import samba-4.15.3-0.el8

This commit is contained in:
CentOS Sources 2021-12-17 10:09:25 +00:00 committed by Stepan Oksanichenko
parent ac96d2f4b6
commit 3d4aa2683a
13 changed files with 89 additions and 2228 deletions

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/samba-4.15.2.tar.xz
SOURCES/samba-4.15.3.tar.xz
SOURCES/samba-pubkey_AA99442FB680B620.gpg

View File

@ -1,2 +1,2 @@
4ab5db6dd0103af6dce93c5931729849774aa45e SOURCES/samba-4.15.2.tar.xz
e778708ce1f39566d91d74dce8e9940b324d1ef1 SOURCES/samba-4.15.3.tar.xz
971f563c447eda8d144d6c9e743cd0f0488c0d9e SOURCES/samba-pubkey_AA99442FB680B620.gpg

View File

@ -1,668 +0,0 @@
From 05cbf6e66f6989e383904ac582dae9515ac3a838 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Thu, 21 Oct 2021 16:37:27 -0700
Subject: [PATCH 1/7] s3: smbd: Add two tests showing the ability to delete a
directory containing a dangling symlink over SMB2 depends on "delete veto
files" setting.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 942123b95923f35a32df4196a072a3ed3468396a)
---
selftest/knownfail.d/rmdir_dangle_symlink | 1 +
selftest/target/Samba3.pm | 4 +
.../test_delete_veto_files_only_rmdir.sh | 183 ++++++++++++++++++
source3/selftest/tests.py | 3 +
4 files changed, 191 insertions(+)
create mode 100644 selftest/knownfail.d/rmdir_dangle_symlink
create mode 100755 source3/script/tests/test_delete_veto_files_only_rmdir.sh
diff --git a/selftest/knownfail.d/rmdir_dangle_symlink b/selftest/knownfail.d/rmdir_dangle_symlink
new file mode 100644
index 00000000000..c775dc5fe15
--- /dev/null
+++ b/selftest/knownfail.d/rmdir_dangle_symlink
@@ -0,0 +1 @@
+^samba3.blackbox.test_dangle_rmdir.rmdir can delete directory containing dangling symlink\(fileserver\)
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 2fdab781fda..8ecfc1aaf82 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -1738,6 +1738,10 @@ sub setup_fileserver
veto files = /veto_name*/
delete veto files = yes
+[delete_veto_files_only]
+ path = $veto_sharedir
+ delete veto files = yes
+
[homes]
comment = Home directories
browseable = No
diff --git a/source3/script/tests/test_delete_veto_files_only_rmdir.sh b/source3/script/tests/test_delete_veto_files_only_rmdir.sh
new file mode 100755
index 00000000000..d2c3b2198f7
--- /dev/null
+++ b/source3/script/tests/test_delete_veto_files_only_rmdir.sh
@@ -0,0 +1,183 @@
+#!/bin/sh
+#
+# Check smbclient can (or cannot) delete a directory containing dangling symlinks.
+# BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
+#
+
+if [ $# -lt 6 ]; then
+cat <<EOF
+Usage: $0 SERVER SERVER_IP USERNAME PASSWORD SHAREPATH SMBCLIENT
+EOF
+exit 1;
+fi
+
+SERVER=${1}
+SERVER_IP=${2}
+USERNAME=${3}
+PASSWORD=${4}
+SHAREPATH=${5}
+SMBCLIENT=${6}
+shift 6
+SMBCLIENT="$VALGRIND ${SMBCLIENT}"
+ADDARGS="$@"
+
+incdir=$(dirname "$0")/../../../testprogs/blackbox
+. $incdir/subunit.sh
+
+failed=0
+
+rmdir_path="$SHAREPATH/dir"
+
+#
+# Using the share "[delete_veto_files_only]" we CAN delete
+# a directory containing only a dangling symlink.
+#
+test_dangle_symlink_delete_veto_rmdir()
+{
+ local dangle_symlink_path="$rmdir_path/bad_link"
+ local tmpfile=$PREFIX/smbclient.in.$$
+
+ # Create rmdir directory.
+ mkdir -p "$rmdir_path"
+ # Create dangling symlink underneath.
+ ln -s "nowhere-foo" "$dangle_symlink_path"
+
+ cat > "$tmpfile" <<EOF
+cd dir
+ls
+quit
+EOF
+
+ local cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT //$SERVER/delete_veto_files_only -U$USERNAME%$PASSWORD $ADDARGS < $tmpfile 2>&1'
+ eval echo "$cmd"
+ out=$(eval "$cmd")
+ ret=$?
+
+ # Check for smbclient error.
+ if [ $ret != 0 ] ; then
+ echo "Failed accessing share delete_veto_files_only - $ret"
+ echo "$out"
+ return 1
+ fi
+
+ # We should NOT see the dangling symlink file.
+ echo "$out" | grep bad_link
+ ret=$?
+ if [ $ret -eq 0 ] ; then
+ echo "Saw dangling symlink bad_link in share delete_veto_files_only"
+ echo "$out"
+ return 1
+ fi
+
+ # Try and remove the directory, should succeed.
+ cat > "$tmpfile" <<EOF
+rd dir
+quit
+EOF
+
+ local cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT //$SERVER/delete_veto_files_only -U$USERNAME%$PASSWORD $ADDARGS < $tmpfile 2>&1'
+ eval echo "$cmd"
+ out=$(eval "$cmd")
+ ret=$?
+
+ # Check for smbclient error.
+ if [ $ret != 0 ] ; then
+ echo "Failed accessing share delete_veto_files_only - $ret"
+ echo "$out"
+ return 1
+ fi
+
+ # We should get no NT_STATUS_ errors.
+ echo "$out" | grep NT_STATUS_
+ ret=$?
+ if [ $ret -eq 0 ] ; then
+ echo "Got error NT_STATUS_ in share delete_veto_files_only"
+ echo "$out"
+ return 1
+ fi
+
+ return 0
+}
+
+#
+# Using the share "[veto_files_nodelete]" we CANNOT delete
+# a directory containing only a dangling symlink.
+#
+test_dangle_symlink_veto_files_nodelete()
+{
+ local dangle_symlink_path="$rmdir_path/bad_link"
+ local tmpfile=$PREFIX/smbclient.in.$$
+
+ # Create rmdir directory.
+ mkdir -p "$rmdir_path"
+ # Create dangling symlink underneath.
+ ln -s "nowhere-foo" "$dangle_symlink_path"
+
+ cat > "$tmpfile" <<EOF
+cd dir
+ls
+quit
+EOF
+
+ local cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT //$SERVER/veto_files_nodelete -U$USERNAME%$PASSWORD $ADDARGS < $tmpfile 2>&1'
+ eval echo "$cmd"
+ out=$(eval "$cmd")
+ ret=$?
+
+ # Check for smbclient error.
+ if [ $ret != 0 ] ; then
+ echo "Failed accessing share veto_files_nodelete - $ret"
+ echo "$out"
+ return 1
+ fi
+
+ # We should NOT see the dangling symlink file.
+ echo "$out" | grep bad_link
+ ret=$?
+ if [ $ret -eq 0 ] ; then
+ echo "Saw dangling symlink bad_link in share veto_files_nodelete"
+ echo "$out"
+ return 1
+ fi
+
+ # Try and remove the directory, should fail with DIRECTORY_NOT_EMPTY.
+ cat > "$tmpfile" <<EOF
+rd dir
+quit
+EOF
+
+ local cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT //$SERVER/veto_files_nodelete -U$USERNAME%$PASSWORD $ADDARGS < $tmpfile 2>&1'
+ eval echo "$cmd"
+ out=$(eval "$cmd")
+ ret=$?
+
+ # Check for smbclient error.
+ if [ $ret != 0 ] ; then
+ echo "Failed accessing share veto_files_nodelete - $ret"
+ echo "$out"
+ return 1
+ fi
+
+ # We should get NT_STATUS_DIRECTORY_NOT_EMPTY errors.
+ echo "$out" | grep NT_STATUS_DIRECTORY_NOT_EMPTY
+ ret=$?
