[SCM] Samba Shared Repository - branch v4-18-test updated

Jule Anger janger at samba.org
Mon Jan 22 10:10:01 UTC 2024 

The branch, v4-18-test has been updated
       via  e6745b15107 s3:passdb: smbpasswd reset permissions only if not 0600
       via  161efeac21d system.c: fix fake directory create times
       via  0d75a9acaf3 time.c: fix ctime which was feeded with the mtime seconds
      from  ee2df0bbb34 smbd: move access override for previous versions to the SMB layer

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-18-test


- Log -----------------------------------------------------------------
commit e6745b151074c620fe5d102b0b5f0c47023e12e1
Author: Jones Syue <jonessyue at qnap.com>
Date:   Fri Jan 12 11:52:34 2024 +0800

    s3:passdb: smbpasswd reset permissions only if not 0600
    
    Browsing files or download files from samba server, smbd would check user's
    id to decide whether this user could access these files, by lookup user's
    information from the password file (e.g. /usr/local/samba/private/smbpasswd).
    smbd might goes through startsmbfilepwent(), this api calls [f]chmod() to
    make sure the password file has valid permissions 0600.
    
    Consider a scenario: we are doing a read performance benchmark about
    downloading a bunch of files (e.g. a thousand files) from a samba server,
    monitoring file system i/o activities counters, and expecting that should
    be only read operations on file system because this is just downloading, no
    uploading is involved. But actually found that still write operations on file
    system, because smbd lookup user and always reset 0600 permissions on password
    file while access each file, it makes dirty pages (inode modification) in ram,
    later triggered a kernel journal daemon to sync dirty pages into back storage
    (e.g. ext3 kjournald, or ext4 jbd2).
    This looks like not friendly for read performance benchmark if it happened on
    an entry-level systems with much less memory and limited computation power,
    because dirty pages syncing in the meantime slows down read performance.
    
    This patch adds fstat() before [f]chmod(), it would check whether password
    file has valid permissions 0600 or not. If 0600 smbd would bypass [f]chmod()
    to avoid making dirty pages on file systems. If not 0600 smbd would warn and
    go through [f]chmod() to set valid permissions 0600 to password file as
    earlier days.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15555
    
    Signed-off-by: Jones Syue <jonessyue at qnap.com>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    
    Autobuild-User(master): Volker Lendecke <vl at samba.org>
    Autobuild-Date(master): Thu Jan 18 10:28:19 UTC 2024 on atb-devel-224
    
    (cherry picked from commit c82a267b2a1b7617e818548aa486b7cfbda74657)
    
    Autobuild-User(v4-18-test): Jule Anger <janger at samba.org>
    Autobuild-Date(v4-18-test): Mon Jan 22 10:09:52 UTC 2024 on atb-devel-224

commit 161efeac21dd2d4f36d72b50c25f1e4b434c15a7
Author: Bjoern Jacke <bj at sernet.de>
Date:   Mon Jan 8 15:04:12 2024 +0000

    system.c: fix fake directory create times
    
    This was broken by c9c3d4312d7281904fc back in 2009 already.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12421
    
    Signed-off-by: Bjoern Jacke <bjacke at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    (cherry picked from commit 56c3dbc2ff8531772bf79eb9da3497767a20ce6f)

commit 0d75a9acaf31aecbe3d0f5409350ddcadfd8e00a
Author: Björn Jacke <bjacke at samba.org>
Date:   Sun Jan 7 05:09:58 2024 +0100

    time.c: fix ctime which was feeded with the mtime seconds
    
    This bug was introduced with 53a1d034f3e47ed3c in 2020.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15550
    
    Signed-off-by: Bjoern Jacke <bjacke at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    (cherry picked from commit 2df2e34c3c1ccf76bbcc78586cbbb6433b6d30d5)

