[SCM] Samba Shared Repository - branch v4-21-test updated

Jule Anger janger at samba.org
Tue Aug 20 09:05:01 UTC 2024


The branch, v4-21-test has been updated
       via  38055454914 s3:smb2_server: return NT_STATUS_NETWORK_SESSION_EXPIRED for compound requests
       via  64416b69784 s4:torture/smb2: let smb2.session.expire2* also check compound requests
       via  294f9e47a3b s3:libads: Do not print error message for a default configuration
       via  fcca9820023 docs-xml: Fix script location in syncmachinepasswordscript.xml
       via  c7e6ec6bae8 source3/script: Fix installation of winbind_ctdb_updatekeytab.sh
       via  12084aa1bda WHATSNEW: update "New cephfs VFS module" section
      from  cf4feb17783 VERSION: Bump version up to Samba 4.21.0rc3...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-21-test


- Log -----------------------------------------------------------------
commit 3805545491419cf9a0ff7f0d2b45384c1adc14bf
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Aug 13 14:07:06 2024 +0200

    s3:smb2_server: return NT_STATUS_NETWORK_SESSION_EXPIRED for compound requests
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15696
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Tue Aug 13 22:29:28 UTC 2024 on atb-devel-224
    
    (cherry picked from commit 4df1bfd07012dd3d2d2921281e6d6e309303b88d)
    
    Autobuild-User(v4-21-test): Jule Anger <janger at samba.org>
    Autobuild-Date(v4-21-test): Tue Aug 20 09:04:48 UTC 2024 on atb-devel-224

commit 64416b69784c7f2df44f930d1e9d925573138632
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Aug 13 12:47:59 2024 +0200

    s4:torture/smb2: let smb2.session.expire2* also check compound requests
    
    This shows that all compound related requests should get
    NT_STATUS_NETWORK_SESSION_EXPIRED.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15696
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit f6009aa73b9234df1e6ab689de322487ad1394ed)

commit 294f9e47a3b064e6f0a7a7b95ce79379c5a66f7f
Author: Pavel Filipenský <pfilipensky at samba.org>
Date:   Fri Aug 16 16:37:32 2024 +0200

    s3:libads: Do not print error message for a default configuration
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
    
    Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    
    Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
    Autobuild-Date(master): Mon Aug 19 13:21:08 UTC 2024 on atb-devel-224
    
    (cherry picked from commit f1cd250a6fd7e0571bd22493c838d6c12c2adf5b)

commit fcca98200237f556a8aaa046f0f8d2d75608292d
Author: Anoop C S <anoopcs at samba.org>
Date:   Wed Aug 14 19:49:04 2024 +0530

    docs-xml: Fix script location in syncmachinepasswordscript.xml
    
    Update the change in installation path for winbind_ctdb_updatekeytab.sh
    from SAMBA_DATADIR to newly defined CTDB_DATADIR.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
    Signed-off-by: Anoop C S <anoopcs at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
    
    Autobuild-User(master): Anoop C S <anoopcs at samba.org>
    Autobuild-Date(master): Fri Aug 16 09:49:30 UTC 2024 on atb-devel-224
    
    (cherry picked from commit 31c9352099f5efeb88d27c603ec2dbfaf98b300d)

commit c7e6ec6bae81fb663e5d8a69e7d86a740ef56913
Author: Anoop C S <anoopcs at samba.org>
Date:   Wed Aug 14 19:47:35 2024 +0530

    source3/script: Fix installation of winbind_ctdb_updatekeytab.sh
    
    winbind_ctdb_updatekeytab.sh assumes the presence `onnode` utility to
    execute `net ads` command on all nodes in the cluster. But `onnode`
    is only built when configured with clustering support. Therefore perform
    the script installation only with ctdb configuration. Also fix the
    installation path to /usr/share/ctdb/scripts.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
    Signed-off-by: Anoop C S <anoopcs at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
    (cherry picked from commit 3929fdae1a13ab029e173ce53598d3fa6cf40e9c)

commit 12084aa1bda8ac1c624d71fb6003e1bc5e669d5f
Author: Shachar Sharon <ssharon at redhat.com>
Date:   Wed Aug 14 17:44:48 2024 +0300