+ if [ $ret -ne 0 ] ; then
+ echo "Should get NT_STATUS_DIRECTORY_NOT_EMPTY in share veto_files_nodelete"
+ echo "$out"
+ return 1
+ fi
+
+ return 0
+}
+
+
+testit "rmdir can delete directory containing dangling symlink" \
+ test_dangle_symlink_delete_veto_rmdir || failed=$(expr "$failed" + 1)
+
+rm -rf "$rmdir_path"
+
+testit "rmdir cannot delete directory delete_veto_files_no containing dangling symlink" \
+ test_dangle_symlink_veto_files_nodelete || failed=$(expr "$failed" + 1)
+
+rm -rf "$rmdir_path"
+exit "$failed"
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 24c8e0a1960..e39009635a6 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -542,6 +542,9 @@ for env in ["fileserver"]:
plantestsuite("samba3.blackbox.test_veto_rmdir", env,
[os.path.join(samba3srcdir, "script/tests/test_veto_rmdir.sh"),
'$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$LOCAL_PATH/veto', smbclient3])
+ plantestsuite("samba3.blackbox.test_dangle_rmdir", env,
+ [os.path.join(samba3srcdir, "script/tests/test_delete_veto_files_only_rmdir.sh"),
+ '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$LOCAL_PATH/veto', smbclient3])
#
# tar command tests
--
2.30.2
From 5530e76aa6255c2b210978c07dd4b859373ded64 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 25 Oct 2021 12:01:58 -0700
Subject: [PATCH 2/7] s3: VFS: streams_depot. Allow unlinkat to cope with
dangling symlinks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 295d7d026babe3cd5123d0f53adcb16868907f05)
---
source3/modules/vfs_streams_depot.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/source3/modules/vfs_streams_depot.c b/source3/modules/vfs_streams_depot.c
index 973edeeda24..ae73ba965a5 100644
--- a/source3/modules/vfs_streams_depot.c
+++ b/source3/modules/vfs_streams_depot.c
@@ -823,6 +823,16 @@ static int streams_depot_unlink_internal(vfs_handle_struct *handle,
ret = SMB_VFS_NEXT_LSTAT(handle, full_fname);
} else {
ret = SMB_VFS_NEXT_STAT(handle, full_fname);
+ if (ret == -1 && (errno == ENOENT || errno == ELOOP)) {
+ if (VALID_STAT(smb_fname->st) &&
+ S_ISLNK(smb_fname->st.st_ex_mode)) {
+ /*
+ * Original name was a link - Could be
+ * trying to remove a dangling symlink.
+ */
+ ret = SMB_VFS_NEXT_LSTAT(handle, full_fname);
+ }
+ }
}
if (ret == -1) {
TALLOC_FREE(full_fname);
--
2.30.2
From 9938ef02b42f1578e758010b9c4b7a149a9d39c8 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 25 Oct 2021 12:02:43 -0700
Subject: [PATCH 3/7] s3: VFS: xattr_tdb. Allow unlinkat to cope with dangling
symlinks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit f254be19d6501a4f573843af97963e350a9ee2ed)
---
source3/modules/vfs_xattr_tdb.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/source3/modules/vfs_xattr_tdb.c b/source3/modules/vfs_xattr_tdb.c
index daa99b2cc3e..42c570b54b3 100644
--- a/source3/modules/vfs_xattr_tdb.c
+++ b/source3/modules/vfs_xattr_tdb.c
@@ -520,6 +520,16 @@ static int xattr_tdb_unlinkat(vfs_handle_struct *handle,
ret = SMB_VFS_NEXT_LSTAT(handle, full_fname);
} else {
ret = SMB_VFS_NEXT_STAT(handle, full_fname);
+ if (ret == -1 && (errno == ENOENT || errno == ELOOP)) {
+ if (VALID_STAT(smb_fname->st) &&
+ S_ISLNK(smb_fname->st.st_ex_mode)) {
+ /*
+ * Original name was a link - Could be
+ * trying to remove a dangling symlink.
+ */
+ ret = SMB_VFS_NEXT_LSTAT(handle, full_fname);
+ }
+ }
}
if (ret == -1) {
goto out;
--
2.30.2
From 38ca6d51a07b2ff26e6447846d62c72aabee3606 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 25 Oct 2021 12:21:37 -0700
Subject: [PATCH 4/7] s3: smbd: Fix rmdir_internals() to do an early return if
lp_delete_veto_files() is not set.
Fix the comments to match what the code actually does. The
exit at the end of the scan directory loop if we find a client
visible filename is a change in behavior, but the previous
behavior (not exist on visible filename, but delete it) was
a bug and in non-tested code. Now it's testd.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit a37d16e7c55f85e3f2c9c8614755ea6307092d5f)
---
source3/smbd/close.c | 36 ++++++++++++++++++++++--------------
1 file changed, 22 insertions(+), 14 deletions(-)
diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index 470ca7f1b6d..484442ddc17 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -965,8 +965,6 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct files_struct *fsp)
struct smb_filename *smb_dname = fsp->fsp_name;
struct smb_filename *parent_fname = NULL;
struct smb_filename *at_fname = NULL;
- const struct loadparm_substitution *lp_sub =
- loadparm_s3_global_substitution();
SMB_STRUCT_STAT st;
const char *dname = NULL;
char *talloced = NULL;
@@ -1026,9 +1024,7 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct files_struct *fsp)
return NT_STATUS_OK;
}
- if (!((errno == ENOTEMPTY) || (errno == EEXIST)) ||
- !*lp_veto_files(talloc_tos(), lp_sub, SNUM(conn)))
- {
+ if (!((errno == ENOTEMPTY) || (errno == EEXIST))) {
DEBUG(3,("rmdir_internals: couldn't remove directory %s : "
"%s\n", smb_fname_str_dbg(smb_dname),
strerror(errno)));
@@ -1036,11 +1032,21 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct files_struct *fsp)
return map_nt_error_from_unix(errno);
}
+ /*
+ * Here we know the initial directory unlink failed with
+ * ENOTEMPTY or EEXIST so we know there are objects within.
+ * If we don't have permission to delete files non
+ * visible to the client just fail the directory delete.
+ */
+
+ if (!lp_delete_veto_files(SNUM(conn))) {
+ errno = ENOTEMPTY;
+ goto err;
+ }
+
/*
* Check to see if the only thing in this directory are
- * vetoed files/directories. If so then delete them and
- * retry. If we fail to delete any of them (and we *don't*
- * do a recursive delete) then fail the rmdir.
+ * files non-visible to the client. If not, fail the delete.
*/
dir_hnd = OpenDir(talloc_tos(), conn, smb_dname, NULL, 0);
@@ -1133,16 +1139,18 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct files_struct *fsp)
continue;
}
+ /*
+ * We found a client visible name.
+ * We cannot delete this directory.
+ */
+ DBG_DEBUG("got name %s - "
+ "can't delete directory %s\n",
+ dname,
+ fsp_str_dbg(fsp));
TALLOC_FREE(talloced);
TALLOC_FREE(fullname);
TALLOC_FREE(smb_dname_full);
TALLOC_FREE(direntry_fname);
- }
-
- /* We only have veto files/directories.
- * Are we allowed to delete them ? */
-
- if (!lp_delete_veto_files(SNUM(conn))) {
errno = ENOTEMPTY;
goto err;
}
--
2.30.2
From a8bc5af4ded62d80dca97622f5c90b0ebab5c130 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 25 Oct 2021 12:32:29 -0700
Subject: [PATCH 5/7] s3: smbd: Fix logic in rmdir_internals() to cope with
dangling symlinks.
Still need to add the same logic in can_delete_directory_fsp()
before we can delete the knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 26fecad2e66e91a3913d88ee2e0889f266e91d89)
---
source3/smbd/close.c | 56 ++++++++++++++++++++++++++++++++++++++++----
1 file changed, 51 insertions(+), 5 deletions(-)
diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index 484442ddc17..7178257efcc 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -1103,15 +1103,61 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct files_struct *fsp)
goto err;
}
- /*
- * is_visible_fsp() always returns true
- * for the symlink/MSDFS case.
- */
if (S_ISLNK(smb_dname_full->st.st_ex_mode)) {
+ /* Could it be an msdfs link ? */
+ if (lp_host_msdfs() &&
+ lp_msdfs_root(SNUM(conn))) {
+ struct smb_filename *smb_atname;
+ smb_atname = synthetic_smb_fname(talloc_tos(),
+ dname,
+ NULL,
+ &smb_dname_full->st,
+ fsp->fsp_name->twrp,
+ fsp->fsp_name->flags);
+ if (smb_atname == NULL) {
+ TALLOC_FREE(talloced);
+ TALLOC_FREE(fullname);
+ TALLOC_FREE(smb_dname_full);
+ errno = ENOMEM;
+ goto err;
+ }
+ if (is_msdfs_link(fsp, smb_atname)) {
+ TALLOC_FREE(talloced);
+ TALLOC_FREE(fullname);
+ TALLOC_FREE(smb_dname_full);
+ TALLOC_FREE(smb_atname);
+ DBG_DEBUG("got msdfs link name %s "
+ "- can't delete directory %s\n",
+ dname,
+ fsp_str_dbg(fsp));
+ errno = ENOTEMPTY;
+ goto err;
+ }
+ TALLOC_FREE(smb_atname);
+ }
+
+ /* Not a DFS link - could it be a dangling symlink ? */
+ ret = SMB_VFS_STAT(conn, smb_dname_full);
+ if (ret == -1 && (errno == ENOENT || errno == ELOOP)) {
+ /*
+ * Dangling symlink.
