18
Author: Ralph Boehme <slow at samba.org>
Date: Fri Jul 29 07:07:25 2022 +0200
vfs_streams_xattr: restrict which fcntl's are allowed on streams
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 51243e3849736acbbf1d8f52cc02cdec5995fde4)
commit 06b5438132e06c4d56a33b68d7b67d71a180ac74
Author: Ralph Boehme <slow at samba.org>
Date: Wed Jul 27 15:58:37 2022 +0200
smbd: skip access checks for stat-opens on streams in open_file()
For streams, access is already checked in create_file_unixpath() by
check_base_file_access().
We already skip the access check in this function when doing an IO open of a
file, see above in open_file(), also skip it for "stat opens".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(backported from commit f0299abf1b28a14518328710d9f84bef17fd2ecf)
[slow at samba.org: smbd_check_access_rights_fsp(dirfsp) -> smbd_check_access_rights_fsp(parent_dir->fsp)]
commit 2ae309348ad18944a9f2a7a744eb54b0bf6bf8e7
Author: Ralph Boehme <slow at samba.org>
Date: Wed Jul 27 19:05:26 2022 +0200
smbd: use metadata_fsp() in get_acl_group_bits()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(backported from commit 06555c6bcb5644fc9eea35b3cbae8d8801c65ab6)
[slow at samba.org: metadata_fsp(fsp) -> metadata_fsp(smb_fname->fsp)]
commit 8d0581a8ab1e9a4d257fac336d0b6cc1502b730d
Author: Ralph Boehme <slow at samba.org>
Date: Fri Jul 29 14:56:41 2022 +0200
smbd: ignore request to set the SPARSE attribute on streams
As per MS-FSA 2.1.1.5 this is a per stream attribute, but our backends don't
support it in a consistent way, therefor just pretend success and ignore the
request.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 3af8f8e8741cc8c889bbf416ccd38a1b702917ec)
commit 39129be4fef0c54f631667154e249a610109180e
Author: Ralph Boehme <slow at samba.org>
Date: Fri Jul 29 14:56:21 2022 +0200
smbd: use metadata_fsp() with SMB_VFS_FSET_DOS_ATTRIBUTES()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 55e55804bb2d0f21c1bbe207257bb40555f3b7a2)
commit eab9c65b07512dc7c6bf6a6e4e50015466c493b5
Author: Ralph Boehme <slow at samba.org>
Date: Fri Jul 29 14:55:08 2022 +0200
smbd: use metadata_fsp() with SMB_VFS_FGET_DOS_ATTRIBUTES()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 03b9ce84736d536ab2dd8a5ce1a2656e6a90c8c8)
commit 11947a8e59abd95f9a4b1b1214edcddb2904d9d5
Author: Ralph Boehme <slow at samba.org>
Date: Fri Jul 29 14:54:07 2022 +0200
smbd: use metadata_fsp() with SMB_VFS_FSET_NT_ACL()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 4ab29e2a345b48ebba652d5154e96adf954a6757)
commit 9823e91999480f7d6aecb31e92c9062b1f2ca6fd
Author: Ralph Boehme <slow at samba.org>
Date: Fri Jul 29 14:49:56 2022 +0200
smbd: use metadata_fsp() with SMB_VFS_FGET_NT_ACL()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(backported from commit c949e4b2a42423ac3851e86e489fd0c5d46d7f1f)
[slow at samba.org: context mismatch due to smbd_check_access_rights_fname() call in master]
commit 3e6566222c98cb42d7d60b5a3507fb8e294a1482
Author: Ralph Boehme <slow at samba.org>
Date: Wed Jul 27 13:37:32 2022 +0200
CI: add a test trying to delete a stream on a pathref ("stat open") handle
When using vfs_streams_xattr, for a pathref handle of a stream the system fd
will be a fake fd created by pipe() in vfs_fake_fd().
For the following callchain we wrongly pass a stream fsp to
SMB_VFS_FGET_NT_ACL():
SMB_VFS_CREATE_FILE(..., "file:stream", ...)
