[SCM] Samba Shared Repository - branch v4-21-test updated
Jule Anger
janger at samba.org
Tue Aug 20 09:05:01 UTC 2024
The branch, v4-21-test has been updated
via 38055454914 s3:smb2_server: return NT_STATUS_NETWORK_SESSION_EXPIRED for compound requests
via 64416b69784 s4:torture/smb2: let smb2.session.expire2* also check compound requests
via 294f9e47a3b s3:libads: Do not print error message for a default configuration
via fcca9820023 docs-xml: Fix script location in syncmachinepasswordscript.xml
via c7e6ec6bae8 source3/script: Fix installation of winbind_ctdb_updatekeytab.sh
via 12084aa1bda WHATSNEW: update "New cephfs VFS module" section
from cf4feb17783 VERSION: Bump version up to Samba 4.21.0rc3...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-21-test
- Log -----------------------------------------------------------------
commit 3805545491419cf9a0ff7f0d2b45384c1adc14bf
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Aug 13 14:07:06 2024 +0200
s3:smb2_server: return NT_STATUS_NETWORK_SESSION_EXPIRED for compound requests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15696
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Aug 13 22:29:28 UTC 2024 on atb-devel-224
(cherry picked from commit 4df1bfd07012dd3d2d2921281e6d6e309303b88d)
Autobuild-User(v4-21-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-21-test): Tue Aug 20 09:04:48 UTC 2024 on atb-devel-224
commit 64416b69784c7f2df44f930d1e9d925573138632
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Aug 13 12:47:59 2024 +0200
s4:torture/smb2: let smb2.session.expire2* also check compound requests
This shows that all compound related requests should get
NT_STATUS_NETWORK_SESSION_EXPIRED.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15696
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit f6009aa73b9234df1e6ab689de322487ad1394ed)
commit 294f9e47a3b064e6f0a7a7b95ce79379c5a66f7f
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Fri Aug 16 16:37:32 2024 +0200
s3:libads: Do not print error message for a default configuration
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Mon Aug 19 13:21:08 UTC 2024 on atb-devel-224
(cherry picked from commit f1cd250a6fd7e0571bd22493c838d6c12c2adf5b)
commit fcca98200237f556a8aaa046f0f8d2d75608292d
Author: Anoop C S <anoopcs at samba.org>
Date: Wed Aug 14 19:49:04 2024 +0530
docs-xml: Fix script location in syncmachinepasswordscript.xml
Update the change in installation path for winbind_ctdb_updatekeytab.sh
from SAMBA_DATADIR to newly defined CTDB_DATADIR.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
Autobuild-User(master): Anoop C S <anoopcs at samba.org>
Autobuild-Date(master): Fri Aug 16 09:49:30 UTC 2024 on atb-devel-224
(cherry picked from commit 31c9352099f5efeb88d27c603ec2dbfaf98b300d)
commit c7e6ec6bae81fb663e5d8a69e7d86a740ef56913
Author: Anoop C S <anoopcs at samba.org>
Date: Wed Aug 14 19:47:35 2024 +0530
source3/script: Fix installation of winbind_ctdb_updatekeytab.sh
winbind_ctdb_updatekeytab.sh assumes the presence `onnode` utility to
execute `net ads` command on all nodes in the cluster. But `onnode`
is only built when configured with clustering support. Therefore perform
the script installation only with ctdb configuration. Also fix the
installation path to /usr/share/ctdb/scripts.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
(cherry picked from commit 3929fdae1a13ab029e173ce53598d3fa6cf40e9c)
commit 12084aa1bda8ac1c624d71fb6003e1bc5e669d5f
Author: Shachar Sharon <ssharon at redhat.com>
Date: Wed Aug 14 17:44:48 2024 +0300
WHATSNEW: update "New cephfs VFS module" section
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 10 ++++
docs-xml/generate-pathconf-entities.sh | 1 +
.../security/syncmachinepasswordscript.xml | 4 +-
dynconfig/wscript | 5 ++
source3/libads/kerberos_keytab.c | 5 +-
source3/script/wscript_build | 4 +-
source3/smbd/smb2_server.c | 16 ++++++-
source4/torture/smb2/session.c | 56 ++++++++++++++++++++++
8 files changed, 95 insertions(+), 6 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index c42c8cdb142..86ee75d6c3c 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -238,6 +238,16 @@ nodes. Check in smb.conf(5) the scripts winbind_ctdb_updatekeytab.sh and
For detailed information check the smb.conf(5) and net(8) manpages.