    WHATSNEW: update "New cephfs VFS module" section
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
    
    Signed-off-by: Shachar Sharon <ssharon at redhat.com>

-----------------------------------------------------------------------

Summary of changes:
 WHATSNEW.txt                                       | 10 ++++
 docs-xml/generate-pathconf-entities.sh             |  1 +
 .../security/syncmachinepasswordscript.xml         |  4 +-
 dynconfig/wscript                                  |  5 ++
 source3/libads/kerberos_keytab.c                   |  5 +-
 source3/script/wscript_build                       |  4 +-
 source3/smbd/smb2_server.c                         | 16 ++++++-
 source4/torture/smb2/session.c                     | 56 ++++++++++++++++++++++
 8 files changed, 95 insertions(+), 6 deletions(-)


Changeset truncated at 500 lines:

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index c42c8cdb142..86ee75d6c3c 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -238,6 +238,16 @@ nodes.  Check in smb.conf(5) the scripts winbind_ctdb_updatekeytab.sh and
 
 For detailed information check the smb.conf(5) and net(8) manpages.
 
+New cephfs VFS module
+---------------------
+Introduce new vfs-to-cephfs bridge which uses libcephfs low-level APIs (instead
+of path-based operations in the existing module). It allows users to pass
+explicit user-credentials per call (including supplementary groups), as well as
+faster operations using inode and file-handle caching on the Samba side.
+Configuration is identical to existing module, but using 'ceph_new' instead of
+'ceph' for the relevant smb.conf entries. This new module is expected to
+deprecate and replace the old one in next major release.
+
 
 REMOVED FEATURES
 ================
diff --git a/docs-xml/generate-pathconf-entities.sh b/docs-xml/generate-pathconf-entities.sh
index 6c0c31a3522..1b689a8a23f 100755
--- a/docs-xml/generate-pathconf-entities.sh
+++ b/docs-xml/generate-pathconf-entities.sh
@@ -17,5 +17,6 @@ echo "
 <!ENTITY pathconfig.NTP_SIGND_SOCKET_DIR '\${prefix}/var/lib/ntp_signd'>
 <!ENTITY pathconfig.MITKDCPATH           '\${prefix}/sbin/krb5kdc'>
 <!ENTITY pathconfig.SAMBA_DATADIR        '\${prefix}/var/samba'>
+<!ENTITY pathconfig.CTDB_DATADIR         '\${prefix}/share/ctdb'>
 <!ENTITY pathconfig.CONFIGFILE           '\${prefix}/etc/smb.conf'>
 "
diff --git a/docs-xml/smbdotconf/security/syncmachinepasswordscript.xml b/docs-xml/smbdotconf/security/syncmachinepasswordscript.xml
index 9a7731930d5..df98610cf36 100644
--- a/docs-xml/smbdotconf/security/syncmachinepasswordscript.xml
+++ b/docs-xml/smbdotconf/security/syncmachinepasswordscript.xml
@@ -11,7 +11,7 @@
 
     <para>
     If keytabs should be generated in clustered environments it is recommended to update them on all nodes.
-    You can set the config option to &pathconfig.SAMBA_DATADIR;/scripts/winbind_ctdb_updatekeytab.sh in clustering case.
+    You can set the config option to &pathconfig.CTDB_DATADIR;/scripts/winbind_ctdb_updatekeytab.sh in clustering case.
     It is also needed to activate the <constant>46.update-keytabs.script</constant> in ctdb,
     it re-creates the keytab during the ctdb recovered event:
     <programlisting>
@@ -22,5 +22,5 @@
 </description>
 