=> open_file():
if (open_fd):
-> taking the else branch:
-> smbd_check_access_rights_fsp(stream_fsp)
-> SMB_VFS_FGET_NT_ACL(stream_fsp)
This is obviously wrong and can lead to strange permission errors when using
vfs_acl_xattr:
in vfs_acl_xattr we will try to read the stored ACL by calling
fgetxattr(fake-fd) which of course faild with EBADF. Now unfortunately the
vfs_acl_xattr code ignores the specific error and handles this as if there was
no ACL stored and subsequently runs the code to synthesize a default ACL
according to the setting of "acl:default acl style".
As the correct access check for streams has already been carried out by calling
check_base_file_access() from create_file_unixpath(), the above problem is not
a security issue: it can only lead to "decreased" permissions resulting in
unexpected ACCESS_DENIED errors.
The fix is obviously going to be calling
smbd_check_access_rights_fsp(stream_fsp->base_fsp).
This test verifies that deleting a file works when the stored NT ACL grants
DELETE_FILE while the basic POSIX permissions (used in the acl_xattr fallback
code) do not.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 23bc760ec5d61208c2d8778991e3d7e202eab352)
commit 00ce839865c7b08c57211817ae14009f02ee44f9
Author: Ralph Boehme <slow at samba.org>
Date: Wed Jul 27 12:47:21 2022 +0200
vfs_xattr_tdb: add "xattr_tdb:ignore_user_xattr" option
Allows passing on "user." xattr to the backend. This can be useful for testing
specific aspects of operation on streams when "streams_xattr" is configured as
stream filesystem backend.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 92e0045d7ca7c0b94efd0244ba0e426cad0a05b6)
commit 6d66f432297629ee4a608c2a96052f12303fa497
Author: Ralph Boehme <slow at samba.org>
Date: Wed Jul 27 11:59:54 2022 +0200
vfs_xattr_tdb: add a module config
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 451ad315a9bf32c627e1966ec30185542701c87e)
commit b83ff1252ed7883e257e41ed7ead4e995ad070c8
Author: Ralph Boehme <slow at samba.org>
Date: Wed Jul 27 12:43:01 2022 +0200
vfs_xattr_tdb: move close_xattr_db()
This just makes the diff of the next commit smaller and easier to digest.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit b26dc252aaf3f4b960bdfdb6a3dfe612b89fcdd5)
commit 56ab8361573e436c5c1517d5d23e980e45bcc815
Author: Ralph Boehme <slow at samba.org>
Date: Wed Jul 27 16:04:24 2022 +0200
smdb: use fsp_is_alternate_stream() in open_file()
No change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 0d3995cec10c5fae8c8b6a1df312062e38437e6f)
commit 20a425fcde0ef99d29bd484b7cadfcb75b217bc4
Author: Volker Lendecke <vl at samba.org>
Date: Fri Feb 11 09:45:30 2022 +0100
smbd: Introduce metadata_fsp()
Centralize the pattern
if (fsp->base_fsp != NULL) {
fsp = fsp->base_fsp;
}
with a descriptive name.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(backported from commit ac58b0b942cd73210100ee346816a0cf23900716)
[slow at samba.org: only backport the function, skip all updated callers]
commit 3160ff28e87f95f421ed167d8e079903c5737cb3
Author: Volker Lendecke <vl at samba.org>
Date: Fri Feb 11 09:37:35 2022 +0100
smbd: Introduce fsp_is_alternate_stream()