+ * Allow delete as "delete veto files = yes"
+ */
+ TALLOC_FREE(talloced);
+ TALLOC_FREE(fullname);
+ TALLOC_FREE(smb_dname_full);
+ continue;
+ }
+
+ DBG_DEBUG("got symlink name %s - "
+ "can't delete directory %s\n",
+ dname,
+ fsp_str_dbg(fsp));
TALLOC_FREE(talloced);
TALLOC_FREE(fullname);
TALLOC_FREE(smb_dname_full);
- continue;
+ errno = ENOTEMPTY;
+ goto err;
}
/* Not a symlink, get a pathref. */
--
2.30.2
From a1fb0d7bcf0791066b23e909c4f3a7a89bab6034 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 25 Oct 2021 12:36:57 -0700
Subject: [PATCH 6/7] s3: smbd: Fix logic in can_delete_directory_fsp() to cope
with dangling symlinks.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit e9ef970eee5eca8ab3720279c54098e91d2dfda9)
---
selftest/knownfail.d/rmdir_dangle_symlink | 1 -
source3/smbd/dir.c | 55 ++++++++++++++++++++---
2 files changed, 49 insertions(+), 7 deletions(-)
delete mode 100644 selftest/knownfail.d/rmdir_dangle_symlink
diff --git a/selftest/knownfail.d/rmdir_dangle_symlink b/selftest/knownfail.d/rmdir_dangle_symlink
deleted file mode 100644
index c775dc5fe15..00000000000
--- a/selftest/knownfail.d/rmdir_dangle_symlink
+++ /dev/null
@@ -1 +0,0 @@
-^samba3.blackbox.test_dangle_rmdir.rmdir can delete directory containing dangling symlink\(fileserver\)
diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index 174f07b1159..4d61bb0d56d 100644
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -1922,16 +1922,59 @@ NTSTATUS can_delete_directory_fsp(files_struct *fsp)
break;
}
- /*
- * is_visible_fsp() always returns true
- * for the symlink/MSDFS case.
- */
-
if (S_ISLNK(smb_dname_full->st.st_ex_mode)) {
+ /* Could it be an msdfs link ? */
+ if (lp_host_msdfs() &&
+ lp_msdfs_root(SNUM(conn))) {
+ struct smb_filename *smb_dname;
+ smb_dname = synthetic_smb_fname(talloc_tos(),
+ dname,
+ NULL,
+ &smb_dname_full->st,
+ fsp->fsp_name->twrp,
+ fsp->fsp_name->flags);
+ if (smb_dname == NULL) {
+ TALLOC_FREE(talloced);
+ TALLOC_FREE(fullname);
+ TALLOC_FREE(smb_dname_full);
+ status = NT_STATUS_NO_MEMORY;
+ break;
+ }
+ if (is_msdfs_link(fsp, smb_dname)) {
+ TALLOC_FREE(talloced);
+ TALLOC_FREE(fullname);
+ TALLOC_FREE(smb_dname_full);
+ TALLOC_FREE(smb_dname);
+ DBG_DEBUG("got msdfs link name %s "
+ "- can't delete directory %s\n",
+ dname,
+ fsp_str_dbg(fsp));
+ status = NT_STATUS_DIRECTORY_NOT_EMPTY;
+ break;
+ }
+ TALLOC_FREE(smb_dname);
+ }
+ /* Not a DFS link - could it be a dangling symlink ? */
+ ret = SMB_VFS_STAT(conn, smb_dname_full);
+ if (ret == -1 && (errno == ENOENT || errno == ELOOP)) {
+ /*
+ * Dangling symlink.
+ * Allow if "delete veto files = yes"
+ */
+ if (lp_delete_veto_files(SNUM(conn))) {
+ TALLOC_FREE(talloced);
+ TALLOC_FREE(fullname);
+ TALLOC_FREE(smb_dname_full);
+ continue;
+ }
+ }
+ DBG_DEBUG("got symlink name %s - "
+ "can't delete directory %s\n",
+ dname,
+ fsp_str_dbg(fsp));
TALLOC_FREE(talloced);
TALLOC_FREE(fullname);
TALLOC_FREE(smb_dname_full);
- DBG_DEBUG("got name %s - can't delete\n", dname);
status = NT_STATUS_DIRECTORY_NOT_EMPTY;
break;
}
--
2.30.2
From 2a6f19df3f1588dbf60b86b520798b88861d2179 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 25 Oct 2021 12:42:02 -0700
Subject: [PATCH 7/7] s3: docs-xml: Clarify the "delete veto files" paramter.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Oct 29 14:57:14 UTC 2021 on sn-devel-184
(cherry picked from commit 0b818c6b77e972626d0b071bebcf4ce55619fb84)
---
docs-xml/smbdotconf/filename/deletevetofiles.xml | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/docs-xml/smbdotconf/filename/deletevetofiles.xml b/docs-xml/smbdotconf/filename/deletevetofiles.xml
index 581dc05396d..570d4ac60a0 100644
--- a/docs-xml/smbdotconf/filename/deletevetofiles.xml
+++ b/docs-xml/smbdotconf/filename/deletevetofiles.xml
@@ -4,9 +4,12 @@
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>This option is used when Samba is attempting to
- delete a directory that contains one or more vetoed directories
- (see the <smbconfoption name="veto files"/>
- option). If this option is set to <constant>no</constant> (the default) then if a vetoed
+ delete a directory that contains one or more vetoed files
+ or directories or non-visible files or directories (such
+ as dangling symlinks that point nowhere).
+ (see the <smbconfoption name="veto files"/>, <smbconfoption name="hide special files"/>,
+ <smbconfoption name="hide unreadable"/>, <smbconfoption name="hide unwriteable files"/>
+ options). If this option is set to <constant>no</constant> (the default) then if a vetoed
directory contains any non-vetoed files or directories then the
directory delete will fail. This is usually what you want.</para>
--
2.30.2

View File

@ -1,346 +0,0 @@
From 83499424ab011da66ded2df441277c2b89844c7b Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Thu, 21 Oct 2021 15:06:20 -0700
Subject: [PATCH 1/2] s3: smbd: Add two tests showing recursive directory
delete of a directory containing veto file and msdfs links over SMB2.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14878
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit ad0082d79a681b981154747dcde5713e1933b88f)
---
selftest/knownfail.d/veto_rmdir | 1 +
selftest/target/Samba3.pm | 16 ++
source3/script/tests/test_veto_rmdir.sh | 217 ++++++++++++++++++++++++
source3/selftest/tests.py | 3 +
4 files changed, 237 insertions(+)
create mode 100644 selftest/knownfail.d/veto_rmdir
create mode 100755 source3/script/tests/test_veto_rmdir.sh
diff --git a/selftest/knownfail.d/veto_rmdir b/selftest/knownfail.d/veto_rmdir
new file mode 100644
index 00000000000..ecced55d794
--- /dev/null
+++ b/selftest/knownfail.d/veto_rmdir
@@ -0,0 +1 @@
+^samba3.blackbox.test_veto_rmdir.rmdir can delete directory containing a veto file\(fileserver\)
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index fdbba8411bc..2fdab781fda 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -1614,6 +1614,9 @@ sub setup_fileserver
my $bad_iconv_sharedir="$share_dir/bad_iconv";
push(@dirs, $bad_iconv_sharedir);
+ my $veto_sharedir="$share_dir/veto";
+ push(@dirs,$veto_sharedir);
+
my $ip4 = Samba::get_ipv4_addr("FILESERVER");
my $fileserver_options = "
kernel change notify = yes
@@ -1722,6 +1725,19 @@ sub setup_fileserver
comment = smb username is [%U]
vfs objects =
+[veto_files_nodelete]
+ path = $veto_sharedir
+ read only = no
+ msdfs root = yes
+ veto files = /veto_name*/
+ delete veto files = no
+
+[veto_files_delete]
+ path = $veto_sharedir
+ msdfs root = yes
+ veto files = /veto_name*/
+ delete veto files = yes
+
[homes]
comment = Home directories
browseable = No
diff --git a/source3/script/tests/test_veto_rmdir.sh b/source3/script/tests/test_veto_rmdir.sh
new file mode 100755
index 00000000000..d3df8f1bba0
--- /dev/null
+++ b/source3/script/tests/test_veto_rmdir.sh
@@ -0,0 +1,217 @@
+#!/bin/sh
+#
+# Check smbclient can (or cannot) delete a directory containing veto files.