+New cephfs VFS module
+---------------------
+Introduce new vfs-to-cephfs bridge which uses libcephfs low-level APIs (instead
+of path-based operations in the existing module). It allows users to pass
+explicit user-credentials per call (including supplementary groups), as well as
+faster operations using inode and file-handle caching on the Samba side.
+Configuration is identical to existing module, but using 'ceph_new' instead of
+'ceph' for the relevant smb.conf entries. This new module is expected to
+deprecate and replace the old one in next major release.
+
REMOVED FEATURES
================
diff --git a/docs-xml/generate-pathconf-entities.sh b/docs-xml/generate-pathconf-entities.sh
index 6c0c31a3522..1b689a8a23f 100755
--- a/docs-xml/generate-pathconf-entities.sh
+++ b/docs-xml/generate-pathconf-entities.sh
@@ -17,5 +17,6 @@ echo "
<!ENTITY pathconfig.NTP_SIGND_SOCKET_DIR '\${prefix}/var/lib/ntp_signd'>
<!ENTITY pathconfig.MITKDCPATH '\${prefix}/sbin/krb5kdc'>
<!ENTITY pathconfig.SAMBA_DATADIR '\${prefix}/var/samba'>
+<!ENTITY pathconfig.CTDB_DATADIR '\${prefix}/share/ctdb'>
<!ENTITY pathconfig.CONFIGFILE '\${prefix}/etc/smb.conf'>
"
diff --git a/docs-xml/smbdotconf/security/syncmachinepasswordscript.xml b/docs-xml/smbdotconf/security/syncmachinepasswordscript.xml
index 9a7731930d5..df98610cf36 100644
--- a/docs-xml/smbdotconf/security/syncmachinepasswordscript.xml
+++ b/docs-xml/smbdotconf/security/syncmachinepasswordscript.xml
@@ -11,7 +11,7 @@
<para>
If keytabs should be generated in clustered environments it is recommended to update them on all nodes.
- You can set the config option to &pathconfig.SAMBA_DATADIR;/scripts/winbind_ctdb_updatekeytab.sh in clustering case.
+ You can set the config option to &pathconfig.CTDB_DATADIR;/scripts/winbind_ctdb_updatekeytab.sh in clustering case.