To me this is more descriptive than "fsp->base_fsp != NULL". If this
turns out to be a performance problem, I would go and make this a
static inline in smbd/proto.h.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(backported from commit 21b380ca133417df096e2b262a5da41faff186ea)
[slow at samba.org: only backport the function, skip all changed callers]
-----------------------------------------------------------------------
Summary of changes:
selftest/knownfail | 3 +-
selftest/target/Samba3.pm | 7 +
source3/include/proto.h | 3 +
source3/modules/vfs_default.c | 94 +++++---
source3/modules/vfs_streams_xattr.c | 33 +++
source3/modules/vfs_xattr_tdb.c | 293 ++++++++++++++---------
source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 2 +-
source3/script/tests/test_delete_stream.sh | 123 ++++++++++
source3/selftest/tests.py | 3 +
source3/smbd/dir.c | 2 +-
source3/smbd/dosmode.c | 24 +-
source3/smbd/file_access.c | 2 +-
source3/smbd/filename.c | 9 +-
source3/smbd/files.c | 13 ++
source3/smbd/open.c | 65 +++---
source3/smbd/posix_acls.c | 2 +-
source3/smbd/proto.h | 2 +
source3/smbd/pysmbd.c | 4 +-
source3/smbd/smb2_getinfo.c | 28 +++
source3/smbd/vfs.c | 54 +++++
source3/torture/cmd_vfs.c | 12 +-
source4/libcli/smb2/util.c | 37 ++-
source4/selftest/tests.py | 1 +
source4/torture/smb2/create.c | 48 ++++
source4/torture/smb2/getinfo.c | 147 ++++++++++++
source4/torture/smb2/oplock.c | 10 +-
source4/torture/smb2/smb2.c | 1 +
source4/torture/smb2/streams.c | 361 ++++++++++++++++++++++++++++-
28 files changed, 1176 insertions(+), 207 deletions(-)
create mode 100755 source3/script/tests/test_delete_stream.sh
Changeset truncated at 500 lines:
diff --git a/selftest/knownfail b/selftest/knownfail
index 4c5d03147d2..a630270e5f0 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -176,6 +176,7 @@
^samba4.smb2.oplock.stream1 # samba 4 oplocks are a mess
^samba4.smb2.oplock.statopen1\(ad_dc_ntvfs\)$ # fails with ACCESS_DENIED on a SYNCHRONIZE_ACCESS open
^samba4.smb2.getinfo.complex # streams on directories does not work
+^samba4.smb2.getinfo.getinfo_access\(ad_dc_ntvfs\) # Access checks not implemented
^samba4.smb2.getinfo.qfs_buffercheck # S4 does not do the INFO_LENGTH_MISMATCH/BUFFER_OVERFLOW thingy
^samba4.smb2.getinfo.qfile_buffercheck # S4 does not do the INFO_LENGTH_MISMATCH/BUFFER_OVERFLOW thingy
^samba4.smb2.getinfo.qsec_buffercheck # S4 does not do the BUFFER_TOO_SMALL thingy
@@ -207,10 +208,8 @@
^samba3.smb2.oplock.stream1
^samba3.smb2.streams.rename
^samba3.smb2.streams.rename2
-^samba3.smb2.streams.attributes
^samba3.smb2.streams streams_xattr.rename\(nt4_dc\)
^samba3.smb2.streams streams_xattr.rename2\(nt4_dc\)
-^samba3.smb2.streams streams_xattr.attributes\(nt4_dc\)
^samba3.smb2.getinfo.complex
^samba3.smb2.getinfo.fsinfo # quotas don't work yet
^samba3.smb2.setinfo.setinfo
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 595be223dce..976afe89186 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -3255,6 +3255,13 @@ sub provision($$)
copy = tmp
vfs objects = streams_xattr xattr_tdb
+[acl_streams_xattr]
+ copy = tmp
+ vfs objects = acl_xattr streams_xattr fake_acls xattr_tdb
+ acl_xattr:ignore system acls = yes
+ acl_xattr:security_acl_name = user.acl