+# BUG: https://bugzilla.samba.org/show_bug.cgi?id=14878
+#
+
+if [ $# -lt 6 ]; then
+cat <<EOF
+Usage: $0 SERVER SERVER_IP USERNAME PASSWORD SHAREPATH SMBCLIENT
+EOF
+exit 1;
+fi
+
+SERVER=${1}
+SERVER_IP=${2}
+USERNAME=${3}
+PASSWORD=${4}
+SHAREPATH=${5}
+SMBCLIENT=${6}
+shift 6
+SMBCLIENT="$VALGRIND ${SMBCLIENT}"
+ADDARGS="$@"
+
+incdir=$(dirname "$0")/../../../testprogs/blackbox
+. "$incdir"/subunit.sh
+
+failed=0
+
+rmdir_path="$SHAREPATH/dir"
+
+test_veto_nodelete_rmdir()
+{
+ local veto_path="$rmdir_path/veto_name1"
+ local msdfs_link_path="$rmdir_path/dfs_link"
+ local tmpfile=$PREFIX/smbclient.in.$$
+
+ # Create rmdir directory.
+ mkdir -p "$rmdir_path"
+ # Create veto file underneath.
+ touch "$veto_path"
+ # Create msdfs link underneath.
+ ln -s "msdfs:$SERVER_IP\\ro-tmp" "$msdfs_link_path"
+
+ cat > "$tmpfile" <<EOF
+cd dir
+ls
+quit
+EOF
+
+ local cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT //$SERVER/veto_files_nodelete -U$USERNAME%$PASSWORD $ADDARGS < $tmpfile 2>&1'
+ eval echo "$cmd"
+ out=$(eval "$cmd")
+ ret=$?
+
+ # Check for smbclient error.
+ if [ $ret != 0 ] ; then
+ echo "Failed accessing share veto_files_nodelete - $ret"
+ echo "$out"
+ return 1
+ fi
+
+ # We should only see the dfs_link file.
+ echo "$out" | grep dfs_link
+ ret=$?
+ if [ $ret -ne 0 ] ; then
+ echo "Failed to see dfs_link in share veto_files_nodelete"
+ echo "$out"
+ return 1
+ fi
+
+ # Now remove the dfs_link file.
+ rm -rf "$msdfs_link_path"
+
+ # Try and remove the directory, should fail with NT_STATUS_DIRECTORY_NOT_EMPTY.
+ cat > "$tmpfile" <<EOF
+rd dir
+quit
+EOF
+
+ local cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT //$SERVER/veto_files_nodelete -U$USERNAME%$PASSWORD $ADDARGS < $tmpfile 2>&1'
+ eval echo "$cmd"
+ out=$(eval "$cmd")
+ ret=$?
+
+ # Check for smbclient error.
+ if [ $ret != 0 ] ; then
+ echo "Failed accessing share veto_files_nodelete - $ret"
+ echo "$out"
+ return 1
+ fi
+
+ # We should get NT_STATUS_DIRECTORY_NOT_EMPTY.
+ echo "$out" | grep NT_STATUS_DIRECTORY_NOT_EMPTY
+ ret=$?
+ if [ $ret -ne 0 ] ; then
+ echo "Failed to get error NT_STATUS_DIRECTORY_NOT_EMPTY in share veto_files_nodelete"
+ echo "$out"
+ return 1
+ fi
+
+ # remove the veto file - directory should now be empty.
+ rm -rf "$veto_path"
+
+ # Try and remove the directory, should now succeed.
+ cat > "$tmpfile" <<EOF
+rd dir
+quit
+EOF
+
+ local cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT //$SERVER/veto_files_nodelete -U$USERNAME%$PASSWORD $ADDARGS < $tmpfile 2>&1'
+ eval echo "$cmd"
+ out=$(eval "$cmd")
+ ret=$?
+
+ # Check for smbclient error.
+ if [ $ret != 0 ] ; then
+ echo "Failed accessing share veto_files_nodelete - $ret"
+ echo "$out"
+ return 1
+ fi
+
+ # We should get no NT_STATUS_ errors.
+ echo "$out" | grep NT_STATUS_
+ ret=$?
+ if [ $ret -eq 0 ] ; then
+ echo "Got error NT_STATUS_ in share veto_files_nodelete"
+ echo "$out"
+ return 1
+ fi
+
+ return 0
+}
+
+test_veto_delete_rmdir()
+{
+ local veto_path="$rmdir_path/veto_name1"
+ local msdfs_link_path="$rmdir_path/dfs_link"
+ local tmpfile=$PREFIX/smbclient.in.$$
+
+ # Create rmdir directory.
+ mkdir -p "$rmdir_path"
+ # Create veto file underneath.
+ touch "$veto_path"
+ # Create msdfs link underneath.
+ ln -s "msdfs:$SERVER_IP\\ro-tmp" "$msdfs_link_path"
+
+ cat > "$tmpfile" <<EOF
+cd dir
+ls
+quit
+EOF
+
+ local cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT //$SERVER/veto_files_delete -U$USERNAME%$PASSWORD $ADDARGS < $tmpfile 2>&1'
+ eval echo "$cmd"
+ out=$(eval "$cmd")
+ ret=$?
+
+ # Check for smbclient error.
+ if [ $ret != 0 ] ; then
+ echo "Failed accessing share veto_files_delete - $ret"
+ echo "$out"
+ return 1
+ fi
+
+ # We should only see the dfs_link file.
+ echo "$out" | grep dfs_link
+ ret=$?
+ if [ $ret -ne 0 ] ; then
+ echo "Failed to see dfs_link in share veto_files_delete"
+ echo "$out"
+ return 1
+ fi
+
+ # Now remove the dfs_link file.
+ rm -rf "$msdfs_link_path"
+
+ # Try and remove the directory, should now succeed.
+ cat > "$tmpfile" <<EOF
+rd dir
+quit
+EOF
+
+ local cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT //$SERVER/veto_files_delete -U$USERNAME%$PASSWORD $ADDARGS < $tmpfile 2>&1'
+ eval echo "$cmd"
+ out=$(eval "$cmd")
+ ret=$?
+
+ # Check for smbclient error.
+ if [ $ret != 0 ] ; then
+ echo "Failed accessing share veto_files_delete - $ret"
+ echo "$out"
+ return 1
+ fi
+
+ # We should get no NT_STATUS_ errors.
+ echo "$out" | grep NT_STATUS_
+ ret=$?
+ if [ $ret -eq 0 ] ; then
+ echo "Got error NT_STATUS_ in share veto_files_delete"
+ echo "$out"
+ return 1
+ fi
+
+ return 0
+}
+
+testit "rmdir cannot delete directory containing a veto file" \
+ test_veto_nodelete_rmdir || failed=$(expr "$failed" + 1)
+
+rm -rf "$rmdir_path"
+
+testit "rmdir can delete directory containing a veto file" \
+ test_veto_delete_rmdir || failed=$(expr "$failed" + 1)
+
+rm -rf "$rmdir_path"
+
+exit "$failed"
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index d8f0db69b8c..24c8e0a1960 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -539,6 +539,9 @@ for env in ["fileserver"]:
plantestsuite("samba3.blackbox.smbclient_iconv.CORE", env + "_smb1_done",
[os.path.join(samba3srcdir, "script/tests/test_smbclient_iconv.sh"),
'$SERVER', '$SERVER_IP', 'bad_iconv', '$USERNAME', '$PASSWORD', smbclient3, '-mCORE'])
+ plantestsuite("samba3.blackbox.test_veto_rmdir", env,
+ [os.path.join(samba3srcdir, "script/tests/test_veto_rmdir.sh"),
+ '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$LOCAL_PATH/veto', smbclient3])
#
# tar command tests
--
2.30.2
From d2d8a5b8df68a8adc0d7deb27f14f63e0ec7ae85 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Thu, 21 Oct 2021 16:18:24 -0700
Subject: [PATCH 2/2] s3: smbd: Fix recursive directory delete of a directory
containing veto file and msdfs links.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14878
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 73de1194c3c429ab93d722a852aa4f54213b112a)
---
selftest/knownfail.d/veto_rmdir | 1 -
source3/smbd/close.c | 2 +-
2 files changed, 1 insertion(+), 2 deletions(-)
delete mode 100644 selftest/knownfail.d/veto_rmdir
diff --git a/selftest/knownfail.d/veto_rmdir b/selftest/knownfail.d/veto_rmdir
deleted file mode 100644
index ecced55d794..00000000000
--- a/selftest/knownfail.d/veto_rmdir
+++ /dev/null
@@ -1 +0,0 @@
-^samba3.blackbox.test_veto_rmdir.rmdir can delete directory containing a veto file\(fileserver\)
diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index 191626557dc..470ca7f1b6d 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -1267,7 +1267,7 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct files_struct *fsp)
/* Retry the rmdir */
ret = SMB_VFS_UNLINKAT(conn,
- dirfsp,
+ parent_fname->fsp,
at_fname,
AT_REMOVEDIR);
--
2.30.2

View File

@ -1,41 +0,0 @@
From 2edaf32b4204b9fe363c441c25b6989fe76911a4 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 9 Nov 2021 20:50:20 +0100
Subject: [PATCH] s3:winbindd: fix "allow trusted domains = no" regression
add_trusted_domain() should only reject domains
based on is_allowed_domain(), which now also
checks "allow trusted domains = no", if we don't
have an explicit trust to the domain (SEC_CHAN_NULL).