 <value type="default"/>
-<value type="example">&pathconfig.SAMBA_DATADIR;/scripts/winbind_ctdb_updatekeytab.sh</value>
+<value type="example">&pathconfig.CTDB_DATADIR;/scripts/winbind_ctdb_updatekeytab.sh</value>
 </samba:parameter>
diff --git a/dynconfig/wscript b/dynconfig/wscript
index 2041d881546..a784dac4e6c 100644
--- a/dynconfig/wscript
+++ b/dynconfig/wscript
@@ -105,6 +105,11 @@ dynconfig = {
          'FHS-PATH':  '${DATADIR}',
          'OVERWRITE': True,
     },
+    'CTDB_DATADIR' : {
+         'STD-PATH':  '${DATADIR}/ctdb',
+         'FHS-PATH':  '${DATADIR}/ctdb',
+         'OVERWRITE': True,
+    },
     'SAMBA_DATADIR' : {
          'STD-PATH':  '${DATADIR}/samba',
          'FHS-PATH':  '${DATADIR}/samba',
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index e2fcee634b4..6ede567b75f 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -838,8 +838,9 @@ static bool pw2kt_default_keytab_name(char *name_str, size_t name_size)
 		break;
 
 	default:
-		DBG_ERR("Invalid kerberos method set (%d)\n",
-			lp_kerberos_method());
+		DBG_NOTICE("'kerberos method' is 'secrets only' but "
+			   "'sync machine password to keytab' is not set "
+			   "==> no keytab will be generated.\n");
 		return false;
 	}
 
diff --git a/source3/script/wscript_build b/source3/script/wscript_build
index 2b0643b0876..bc451497298 100644
--- a/source3/script/wscript_build
+++ b/source3/script/wscript_build
@@ -6,7 +6,9 @@ bld.INSTALL_FILES('${BINDIR}',
 	          'smbtar',
                   chmod=MODE_755, flat=True)
 bld.INSTALL_FILES('${BINDIR}', 'samba-log-parser', chmod=MODE_755, flat=True)
-bld.INSTALL_FILES('${DATADIR}', 'winbind_ctdb_updatekeytab.sh', chmod=MODE_755, flat=True)
+if conf.env.with_ctdb:
+    bld.INSTALL_FILES(bld.env.CTDB_DATADIR+"/scripts",
+                      'winbind_ctdb_updatekeytab.sh', chmod=MODE_755, flat=True)
 
 # Callout scripts for use in selftest environment
 bld.SAMBA_SCRIPT('smbaddshare', pattern='smbaddshare', installdir='.')
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index a32044d9357..b37829e8c4f 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -3050,6 +3050,7 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
 	bool signing_required = false;
 	bool encryption_desired = false;
 	bool encryption_required = false;
+	bool session_expired = false;
 
 	inhdr = SMBD_SMB2_IN_HDR_PTR(req);
 
@@ -3098,6 +3099,9 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
 		signing_required = x->global->signing_flags & SMBXSRV_SIGNING_REQUIRED;
 		encryption_desired = x->global->encryption_flags & SMBXSRV_ENCRYPTION_DESIRED;
 		encryption_required = x->global->encryption_flags & SMBXSRV_ENCRYPTION_REQUIRED;
+		session_expired =
+			NT_STATUS_EQUAL(session_status,
+					NT_STATUS_NETWORK_SESSION_EXPIRED);
 	}
 
 	req->async_internal = false;
@@ -3171,7 +3175,7 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
 		 * This check is mostly for giving the correct error code
 		 * for compounded requests.
 		 */
-		if (!NT_STATUS_IS_OK(session_status)) {
+		if (!session_expired && !NT_STATUS_IS_OK(session_status)) {
 			return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
 		}
 	} else {
@@ -3257,6 +3261,9 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
 		}
 
 		if (!NT_STATUS_IS_OK(session_status)) {
+			if (session_expired && opcode == SMB2_OP_CREATE) {
+				req->compound_create_err = session_status;
+			}
 			return smbd_smb2_request_error(req, session_status);
 		}
 	}
@@ -3308,11 +3315,18 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
 skipped_signing:
 
 	if (flags & SMB2_HDR_FLAG_CHAINED) {
+		if (!NT_STATUS_IS_OK(req->compound_create_err)) {
+			return smbd_smb2_request_error(req,
+					req->compound_create_err);
+		}
 		req->compound_related = true;
 	}
 