+ xattr_tdb:ignore_user_xattr = yes
+
[compound_find]
copy = tmp
smbd:find async delay usec = 10000
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 19a9c6b8a01..81357968bf6 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -82,6 +82,9 @@ NTSTATUS vfs_at_fspcwd(TALLOC_CTX *mem_ctx,
struct connection_struct *conn,
struct files_struct **_fsp);
+NTSTATUS vfs_fget_dos_attributes(struct files_struct *fsp,
+ uint32_t *dosmode);
+
#include "source3/lib/interface.h"
/* The following definitions come from lib/ldap_debug_handler.c */
diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index 5977122a512..c6784538353 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -700,11 +700,7 @@ static int vfswrap_openat(vfs_handle_struct *handle,
START_PROFILE(syscall_openat);
- if (is_named_stream(smb_fname)) {
- errno = ENOENT;
- result = -1;
- goto out;
- }
+ SMB_ASSERT(!is_named_stream(smb_fname));
#ifdef O_PATH
have_opath = true;
@@ -729,7 +725,6 @@ static int vfswrap_openat(vfs_handle_struct *handle,
fsp->fsp_flags.have_proc_fds = fsp->conn->have_proc_fds;
-out:
END_PROFILE(syscall_openat);
return result;
}
@@ -1250,17 +1245,14 @@ static int vfswrap_renameat(vfs_handle_struct *handle,
START_PROFILE(syscall_renameat);
- if (is_named_stream(smb_fname_src) || is_named_stream(smb_fname_dst)) {
- errno = ENOENT;
- goto out;
- }
+ SMB_ASSERT(!is_named_stream(smb_fname_src));
+ SMB_ASSERT(!is_named_stream(smb_fname_dst));
result = renameat(fsp_get_pathref_fd(srcfsp),
smb_fname_src->base_name,
fsp_get_pathref_fd(dstfsp),
smb_fname_dst->base_name);
- out:
END_PROFILE(syscall_renameat);
return result;
}
@@ -1272,14 +1264,11 @@ static int vfswrap_stat(vfs_handle_struct *handle,
START_PROFILE(syscall_stat);
- if (is_named_stream(smb_fname)) {
- errno = ENOENT;
- goto out;
- }
+ SMB_ASSERT(!is_named_stream(smb_fname));
result = sys_stat(smb_fname->base_name, &smb_fname->st,
lp_fake_directory_create_times(SNUM(handle->conn)));
- out:
+
END_PROFILE(syscall_stat);
return result;
}
@@ -1302,14 +1291,11 @@ static int vfswrap_lstat(vfs_handle_struct *handle,
START_PROFILE(syscall_lstat);
- if (is_named_stream(smb_fname)) {
- errno = ENOENT;
- goto out;
- }
+ SMB_ASSERT(!is_named_stream(smb_fname));
result = sys_lstat(smb_fname->base_name, &smb_fname->st,
lp_fake_directory_create_times(SNUM(handle->conn)));
- out:
+
END_PROFILE(syscall_lstat);
return result;
}
@@ -1406,6 +1392,8 @@ static NTSTATUS vfswrap_fsctl(struct vfs_handle_struct *handle,
char **out_data = (char **)_out_data;
NTSTATUS status;
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
switch (function) {
case FSCTL_SET_SPARSE:
{
@@ -1770,6 +1758,8 @@ static struct tevent_req *vfswrap_get_dos_attributes_send(
struct tevent_req *subreq = NULL;
struct vfswrap_get_dos_attributes_state *state = NULL;
+ SMB_ASSERT(!is_named_stream(smb_fname));
+
req = tevent_req_create(mem_ctx, &state,
struct vfswrap_get_dos_attributes_state);
if (req == NULL) {
@@ -1926,6 +1916,8 @@ static NTSTATUS vfswrap_fget_dos_attributes(struct vfs_handle_struct *handle,
{
bool offline;
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
offline = vfswrap_is_offline(handle->conn, fsp->fsp_name);