We use at least SEC_CHAN_LOCAL for local domains like
BUILTIN.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14899
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Nov 10 11:21:31 UTC 2021 on sn-devel-184
(cherry picked from commit a7f6c60cb037b4bc9eee276236539b8282213935)
---
source3/winbindd/winbindd_util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 42ddbfd2f44..9d54e462c42 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -134,7 +134,7 @@ static NTSTATUS add_trusted_domain(const char *domain_name,
return NT_STATUS_INVALID_PARAMETER;
}
- if (!is_allowed_domain(domain_name)) {
+ if (secure_channel_type == SEC_CHAN_NULL && !is_allowed_domain(domain_name)) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
--
2.33.1

View File

@ -1,45 +0,0 @@
From 3fc4d1d3998f3956a84c855cb60a9dcb335e1f59 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <ab@samba.org>
Date: Fri, 12 Nov 2021 19:06:01 +0200
Subject: [PATCH] IPA DC: add missing checks
When introducing FreeIPA support, two places were forgotten:
- schannel gensec module needs to be aware of IPA DC
- _lsa_QueryInfoPolicy should treat IPA DC as PDC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14903
Signed-off-by: Alexander Bokovoy <ab@samba.org>
---
auth/gensec/schannel.c | 1 +
source3/rpc_server/lsa/srv_lsa_nt.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c
index 0cdae141ead..6ebbe8f3179 100644
--- a/auth/gensec/schannel.c
+++ b/auth/gensec/schannel.c
@@ -1080,6 +1080,7 @@ static NTSTATUS schannel_server_start(struct gensec_security *gensec_security)
case ROLE_DOMAIN_BDC:
case ROLE_DOMAIN_PDC:
case ROLE_ACTIVE_DIRECTORY_DC:
+ case ROLE_IPA_DC:
return NT_STATUS_OK;
default:
return NT_STATUS_NOT_IMPLEMENTED;
diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c
index 8d71b5252ab..ea92a22cbc9 100644
--- a/source3/rpc_server/lsa/srv_lsa_nt.c
+++ b/source3/rpc_server/lsa/srv_lsa_nt.c
@@ -683,6 +683,7 @@ NTSTATUS _lsa_QueryInfoPolicy(struct pipes_struct *p,
switch (lp_server_role()) {
case ROLE_DOMAIN_PDC:
case ROLE_DOMAIN_BDC:
+ case ROLE_IPA_DC:
name = get_global_sam_name();
sid = dom_sid_dup(p->mem_ctx, get_global_sam_sid());
if (!sid) {
--
2.33.1

View File

@ -1,981 +0,0 @@
From 96d6bd4feb27b9b003aac44ef2ab7ef0a288272d Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Wed, 10 Nov 2021 20:18:07 +0100
Subject: [PATCH 1/8] source3: move lib/substitute.c functions out of proto.h
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
Signed-off-by: Ralph Boehme <slow@samba.org>
---
source3/auth/auth_generic.c | 1 +
source3/auth/auth_ntlmssp.c | 1 +
source3/auth/auth_util.c | 1 +
source3/include/proto.h | 33 -----------
source3/lib/substitute.c | 1 +
source3/lib/substitute.h | 63 +++++++++++++++++++++
source3/modules/vfs_expand_msdfs.c | 1 +
source3/modules/vfs_full_audit.c | 1 +
source3/modules/vfs_recycle.c | 1 +
source3/modules/vfs_unityed_media.c | 1 +
source3/modules/vfs_virusfilter_utils.c | 1 +
source3/nmbd/nmbd.c | 1 +
source3/nmbd/nmbd_synclists.c | 1 +
source3/param/loadparm.c | 1 +
source3/passdb/passdb.c | 1 +
source3/passdb/pdb_ldap.c | 1 +
source3/printing/print_generic.c | 1 +
source3/printing/printing.c | 1 +
source3/rpc_server/lsa/srv_lsa_nt.c | 1 +
source3/rpc_server/netlogon/srv_netlog_nt.c | 1 +
source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 1 +
source3/smbd/ipc.c | 1 +
source3/smbd/lanman.c | 1 +
source3/smbd/message.c | 1 +
source3/smbd/msdfs.c | 1 +
source3/smbd/process.c | 1 +
source3/smbd/reply.c | 1 +
source3/smbd/server.c | 1 +
source3/smbd/service.c | 1 +
source3/smbd/sesssetup.c | 1 +
source3/smbd/share_access.c | 1 +
source3/smbd/smb2_server.c | 1 +
source3/smbd/smb2_sesssetup.c | 1 +
source3/smbd/trans2.c | 1 +
source3/smbd/uid.c | 1 +
source3/torture/torture.c | 1 +
source3/utils/net_sam.c | 1 +
source3/winbindd/wb_getpwsid.c | 1 +
source3/winbindd/winbindd.c | 1 +
39 files changed, 100 insertions(+), 33 deletions(-)
create mode 100644 source3/lib/substitute.h
diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c
index fc7a7549e8e..ff51307e43a 100644
--- a/source3/auth/auth_generic.c
+++ b/source3/auth/auth_generic.c
@@ -36,6 +36,7 @@
#include "auth/credentials/credentials.h"
#include "lib/param/loadparm.h"
#include "librpc/gen_ndr/dcerpc.h"
+#include "source3/lib/substitute.h"
static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx,
TALLOC_CTX *mem_ctx,
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index 676aa9d892c..f2deca09aa6 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -25,6 +25,7 @@
#include "auth.h"
#include "libcli/security/security.h"
#include "lib/util/tevent_ntstatus.h"
+#include "source3/lib/substitute.h"
NTSTATUS auth3_generate_session_info(struct auth4_context *auth_context,
TALLOC_CTX *mem_ctx,
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index dec854d85c3..4527dedc49d 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -38,6 +38,7 @@
#include "rpc_client/util_netlogon.h"
#include "source4/auth/auth.h"
#include "auth/auth_util.h"
+#include "source3/lib/substitute.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
diff --git a/source3/include/proto.h b/source3/include/proto.h
index eb45179aebb..a96c2c8d110 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -139,39 +139,6 @@ int smbrun_no_sanitize(const char *cmd, int *outfd, char * const *env);
int smbrun(const char *cmd, int *outfd, char * const *env);
int smbrunsecret(const char *cmd, const char *secret);
-/* The following definitions come from lib/substitute.c */
-
-bool set_local_machine_name(const char *local_name, bool perm);
-const char *get_local_machine_name(void);
-bool set_remote_machine_name(const char *remote_name, bool perm);
-const char *get_remote_machine_name(void);
-void sub_set_smb_name(const char *name);
-void set_current_user_info(const char *smb_name, const char *unix_name,
- const char *domain);
-void sub_set_socket_ids(const char *peeraddr, const char *peername,
- const char *sockaddr);
-const char *get_current_username(void);
-void standard_sub_basic(const char *smb_name, const char *domain_name,
- char *str, size_t len);
-char *talloc_sub_basic(TALLOC_CTX *mem_ctx, const char *smb_name,
- const char *domain_name, const char *str);
-char *talloc_sub_specified(TALLOC_CTX *mem_ctx,
- const char *input_string,
- const char *username,
- const char *grpname,
- const char *domain,
- uid_t uid,
- gid_t gid);
-char *talloc_sub_advanced(TALLOC_CTX *mem_ctx,
- const char *servicename, const char *user,
- const char *connectpath, gid_t gid,
- const char *str);
-char *talloc_sub_full(TALLOC_CTX *mem_ctx,
- const char *servicename, const char *user,
- const char *connectpath, gid_t gid,
- const char *smb_name, const char *domain_name,
- const char *str);
-
/* The following definitions come from lib/sysquotas.c */
int sys_get_quota(const char *path, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dp);
diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c
index b98a0acf1cb..a941b89f82a 100644
--- a/source3/lib/substitute.c
+++ b/source3/lib/substitute.c
@@ -20,6 +20,7 @@
#include "includes.h"
+#include "substitute.h"
#include "system/passwd.h"
#include "secrets.h"
#include "auth.h"
diff --git a/source3/lib/substitute.h b/source3/lib/substitute.h
new file mode 100644
index 00000000000..2056d163dd7
--- /dev/null
+++ b/source3/lib/substitute.h
@@ -0,0 +1,63 @@
+/*
+ Unix SMB/CIFS implementation.