It is also needed to activate the <constant>46.update-keytabs.script</constant> in ctdb,
it re-creates the keytab during the ctdb recovered event:
<programlisting>
@@ -22,5 +22,5 @@
</description>
<value type="default"/>
-<value type="example">&pathconfig.SAMBA_DATADIR;/scripts/winbind_ctdb_updatekeytab.sh</value>
+<value type="example">&pathconfig.CTDB_DATADIR;/scripts/winbind_ctdb_updatekeytab.sh</value>
</samba:parameter>
diff --git a/dynconfig/wscript b/dynconfig/wscript
index 2041d881546..a784dac4e6c 100644
--- a/dynconfig/wscript
+++ b/dynconfig/wscript
@@ -105,6 +105,11 @@ dynconfig = {
'FHS-PATH': '${DATADIR}',
'OVERWRITE': True,
},
+ 'CTDB_DATADIR' : {
+ 'STD-PATH': '${DATADIR}/ctdb',
+ 'FHS-PATH': '${DATADIR}/ctdb',
+ 'OVERWRITE': True,
+ },
'SAMBA_DATADIR' : {
'STD-PATH': '${DATADIR}/samba',
'FHS-PATH': '${DATADIR}/samba',
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index e2fcee634b4..6ede567b75f 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -838,8 +838,9 @@ static bool pw2kt_default_keytab_name(char *name_str, size_t name_size)
break;
default:
- DBG_ERR("Invalid kerberos method set (%d)\n",
- lp_kerberos_method());
+ DBG_NOTICE("'kerberos method' is 'secrets only' but "
+ "'sync machine password to keytab' is not set "
+ "==> no keytab will be generated.\n");
return false;
}
diff --git a/source3/script/wscript_build b/source3/script/wscript_build
index 2b0643b0876..bc451497298 100644
--- a/source3/script/wscript_build
+++ b/source3/script/wscript_build
@@ -6,7 +6,9 @@ bld.INSTALL_FILES('${BINDIR}',
'smbtar',
chmod=MODE_755, flat=True)
bld.INSTALL_FILES('${BINDIR}', 'samba-log-parser', chmod=MODE_755, flat=True)
-bld.INSTALL_FILES('${DATADIR}', 'winbind_ctdb_updatekeytab.sh', chmod=MODE_755, flat=True)
+if conf.env.with_ctdb:
+ bld.INSTALL_FILES(bld.env.CTDB_DATADIR+"/scripts",
+ 'winbind_ctdb_updatekeytab.sh', chmod=MODE_755, flat=True)
# Callout scripts for use in selftest environment
bld.SAMBA_SCRIPT('smbaddshare', pattern='smbaddshare', installdir='.')
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index a32044d9357..b37829e8c4f 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -3050,6 +3050,7 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
bool signing_required = false;
bool encryption_desired = false;
bool encryption_required = false;
+ bool session_expired = false;
inhdr = SMBD_SMB2_IN_HDR_PTR(req);
@@ -3098,6 +3099,9 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
signing_required = x->global->signing_flags & SMBXSRV_SIGNING_REQUIRED;
encryption_desired = x->global->encryption_flags & SMBXSRV_ENCRYPTION_DESIRED;
encryption_required = x->global->encryption_flags & SMBXSRV_ENCRYPTION_REQUIRED;
+ session_expired =
+ NT_STATUS_EQUAL(session_status,
+ NT_STATUS_NETWORK_SESSION_EXPIRED);
}
req->async_internal = false;
@@ -3171,7 +3175,7 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
* This check is mostly for giving the correct error code
* for compounded requests.
*/
- if (!NT_STATUS_IS_OK(session_status)) {
+ if (!session_expired && !NT_STATUS_IS_OK(session_status)) {
return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
}
} else {
@@ -3257,6 +3261,9 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
}
if (!NT_STATUS_IS_OK(session_status)) {
+ if (session_expired && opcode == SMB2_OP_CREATE) {
+ req->compound_create_err = session_status;
+ }
return smbd_smb2_request_error(req, session_status);
}
}
@@ -3308,11 +3315,18 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