if (offline) {
*dosmode |= FILE_ATTRIBUTE_OFFLINE;
@@ -1938,6 +1930,8 @@ static NTSTATUS vfswrap_fset_dos_attributes(struct vfs_handle_struct *handle,
struct files_struct *fsp,
uint32_t dosmode)
{
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
return set_ea_dos_attribute(handle->conn, fsp->fsp_name, dosmode);
}
@@ -2614,15 +2608,12 @@ static int vfswrap_unlinkat(vfs_handle_struct *handle,
START_PROFILE(syscall_unlinkat);
- if (is_named_stream(smb_fname)) {
- errno = ENOENT;
- goto out;
- }
+ SMB_ASSERT(!is_named_stream(smb_fname));
+
result = unlinkat(fsp_get_pathref_fd(dirfsp),
smb_fname->base_name,
flags);
- out:
END_PROFILE(syscall_unlinkat);
return result;
}
@@ -3107,6 +3098,8 @@ static int vfswrap_linux_setlease(vfs_handle_struct *handle, files_struct *fsp,
START_PROFILE(syscall_linux_setlease);
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
#ifdef HAVE_KERNEL_OPLOCKS_LINUX
result = linux_setlease(fsp_get_io_fd(fsp), leasetype);
#else
@@ -3125,6 +3118,8 @@ static int vfswrap_symlinkat(vfs_handle_struct *handle,
START_PROFILE(syscall_symlinkat);
+ SMB_ASSERT(!is_named_stream(new_smb_fname));
+
result = symlinkat(link_target->base_name,
fsp_get_pathref_fd(dirfsp),
new_smb_fname->base_name);
@@ -3142,6 +3137,8 @@ static int vfswrap_readlinkat(vfs_handle_struct *handle,
START_PROFILE(syscall_readlinkat);
+ SMB_ASSERT(!is_named_stream(smb_fname));
+
result = readlinkat(fsp_get_pathref_fd(dirfsp),
smb_fname->base_name,
buf,
@@ -3162,6 +3159,9 @@ static int vfswrap_linkat(vfs_handle_struct *handle,
START_PROFILE(syscall_linkat);
+ SMB_ASSERT(!is_named_stream(old_smb_fname));
+ SMB_ASSERT(!is_named_stream(new_smb_fname));
+
result = linkat(fsp_get_pathref_fd(srcfsp),
old_smb_fname->base_name,
fsp_get_pathref_fd(dstfsp),
@@ -3182,6 +3182,8 @@ static int vfswrap_mknodat(vfs_handle_struct *handle,
START_PROFILE(syscall_mknodat);
+ SMB_ASSERT(!is_named_stream(smb_fname));
+
result = sys_mknodat(fsp_get_pathref_fd(dirfsp),
smb_fname->base_name,
mode,
@@ -3220,6 +3222,8 @@ static int vfswrap_fchflags(vfs_handle_struct *handle,
#ifdef HAVE_FCHFLAGS
int fd = fsp_get_pathref_fd(fsp);
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
if (!fsp->fsp_flags.is_pathref) {
return fchflags(fd, flags);
}
@@ -3295,6 +3299,8 @@ static NTSTATUS vfswrap_fstreaminfo(vfs_handle_struct *handle,
struct stream_struct *streams = *pstreams;
NTSTATUS status;
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
if (fsp->fsp_flags.is_directory) {
/*
* No default streams on directories
@@ -3395,6 +3401,9 @@ static NTSTATUS vfswrap_fget_nt_acl(vfs_handle_struct *handle,
NTSTATUS result;
START_PROFILE(fget_nt_acl);
+
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
result = posix_fget_nt_acl(fsp, security_info,
mem_ctx, ppdesc);
END_PROFILE(fget_nt_acl);
@@ -3406,6 +3415,9 @@ static NTSTATUS vfswrap_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp
NTSTATUS result;
START_PROFILE(fset_nt_acl);
+
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
result = set_nt_acl(fsp, security_info_sent, psd);
END_PROFILE(fset_nt_acl);
return result;
@@ -3425,6 +3437,8 @@ static SMB_ACL_T vfswrap_sys_acl_get_fd(vfs_handle_struct *handle,