+ string substitution functions
+ Copyright (C) Andrew Tridgell 1992-2000
+ Copyright (C) Gerald Carter 2006
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef SUBSTITUTE_H
+#define SUBSTITUTE_H
+
+bool set_local_machine_name(const char *local_name, bool perm);
+const char *get_local_machine_name(void);
+bool set_remote_machine_name(const char *remote_name, bool perm);
+const char *get_remote_machine_name(void);
+void sub_set_socket_ids(const char *peeraddr, const char *peername,
+ const char *sockaddr);
+void set_current_user_info(const char *smb_name,
+ const char *unix_name,
+ const char *domain);
+const char *get_current_username(void);
+void standard_sub_basic(const char *smb_name,
+ const char *domain_name,
+ char *str,
+ size_t len);
+char *talloc_sub_basic(TALLOC_CTX *mem_ctx,
+ const char *smb_name,
+ const char *domain_name,
+ const char *str);
+char *talloc_sub_specified(TALLOC_CTX *mem_ctx,
+ const char *input_string,
+ const char *username,
+ const char *grpname,
+ const char *domain,
+ uid_t uid,
+ gid_t gid);
+char *talloc_sub_advanced(TALLOC_CTX *ctx,
+ const char *servicename,
+ const char *user,
+ const char *connectpath,
+ gid_t gid,
+ const char *str);
+char *talloc_sub_full(TALLOC_CTX *ctx,
+ const char *servicename,
+ const char *user,
+ const char *connectpath,
+ gid_t gid,
+ const char *smb_name,
+ const char *domain_name,
+ const char *str);
+#endif
diff --git a/source3/modules/vfs_expand_msdfs.c b/source3/modules/vfs_expand_msdfs.c
index 34e7051dca5..fe3c6f47462 100644
--- a/source3/modules/vfs_expand_msdfs.c
+++ b/source3/modules/vfs_expand_msdfs.c
@@ -25,6 +25,7 @@
#include "auth.h"
#include "../lib/tsocket/tsocket.h"
#include "msdfs.h"
+#include "source3/lib/substitute.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_VFS
diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
index ceda99d4568..c8dbc8c07bb 100644
--- a/source3/modules/vfs_full_audit.c
+++ b/source3/modules/vfs_full_audit.c
@@ -73,6 +73,7 @@
#include "passdb/machine_sid.h"
#include "lib/util/tevent_ntstatus.h"
#include "lib/util/string_wrappers.h"
+#include "source3/lib/substitute.h"
static int vfs_full_audit_debug_level = DBGC_VFS;
diff --git a/source3/modules/vfs_recycle.c b/source3/modules/vfs_recycle.c
index 1c18f232c32..7cbc938a57c 100644
--- a/source3/modules/vfs_recycle.c
+++ b/source3/modules/vfs_recycle.c
@@ -27,6 +27,7 @@
#include "system/filesys.h"
#include "../librpc/gen_ndr/ndr_netlogon.h"
#include "auth.h"
+#include "source3/lib/substitute.h"
#define ALLOC_CHECK(ptr, label) do { if ((ptr) == NULL) { DEBUG(0, ("recycle.bin: out of memory!\n")); errno = ENOMEM; goto label; } } while(0)
diff --git a/source3/modules/vfs_unityed_media.c b/source3/modules/vfs_unityed_media.c
index 62a1456b996..fbd4d968172 100644
--- a/source3/modules/vfs_unityed_media.c
+++ b/source3/modules/vfs_unityed_media.c
@@ -62,6 +62,7 @@
#include "../lib/tsocket/tsocket.h"
#include "lib/util/smb_strtox.h"
#include <libgen.h>
+#include "source3/lib/substitute.h"
#define UM_PARAM_TYPE_NAME "unityed_media"
diff --git a/source3/modules/vfs_virusfilter_utils.c b/source3/modules/vfs_virusfilter_utils.c
index c7f8089ffc7..b8b44eb203b 100644
--- a/source3/modules/vfs_virusfilter_utils.c
+++ b/source3/modules/vfs_virusfilter_utils.c
@@ -25,6 +25,7 @@ struct iovec;
#include "lib/util/iov_buf.h"
#include <tevent.h>
#include "lib/tsocket/tsocket.h"
+#include "source3/lib/substitute.h"
int virusfilter_debug_class = DBGC_VFS;
diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c
index 44121e9915c..7470897587e 100644
--- a/source3/nmbd/nmbd.c
+++ b/source3/nmbd/nmbd.c
@@ -29,6 +29,7 @@
#include "util_cluster.h"
#include "lib/gencache.h"
#include "lib/global_contexts.h"
+#include "source3/lib/substitute.h"
int ClientNMB = -1;
int ClientDGRAM = -1;
diff --git a/source3/nmbd/nmbd_synclists.c b/source3/nmbd/nmbd_synclists.c
index a65cbb87e0e..d291927fbc8 100644
--- a/source3/nmbd/nmbd_synclists.c
+++ b/source3/nmbd/nmbd_synclists.c
@@ -33,6 +33,7 @@
#include "libsmb/clirap.h"
#include "../libcli/smb/smbXcli_base.h"
#include "lib/util/string_wrappers.h"
+#include "source3/lib/substitute.h"
struct sync_record {
struct sync_record *next, *prev;
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index f54c08cc4a5..b56fd20e410 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -76,6 +76,7 @@
#include "lib/crypto/gnutls_helpers.h"
#include "lib/util/string_wrappers.h"
#include "auth/credentials/credentials.h"
+#include "source3/lib/substitute.h"
#ifdef HAVE_SYS_SYSCTL_H
#include <sys/sysctl.h>
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 068c5a5ea70..863f260ea90 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -33,6 +33,7 @@
#include "auth/credentials/credentials.h"
#include "lib/param/param.h"
#include "lib/util/string_wrappers.h"
+#include "source3/lib/substitute.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_PASSDB
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index e6d8a84c60f..93da28b1941 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -56,6 +56,7 @@
#include "lib/util_sid_passdb.h"
#include "lib/util/smb_strtox.h"
#include "lib/util/string_wrappers.h"
+#include "source3/lib/substitute.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_PASSDB
diff --git a/source3/printing/print_generic.c b/source3/printing/print_generic.c
index 743c311bbd5..8798a4cf34a 100644
--- a/source3/printing/print_generic.c
+++ b/source3/printing/print_generic.c
@@ -20,6 +20,7 @@
#include "includes.h"
#include "printing.h"
#include "smbd/proto.h"
+#include "source3/lib/substitute.h"
extern userdom_struct current_user_info;
diff --git a/source3/printing/printing.c b/source3/printing/printing.c
index 499334df03f..67d798fbb21 100644
--- a/source3/printing/printing.c
+++ b/source3/printing/printing.c
@@ -40,6 +40,7 @@
#include "lib/util/string_wrappers.h"
#include "lib/global_contexts.h"
#include "source3/printing/rap_jobid.h"
+#include "source3/lib/substitute.h"
extern userdom_struct current_user_info;
diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c
index d6d606ddeca..57f981cb358 100644
--- a/source3/rpc_server/lsa/srv_lsa_nt.c
+++ b/source3/rpc_server/lsa/srv_lsa_nt.c
@@ -53,6 +53,7 @@
#include "librpc/rpc/dcesrv_core.h"
#include "librpc/rpc/dcerpc_helper.h"
#include "lib/param/loadparm.h"
+#include "source3/lib/substitute.h"
#include "lib/crypto/gnutls_helpers.h"
#include <gnutls/gnutls.h>
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index eaacd8dbc6a..2906fa3f30f 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -49,6 +49,7 @@
#include "lib/param/param.h"
#include "libsmb/dsgetdcname.h"
#include "lib/util/util_str_escape.h"
+#include "source3/lib/substitute.h"
extern userdom_struct current_user_info;
diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
index 8576e9d2ce2..fc27a459634 100644
--- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
@@ -42,6 +42,7 @@
#include "messages.h"
#include "serverid.h"
#include "lib/global_contexts.h"
+#include "source3/lib/substitute.h"
extern const struct generic_mapping file_generic_mapping;
diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index f1c8ea0c2ed..cf3b7c91c22 100644
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -29,6 +29,7 @@
#include "smbd/globals.h"
#include "smbprofile.h"
#include "rpc_server/srv_pipe_hnd.h"
+#include "source3/lib/substitute.h"
#define NERR_notsupported 50
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index 9194113e768..eb8148753b9 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -45,6 +45,7 @@
#include "rpc_server/rpc_ncacn_np.h"
#include "lib/util/string_wrappers.h"
#include "source3/printing/rap_jobid.h"
+#include "source3/lib/substitute.h"
#ifdef CHECK_TYPES
#undef CHECK_TYPES
diff --git a/source3/smbd/message.c b/source3/smbd/message.c
index b9728946889..7185bec1289 100644
--- a/source3/smbd/message.c
+++ b/source3/smbd/message.c
@@ -27,6 +27,7 @@
#include "smbd/smbd.h"
#include "smbd/globals.h"
#include "smbprofile.h"
+#include "source3/lib/substitute.h"
extern userdom_struct current_user_info;
diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c
index 995ed815d90..fd002e98071 100644
--- a/source3/smbd/msdfs.c
+++ b/source3/smbd/msdfs.c
@@ -34,6 +34,7 @@
#include "librpc/gen_ndr/ndr_dfsblobs.h"
#include "lib/tsocket/tsocket.h"
#include "lib/global_contexts.h"
+#include "source3/lib/substitute.h"
/**********************************************************************
Parse a DFS pathname of the form \hostname\service\reqpath
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index 03409742752..5015c143a04 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -46,6 +46,7 @@
#include "libcli/smb/smbXcli_base.h"
#include "lib/util/time_basic.h"
#include "smb1_utils.h"
+#include "source3/lib/substitute.h"
/* Internal message queue for deferred opens. */
struct pending_message_list {
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 042e7f2329e..f85d1122a07 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -50,6 +50,7 @@
#include "libcli/smb/smb2_posix.h"
#include "lib/util/string_wrappers.h"
#include "source3/printing/rap_jobid.h"
+#include "source3/lib/substitute.h"
/****************************************************************************
Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index d7f5b4b73c0..d02ff1bd883 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -60,6 +60,7 @@
#include "rpc_server/fssd.h"
#include "rpc_server/mdssd.h"
#include "lib/global_contexts.h"
+#include "source3/lib/substitute.h"
#ifdef CLUSTER_SUPPORT
#include "ctdb_protocol.h"
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index afdea38b016..ef7c14d92d0 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -34,6 +34,7 @@
#include "lib/afs/afs_funcs.h"
#include "lib/util_path.h"
#include "lib/util/string_wrappers.h"
+#include "source3/lib/substitute.h"
bool canonicalize_connect_path(connection_struct *conn)
{
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 2bd527ce80e..1705b8920b6 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -34,6 +34,7 @@
#include "auth/gensec/gensec.h"
#include "../libcli/smb/smb_signing.h"
#include "lib/util/string_wrappers.h"
+#include "source3/lib/substitute.h"
/****************************************************************************
Add the standard 'Samba' signature to the end of the session setup.