skipped_signing:
if (flags & SMB2_HDR_FLAG_CHAINED) {
+ if (!NT_STATUS_IS_OK(req->compound_create_err)) {
+ return smbd_smb2_request_error(req,
+ req->compound_create_err);
+ }
req->compound_related = true;
}
if (call->need_session) {
if (!NT_STATUS_IS_OK(session_status)) {
+ if (session_expired && opcode == SMB2_OP_CREATE) {
+ req->compound_create_err = session_status;
+ }
return smbd_smb2_request_error(req, session_status);
}
}
diff --git a/source4/torture/smb2/session.c b/source4/torture/smb2/session.c
index 2a3d0e6e853..ecaac76e6c3 100644
--- a/source4/torture/smb2/session.c
+++ b/source4/torture/smb2/session.c
@@ -1317,6 +1317,7 @@ static bool test_session_expire2i(struct torture_context *tctx,
char fname[256];
struct smb2_handle dh;
struct smb2_handle dh2;
+ struct smb2_handle relhandle = { .data = { UINT64_MAX, UINT64_MAX } };
struct smb2_handle _h1;
struct smb2_handle *h1 = NULL;
struct smb2_create io1;
@@ -1330,7 +1331,10 @@ static bool test_session_expire2i(struct torture_context *tctx,
struct smb2_ioctl ctl;
struct smb2_break oack;
struct smb2_lease_break_ack lack;
+ struct smb2_create cio;
struct smb2_find fnd;
+ struct smb2_close cl;
+ struct smb2_request *reqs[3] = { NULL, };
union smb_search_data *d = NULL;
unsigned int count;
struct smb2_request *req = NULL;
@@ -1562,6 +1566,58 @@ static bool test_session_expire2i(struct torture_context *tctx,
ret, done, "smb2_find_level "
"returned unexpected status");
+ /* Now do a compound open + query directory + close handle. */
+ smb2_transport_compound_start(tree->session->transport, 3);
+ torture_comment(tctx, "Compound: Open+QueryDirectory+Close => EXPIRED\n");
+
+ ZERO_STRUCT(cio);
+ cio.in.oplock_level = 0;
+ cio.in.desired_access = SEC_STD_SYNCHRONIZE | SEC_DIR_READ_ATTRIBUTE | SEC_DIR_LIST;
+ cio.in.file_attributes = 0;
+ cio.in.create_disposition = NTCREATEX_DISP_OPEN;
+ cio.in.share_access = NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE;
+ cio.in.create_options = NTCREATEX_OPTIONS_ASYNC_ALERT;
+ cio.in.fname = "";
+
+ reqs[0] = smb2_create_send(tree, &cio);
+ torture_assert_not_null_goto(tctx, reqs[0], ret, done,
+ "smb2_create_send failed\n");
+
+ smb2_transport_compound_set_related(tree->session->transport, true);
+
+ ZERO_STRUCT(fnd);
+ fnd.in.file.handle = relhandle;
+ fnd.in.pattern = "*";
+ fnd.in.continue_flags = SMB2_CONTINUE_FLAG_SINGLE;
+ fnd.in.max_response_size= 0x100;
+ fnd.in.level = SMB2_FIND_BOTH_DIRECTORY_INFO;
+
+ reqs[1] = smb2_find_send(tree, &fnd);
+ torture_assert_not_null_goto(tctx, reqs[1], ret, done,
+ "smb2_find_send failed\n");
+
+ ZERO_STRUCT(cl);
+ cl.in.file.handle = relhandle;
+ reqs[2] = smb2_close_send(tree, &cl);
+ torture_assert_not_null_goto(tctx, reqs[2], ret, done,
+ "smb2_close_send failed\n");
+
+ status = smb2_create_recv(reqs[0], tree, &cio);
+ torture_assert_ntstatus_equal_goto(tctx, status,
+ NT_STATUS_NETWORK_SESSION_EXPIRED,
+ ret, done, "smb2_create "
+ "returned unexpected status");
+ status = smb2_find_recv(reqs[1], tree, &fnd);
+ torture_assert_ntstatus_equal_goto(tctx, status,
+ NT_STATUS_NETWORK_SESSION_EXPIRED,
+ ret, done, "smb2_find "
+ "returned unexpected status");
+ status = smb2_close_recv(reqs[2], &cl);
+ torture_assert_ntstatus_equal_goto(tctx, status,
+ NT_STATUS_NETWORK_SESSION_EXPIRED,
+ ret, done, "smb2_close "
+ "returned unexpected status");
+
torture_comment(tctx, "1st notify => CANCEL\n");
smb2_cancel(req);
--
Samba Shared Repository
More information about the samba-cvs
mailing list