SMB_ACL_TYPE_T type,
TALLOC_CTX *mem_ctx)
{
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
return sys_acl_get_fd(handle, fsp, type, mem_ctx);
}
@@ -3433,12 +3447,16 @@ static int vfswrap_sys_acl_set_fd(vfs_handle_struct *handle,
SMB_ACL_TYPE_T type,
SMB_ACL_T theacl)
{
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
return sys_acl_set_fd(handle, fsp, type, theacl);
}
static int vfswrap_sys_acl_delete_def_fd(vfs_handle_struct *handle,
files_struct *fsp)
{
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
return sys_acl_delete_def_fd(handle, fsp);
}
@@ -3454,6 +3472,8 @@ static ssize_t vfswrap_fgetxattr(struct vfs_handle_struct *handle,
{
int fd = fsp_get_pathref_fd(fsp);
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
if (!fsp->fsp_flags.is_pathref) {
return fgetxattr(fd, name, value, size);
}
@@ -3524,6 +3544,8 @@ static struct tevent_req *vfswrap_getxattrat_send(
bool have_per_thread_creds = false;
bool do_async = false;
+ SMB_ASSERT(!is_named_stream(smb_fname));
+
req = tevent_req_create(mem_ctx, &state,
struct vfswrap_getxattrat_state);
if (req == NULL) {
@@ -3630,14 +3652,9 @@ static void vfswrap_getxattrat_do_sync(struct tevent_req *req)
{
struct vfswrap_getxattrat_state *state = tevent_req_data(
req, struct vfswrap_getxattrat_state);
- struct files_struct *fsp = state->smb_fname->fsp;
-
- if (fsp->base_fsp != NULL) {
- fsp = fsp->base_fsp;
- }
state->xattr_size = vfswrap_fgetxattr(state->handle,
- fsp,
+ state->smb_fname->fsp,
state->xattr_name,
state->xattr_value,
talloc_array_length(state->xattr_value));
@@ -3657,11 +3674,6 @@ static void vfswrap_getxattrat_do_async(void *private_data)
struct timespec start_time;
struct timespec end_time;
int ret;
- struct files_struct *fsp = state->smb_fname->fsp;
-
- if (fsp->base_fsp != NULL) {
- fsp = fsp->base_fsp;
- }
PROFILE_TIMESTAMP(&start_time);
SMBPROFILE_BYTES_ASYNC_SET_BUSY(state->profile_bytes);
@@ -3685,7 +3697,7 @@ static void vfswrap_getxattrat_do_async(void *private_data)
}
state->xattr_size = vfswrap_fgetxattr(state->handle,
- fsp,
+ state->smb_fname->fsp,
state->xattr_name,
state->xattr_value,
talloc_array_length(state->xattr_value));
@@ -3786,6 +3798,8 @@ static ssize_t vfswrap_flistxattr(struct vfs_handle_struct *handle, struct files
{
int fd = fsp_get_pathref_fd(fsp);
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
if (!fsp->fsp_flags.is_pathref) {
return flistxattr(fd, list, size);
}
@@ -3812,6 +3826,8 @@ static int vfswrap_fremovexattr(struct vfs_handle_struct *handle, struct files_s
{
int fd = fsp_get_pathref_fd(fsp);
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
if (!fsp->fsp_flags.is_pathref) {
return fremovexattr(fd, name);
}
@@ -3838,6 +3854,8 @@ static int vfswrap_fsetxattr(struct vfs_handle_struct *handle, struct files_stru
{
int fd = fsp_get_pathref_fd(fsp);
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
if (!fsp->fsp_flags.is_pathref) {
return fsetxattr(fd, name, value, size, flags);
}
diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c
index 8603db45d63..b69a4f342f5 100644
--- a/source3/modules/vfs_streams_xattr.c
+++ b/source3/modules/vfs_streams_xattr.c