diff --git a/source3/smbd/share_access.c b/source3/smbd/share_access.c
index debe4fc6385..c44c4bd8c69 100644
--- a/source3/smbd/share_access.c
+++ b/source3/smbd/share_access.c
@@ -23,6 +23,7 @@
#include "../libcli/security/security.h"
#include "passdb/lookup_sid.h"
#include "auth.h"
+#include "source3/lib/substitute.h"
/*
* We dropped NIS support in 2021, but need to keep configs working.
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index f359db0729d..f6b376e5a07 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -33,6 +33,7 @@
#include "lib/util/iov_buf.h"
#include "auth.h"
#include "libcli/smb/smbXcli_base.h"
+#include "source3/lib/substitute.h"
#if defined(LINUX)
/* SIOCOUTQ TIOCOUTQ are the same */
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 38049e8535f..14b806bc007 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -28,6 +28,7 @@
#include "../lib/tsocket/tsocket.h"
#include "../libcli/security/security.h"
#include "../lib/util/tevent_ntstatus.h"
+#include "source3/lib/substitute.h"
#include "lib/crypto/gnutls_helpers.h"
#include <gnutls/gnutls.h>
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index cd6b61429c5..a86ac3228e3 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -45,6 +45,7 @@
#include "smb1_utils.h"
#include "libcli/smb/smb2_posix.h"
#include "lib/util/string_wrappers.h"
+#include "source3/lib/substitute.h"
#define DIR_ENTRY_SAFETY_MARGIN 4096
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index b0d7f21c200..52918c4f181 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -26,6 +26,7 @@
#include "passdb/lookup_sid.h"
#include "auth.h"
#include "../auth/auth_util.h"
+#include "source3/lib/substitute.h"
/* what user is current? */
extern struct current_user current_user;
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index 79a9c65073c..d3e0e3cf095 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -51,6 +51,7 @@
#include "lib/param/param.h"
#include "auth/gensec/gensec.h"
#include "lib/util/string_wrappers.h"
+#include "source3/lib/substitute.h"
#include <gnutls/gnutls.h>
#include <gnutls/crypto.h>
diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c
index 6a2c6c861f9..17cc47b2ddd 100644
--- a/source3/utils/net_sam.c
+++ b/source3/utils/net_sam.c
@@ -33,6 +33,7 @@
#include "idmap.h"
#include "lib/util/smb_strtox.h"
#include "lib/util/string_wrappers.h"
+#include "source3/lib/substitute.h"
/*
* Set a user's data
diff --git a/source3/winbindd/wb_getpwsid.c b/source3/winbindd/wb_getpwsid.c
index fb0351ec201..7f168bdda7a 100644
--- a/source3/winbindd/wb_getpwsid.c
+++ b/source3/winbindd/wb_getpwsid.c
@@ -22,6 +22,7 @@
#include "librpc/gen_ndr/ndr_winbind_c.h"
#include "../libcli/security/security.h"
#include "lib/util/string_wrappers.h"
+#include "source3/lib/substitute.h"
struct wb_getpwsid_state {
struct tevent_context *ev;
diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
index 25d8b723010..290454619a4 100644
--- a/source3/winbindd/winbindd.c
+++ b/source3/winbindd/winbindd.c
@@ -51,6 +51,7 @@
#include "lib/gencache.h"
#include "rpc_server/rpc_config.h"
#include "lib/global_contexts.h"
+#include "source3/lib/substitute.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
--
2.33.1
From 1184733a1628c1187a215956195ca806419db16d Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Thu, 11 Nov 2021 05:23:09 +0100
Subject: [PATCH 2/8] samba-bgqd: fix startup and logging
Let samba-bgqd use the new POPT_COMMON_DAEMON infrastructure.
The calls to setup_logging() can safely be removed as this is already taken care
of by samba_cmdline_init().
To avoid a logfile basename of ".log" when using "%m", we add a call to
set_remote_machine_name().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
Signed-off-by: Ralph Boehme <slow@samba.org>
---
source3/printing/samba-bgqd.c | 35 ++++++++++-------------------------
1 file changed, 10 insertions(+), 25 deletions(-)
diff --git a/source3/printing/samba-bgqd.c b/source3/printing/samba-bgqd.c
index 8ac6ec525b2..2cd6a8e007a 100644
--- a/source3/printing/samba-bgqd.c
+++ b/source3/printing/samba-bgqd.c
@@ -40,6 +40,7 @@
#include "source3/lib/util_procid.h"
#include "source3/auth/proto.h"
#include "source3/printing/queue_process.h"
+#include "source3/lib/substitute.h"
static void watch_handler(struct tevent_req *req)
{
@@ -235,6 +236,7 @@ static int closeall_except_fd_params(
int main(int argc, const char *argv[])
{
+ struct samba_cmdline_daemon_cfg *cmdline_daemon_cfg = NULL;
const struct loadparm_substitution *lp_sub =
loadparm_s3_global_substitution();
const char *progname = getprogname();
@@ -245,8 +247,6 @@ int main(int argc, const char *argv[])
struct tevent_req *watch_req = NULL;
struct tevent_signal *sigterm_handler = NULL;
struct bq_state *bq = NULL;
- int foreground = 0;
- int no_process_group = 0;
int log_stdout = 0;
int ready_signal_fd = -1;
int watch_fd = -1;
@@ -259,21 +259,7 @@ int main(int argc, const char *argv[])
struct poptOption long_options[] = {
POPT_AUTOHELP
POPT_COMMON_SAMBA
- {
- .longName = "foreground",
- .shortName = 'F',
- .argInfo = POPT_ARG_NONE,
- .arg = &foreground,
- .descrip = "Run daemon in foreground "
- "(for daemontools, etc.)",
- },
- {
- .longName = "no-process-group",
- .shortName = '\0',
- .argInfo = POPT_ARG_NONE,
- .arg = &no_process_group,
- .descrip = "Don't create a new process group" ,
- },
+ POPT_COMMON_DAEMON
/*
* File descriptor to write the PID of the helper
@@ -311,6 +297,7 @@ int main(int argc, const char *argv[])
frame = talloc_stackframe();
umask(0);
+ set_remote_machine_name("smbd-bgqd", true);
ok = samba_cmdline_init(frame,
SAMBA_CMDLINE_CONFIG_SERVER,
@@ -320,6 +307,8 @@ int main(int argc, const char *argv[])
exit(ENOMEM);
}
+ cmdline_daemon_cfg = samba_cmdline_get_daemon_cfg();
+
pc = samba_popt_get_context(progname,
argc,
argv,
@@ -340,16 +329,12 @@ int main(int argc, const char *argv[])
log_stdout = (debug_get_log_type() == DEBUG_STDOUT);
- if (foreground) {
+ if (!cmdline_daemon_cfg->fork) {
daemon_status(progname, "Starting process ... ");
} else {
- become_daemon(true, no_process_group, log_stdout);
- }
-
- if (log_stdout) {
- setup_logging(progname, DEBUG_STDOUT);
- } else {
- setup_logging(progname, DEBUG_FILE);
+ become_daemon(true,
+ cmdline_daemon_cfg->no_process_group,
+ log_stdout);
}
BlockSignals(true, SIGPIPE);
--
2.33.1
From 1a0a1ccbe888332ea134b16bfac0d0d011bf1f4c Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Wed, 10 Nov 2021 18:27:08 +0100
Subject: [PATCH 3/8] winbindd: remove is_default_dyn_LOGFILEBASE() logic
Handling of -l commandline parameter is already implemented by lib/cmdline/.