-----------------------------------------------------------------------

Summary of changes:
 lib/util/time.c                |  2 +-
 source3/lib/system.c           |  1 +
 source3/passdb/pdb_smbpasswd.c | 36 ++++++++++++++++++++++++++++--------
 3 files changed, 30 insertions(+), 9 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/util/time.c b/lib/util/time.c
index 773fd611a33..bc1ea5f6473 100644
--- a/lib/util/time.c
+++ b/lib/util/time.c
@@ -1450,7 +1450,7 @@ struct timespec get_ctimespec(const struct stat *pst)
 {
 	struct timespec ret;
 
-	ret.tv_sec = pst->st_mtime;
+	ret.tv_sec = pst->st_ctime;
 	ret.tv_nsec = get_ctimensec(pst);
 	return ret;
 }
diff --git a/source3/lib/system.c b/source3/lib/system.c
index 16fe3839446..5874afadd3c 100644
--- a/source3/lib/system.c
+++ b/source3/lib/system.c
@@ -186,6 +186,7 @@ static void make_create_timespec(const struct stat *pst, struct stat_ex *dst,
 	if (S_ISDIR(pst->st_mode) && fake_dir_create_times) {
 		dst->st_ex_btime.tv_sec = 315493200L;          /* 1/1/1980 */
 		dst->st_ex_btime.tv_nsec = 0;
+		return;
 	}
 
 	dst->st_ex_iflags &= ~ST_EX_IFLAG_CALCULATED_BTIME;
diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c
index 515e5f9f84d..fd611f614b8 100644
--- a/source3/passdb/pdb_smbpasswd.c
+++ b/source3/passdb/pdb_smbpasswd.c
@@ -192,6 +192,7 @@ static FILE *startsmbfilepwent(const char *pfile, enum pwf_access_type type, int
 	const char *open_mode = NULL;
 	int race_loop = 0;
 	int lock_type = F_RDLCK;
+	struct stat st;
 
 	if (!*pfile) {
 		DEBUG(0, ("startsmbfilepwent: No SMB password file set\n"));
@@ -324,19 +325,38 @@ Error was %s\n", pfile, strerror(errno)));
 	/* Set a buffer to do more efficient reads */
 	setvbuf(fp, (char *)NULL, _IOFBF, 1024);
 
-	/* Make sure it is only rw by the owner */
-#ifdef HAVE_FCHMOD
-	if(fchmod(fileno(fp), S_IRUSR|S_IWUSR) == -1) {
-#else
-	if(chmod(pfile, S_IRUSR|S_IWUSR) == -1) {
-#endif
-		DEBUG(0, ("startsmbfilepwent_internal: failed to set 0600 permissions on password file %s. \
-Error was %s\n.", pfile, strerror(errno) ));
+	/* Ensure we have a valid stat. */
+	if (fstat(fileno(fp), &st) != 0) {
+		DBG_ERR("Unable to fstat file %s. Error was %s\n",
+			pfile,
+			strerror(errno));
 		pw_file_unlock(fileno(fp), lock_depth);
 		fclose(fp);
 		return NULL;
 	}
 
+	/* If file has invalid permissions != 0600, then [f]chmod(). */
+	if ((st.st_mode & 0777) != (S_IRUSR|S_IWUSR)) {
+		DBG_WARNING("file %s has invalid permissions 0%o should "
+			    "be 0600.\n",
+			    pfile,
+			    (unsigned int)st.st_mode & 0777);
+		/* Make sure it is only rw by the owner */
+#ifdef HAVE_FCHMOD
+		if (fchmod(fileno(fp), S_IRUSR|S_IWUSR) == -1) {
+#else
+		if (chmod(pfile, S_IRUSR|S_IWUSR) == -1) {
+#endif
+			DBG_ERR("Failed to set 0600 permissions on password file %s. "
+				"Error was %s\n.",
+				pfile,
+				strerror(errno));
+			pw_file_unlock(fileno(fp), lock_depth);
+			fclose(fp);
+			return NULL;
+		}
+	}
+
 	/* We have a lock on the file. */
 	return fp;
 }


-- 
Samba Shared Repository

More information about the samba-cvs mailing list