@@ -1554,6 +1554,38 @@ static bool streams_xattr_strict_lock_check(struct vfs_handle_struct *handle,
return true;
}
+static int streams_xattr_fcntl(vfs_handle_struct *handle,
+ files_struct *fsp,
+ int cmd,
+ va_list cmd_arg)
+{
+ va_list dup_cmd_arg;
+ void *arg;
+ int ret;
+
+ if (fsp_is_alternate_stream(fsp)) {
+ switch (cmd) {
+ case F_GETFL:
+ case F_SETFL:
+ break;
+ default:
+ DBG_ERR("Unsupported fcntl() cmd [%d] on [%s]\n",
+ cmd, fsp_str_dbg(fsp));
+ errno = EINVAL;
+ return -1;
+ }
+ }
+
+ va_copy(dup_cmd_arg, cmd_arg);
+ arg = va_arg(dup_cmd_arg, void *);
+
+ ret = SMB_VFS_NEXT_FCNTL(handle, fsp, cmd, arg);
+
+ va_end(dup_cmd_arg);
+
+ return ret;
+}
+
static struct vfs_fn_pointers vfs_streams_xattr_fns = {
.fs_capabilities_fn = streams_xattr_fs_capabilities,
.connect_fn = streams_xattr_connect,
@@ -1582,6 +1614,7 @@ static struct vfs_fn_pointers vfs_streams_xattr_fns = {
.filesystem_sharemode_fn = streams_xattr_filesystem_sharemode,
.linux_setlease_fn = streams_xattr_linux_setlease,
.strict_lock_check_fn = streams_xattr_strict_lock_check,
+ .fcntl_fn = streams_xattr_fcntl,
.fchown_fn = streams_xattr_fchown,
.fchmod_fn = streams_xattr_fchmod,
diff --git a/source3/modules/vfs_xattr_tdb.c b/source3/modules/vfs_xattr_tdb.c
index 42c570b54b3..2b698f048e4 100644
--- a/source3/modules/vfs_xattr_tdb.c
+++ b/source3/modules/vfs_xattr_tdb.c
@@ -29,7 +29,21 @@
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_VFS
-static bool xattr_tdb_init(int snum, TALLOC_CTX *mem_ctx, struct db_context **p_db);
+struct xattr_tdb_config {
+ struct db_context *db;
+ bool ignore_user_xattr;
+};
+
+static bool xattr_tdb_init(struct vfs_handle_struct *handle,
+ struct xattr_tdb_config **_config);
+
+static bool is_user_xattr(const char *xattr_name)
+{
+ int match;
+
+ match = strncmp(xattr_name, "user.", strlen("user."));
+ return (match == 0);
+}
static int xattr_tdb_get_file_id(struct vfs_handle_struct *handle,
const char *path, struct file_id *id)
@@ -68,6 +82,8 @@ struct xattr_tdb_getxattrat_state {
uint8_t *xattr_value;
};
+static void xattr_tdb_getxattrat_done(struct tevent_req *subreq);
+
static struct tevent_req *xattr_tdb_getxattrat_send(
TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
@@ -77,16 +93,21 @@ static struct tevent_req *xattr_tdb_getxattrat_send(
const char *xattr_name,
size_t alloc_hint)
{
+ struct xattr_tdb_config *config = NULL;
struct tevent_req *req = NULL;
+ struct tevent_req *subreq = NULL;
struct xattr_tdb_getxattrat_state *state = NULL;
struct smb_filename *cwd = NULL;
- struct db_context *db = NULL;
struct file_id id;
int ret;
int error;
int cwd_ret;
DATA_BLOB xattr_blob;
+ if (!xattr_tdb_init(handle, &config)) {
+ return NULL;
+ }
+
req = tevent_req_create(mem_ctx, &state,
struct xattr_tdb_getxattrat_state);
if (req == NULL) {
@@ -94,11 +115,20 @@ static struct tevent_req *xattr_tdb_getxattrat_send(
}
state->xattr_size = -1;
- SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context,
- if (!xattr_tdb_init(-1, state, &db)) {
- tevent_req_error(req, EIO);
- return tevent_req_post(req, ev);
- });
+ if (config->ignore_user_xattr && is_user_xattr(xattr_name)) {
--
Samba Shared Repository
More information about the samba-cvs
mailing list