 	if (call->need_session) {
 		if (!NT_STATUS_IS_OK(session_status)) {
+			if (session_expired && opcode == SMB2_OP_CREATE) {
+				req->compound_create_err = session_status;
+			}
 			return smbd_smb2_request_error(req, session_status);
 		}
 	}
diff --git a/source4/torture/smb2/session.c b/source4/torture/smb2/session.c
index 2a3d0e6e853..ecaac76e6c3 100644
--- a/source4/torture/smb2/session.c
+++ b/source4/torture/smb2/session.c
@@ -1317,6 +1317,7 @@ static bool test_session_expire2i(struct torture_context *tctx,
 	char fname[256];
 	struct smb2_handle dh;
 	struct smb2_handle dh2;
+	struct smb2_handle relhandle = { .data = { UINT64_MAX, UINT64_MAX } };
 	struct smb2_handle _h1;
 	struct smb2_handle *h1 = NULL;
 	struct smb2_create io1;
@@ -1330,7 +1331,10 @@ static bool test_session_expire2i(struct torture_context *tctx,
 	struct smb2_ioctl ctl;
 	struct smb2_break oack;
 	struct smb2_lease_break_ack lack;
+	struct smb2_create cio;
 	struct smb2_find fnd;
+	struct smb2_close cl;
+	struct smb2_request *reqs[3] = { NULL, };
 	union smb_search_data *d = NULL;
 	unsigned int count;
 	struct smb2_request *req = NULL;
@@ -1562,6 +1566,58 @@ static bool test_session_expire2i(struct torture_context *tctx,
 				ret, done, "smb2_find_level "
 				"returned unexpected status");
 
+	/* Now do a compound open + query directory + close handle. */
+	smb2_transport_compound_start(tree->session->transport, 3);
+	torture_comment(tctx, "Compound: Open+QueryDirectory+Close => EXPIRED\n");
+
+	ZERO_STRUCT(cio);
+	cio.in.oplock_level = 0;
+	cio.in.desired_access = SEC_STD_SYNCHRONIZE | SEC_DIR_READ_ATTRIBUTE | SEC_DIR_LIST;
+	cio.in.file_attributes   = 0;
+	cio.in.create_disposition = NTCREATEX_DISP_OPEN;
+	cio.in.share_access = NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE;
+	cio.in.create_options = NTCREATEX_OPTIONS_ASYNC_ALERT;
+	cio.in.fname = "";
+
+	reqs[0] = smb2_create_send(tree, &cio);
+	torture_assert_not_null_goto(tctx, reqs[0], ret, done,
+		"smb2_create_send failed\n");
+
+	smb2_transport_compound_set_related(tree->session->transport, true);
+
+	ZERO_STRUCT(fnd);
+	fnd.in.file.handle	= relhandle;
+	fnd.in.pattern		= "*";
+	fnd.in.continue_flags	= SMB2_CONTINUE_FLAG_SINGLE;
+	fnd.in.max_response_size= 0x100;
+	fnd.in.level		= SMB2_FIND_BOTH_DIRECTORY_INFO;
+
+	reqs[1] = smb2_find_send(tree, &fnd);
+	torture_assert_not_null_goto(tctx, reqs[1], ret, done,
+		"smb2_find_send failed\n");
+
+	ZERO_STRUCT(cl);
+	cl.in.file.handle = relhandle;
+	reqs[2] = smb2_close_send(tree, &cl);
+	torture_assert_not_null_goto(tctx, reqs[2], ret, done,
+		"smb2_close_send failed\n");
+
+	status = smb2_create_recv(reqs[0], tree, &cio);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+				NT_STATUS_NETWORK_SESSION_EXPIRED,
+				ret, done, "smb2_create "
+				"returned unexpected status");
+	status = smb2_find_recv(reqs[1], tree, &fnd);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+				NT_STATUS_NETWORK_SESSION_EXPIRED,
+				ret, done, "smb2_find "
+				"returned unexpected status");
+	status = smb2_close_recv(reqs[2], &cl);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+				NT_STATUS_NETWORK_SESSION_EXPIRED,
+				ret, done, "smb2_close "
+				"returned unexpected status");
+
 	torture_comment(tctx, "1st notify => CANCEL\n");
 	smb2_cancel(req);
 


-- 
Samba Shared Repository



More information about the samba-cvs mailing list