is_default_dyn_LOGFILEBASE() == true is the default case and this causes us to
temporarily overwrite the configured logfile with LOGFILEBASE/log.winbindd until
winbindd_reload_services_file() restores it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
Signed-off-by: Ralph Boehme <slow@samba.org>
---
source3/winbindd/winbindd.c | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
index 290454619a4..58c5ffbced4 100644
--- a/source3/winbindd/winbindd.c
+++ b/source3/winbindd/winbindd.c
@@ -1717,15 +1717,6 @@ int main(int argc, const char **argv)
poptFreeContext(pc);
- if (is_default_dyn_LOGFILEBASE()) {
- char *lfile = NULL;
- if (asprintf(&lfile,"%s/log.winbindd",
- get_dyn_LOGFILEBASE()) > 0) {
- lp_set_logfile(lfile);
- SAFE_FREE(lfile);
- }
- }
-
reopen_logs();
DEBUG(0,("winbindd version %s started.\n", samba_version_string()));
--
2.33.1
From bcbf9fb6669933cc3dcf1f615d2885c542a08035 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Wed, 10 Nov 2021 14:13:11 +0100
Subject: [PATCH 4/8] lib/debug: fix fd check before dup'ing to stderr
Before I added per-class logfile and we had only one fd for the logfile the code
looked like this:
/* Take over stderr to catch output into logs */
if (state.fd > 0) {
if (dup2(state.fd, 2) == -1) {
/* Close stderr too, if dup2 can't point it -
at the logfile. There really isn't much
that can be done on such a fundamental
failure... */
close_low_fd(2);
}
}
In the current code the equivalent to state.fd is dbgc_config[DBGC_ALL].fd.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
Signed-off-by: Ralph Boehme <slow@samba.org>
---
lib/util/debug.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/lib/util/debug.c b/lib/util/debug.c
index 4fd17679227..b271608621a 100644
--- a/lib/util/debug.c
+++ b/lib/util/debug.c
@@ -1125,7 +1125,6 @@ bool reopen_logs_internal(void)
{
struct debug_backend *b = NULL;
mode_t oldumask;
- int new_fd = 0;
size_t i;
bool ok;
@@ -1190,7 +1189,7 @@ bool reopen_logs_internal(void)
* If log file was opened or created successfully, take over stderr to
* catch output into logs.
*/
- if (new_fd != -1) {
+ if (dbgc_config[DBGC_ALL].fd > 0) {
if (dup2(dbgc_config[DBGC_ALL].fd, 2) == -1) {
/* Close stderr too, if dup2 can't point it -
at the logfile. There really isn't much
--
2.33.1
From 9f76bd48d87eb03c66dfe942b4a84e997a8fe8ba Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Mon, 8 Nov 2021 19:41:50 +0100
Subject: [PATCH 5/8] lib/debug: in debug_set_logfile() call
reopen_logs_internal()
This simplifies the logging API for callers that typically would want to set
logging by just setup_logging() once without bothering that typically
configuration is loaded (via some lpcfg_load*() or lp_load*() varient) which
will only then pick up the configured logfile from smb.conf without actually
applying the new logifle to the logging subsytem.
Therefor our daemons will additionally call reopen_logs() explicitly in their
startup code after config is loaded, eg
setup_logging(getprogname(), DEBUG_FILE);
...
lpcfg_load(lp_ctx, config_file);
...
reopen_logs();
By calling reopen_logs_internal() implicitly from debug_set_logfile() there's no
need to call reopen_logs() explicitly anymore to apply the logfile.
As reopen_logs() will also apply other logging configuration options, we have to
keep the explicit calls in the daemon code. But at least this allows consistent
logging setup wrt to the logfile in the new cmdline library.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
Signed-off-by: Ralph Boehme <slow@samba.org>
---
lib/util/debug.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/util/debug.c b/lib/util/debug.c
index b271608621a..171b5e15008 100644
--- a/lib/util/debug.c
+++ b/lib/util/debug.c
@@ -1018,6 +1018,8 @@ void debug_set_logfile(const char *name)
}
TALLOC_FREE(dbgc_config[DBGC_ALL].logfile);
dbgc_config[DBGC_ALL].logfile = talloc_strdup(NULL, name);
+
+ reopen_logs_internal();
}
static void debug_close_fd(int fd)
--
2.33.1
From b80911bc1a306cac479ee3feabdcea124946cdde Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Mon, 8 Nov 2021 12:08:47 +0100
Subject: [PATCH 6/8] lib/cmdline: fix indentation
s/whitespace/tab/
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
Signed-off-by: Ralph Boehme <slow@samba.org>
---
lib/cmdline/cmdline_s3.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/cmdline/cmdline_s3.c b/lib/cmdline/cmdline_s3.c
index 1f8d9ed5eb5..639d403aed3 100644
--- a/lib/cmdline/cmdline_s3.c
+++ b/lib/cmdline/cmdline_s3.c
@@ -55,7 +55,7 @@ static bool _samba_cmdline_load_config_s3(void)
case SAMBA_CMDLINE_CONFIG_CLIENT:
ok = lp_load_client(config_file);
break;
- case SAMBA_CMDLINE_CONFIG_SERVER:
+ case SAMBA_CMDLINE_CONFIG_SERVER:
{
const struct samba_cmdline_daemon_cfg *cmdline_daemon_cfg =
samba_cmdline_get_daemon_cfg();
--
2.33.1
From a6b6b0b6e6dfcd2c8e2c2085d20cd16c51e3b379 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Mon, 8 Nov 2021 12:09:16 +0100
Subject: [PATCH 7/8] lib/cmdline: remember config_type in samba_cmdline_init()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
Signed-off-by: Ralph Boehme <slow@samba.org>
---
lib/cmdline/cmdline_s4.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/cmdline/cmdline_s4.c b/lib/cmdline/cmdline_s4.c
index 61c1b96ba8d..6ef6f59db49 100644
--- a/lib/cmdline/cmdline_s4.c
+++ b/lib/cmdline/cmdline_s4.c
@@ -25,6 +25,7 @@
#include "cmdline_private.h"
static bool _require_smbconf;
+static enum samba_cmdline_config_type _config_type;
static bool _samba_cmdline_load_config_s4(void)
{
@@ -81,6 +82,7 @@ bool samba_cmdline_init(TALLOC_CTX *mem_ctx,
return false;
}
_require_smbconf = require_smbconf;
+ _config_type = config_type;
creds = cli_credentials_init(mem_ctx);
if (creds == NULL) {
--
2.33.1
From e1d6ab1b0dbd8ff30019edf804c4766b066db4b7 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Mon, 8 Nov 2021 12:09:43 +0100
Subject: [PATCH 8/8] lib/cmdline: setup default file logging for servers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
RN: samba process doesn't log to logfile
Signed-off-by: Ralph Boehme <slow@samba.org>
---
lib/cmdline/cmdline_s4.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/lib/cmdline/cmdline_s4.c b/lib/cmdline/cmdline_s4.c
index 6ef6f59db49..29e9f34bbe2 100644
--- a/lib/cmdline/cmdline_s4.c
+++ b/lib/cmdline/cmdline_s4.c
@@ -44,6 +44,20 @@ static bool _samba_cmdline_load_config_s4(void)
}
}
+ switch (_config_type) {
+ case SAMBA_CMDLINE_CONFIG_SERVER: {
+ const struct samba_cmdline_daemon_cfg *cmdline_daemon_cfg =
+ samba_cmdline_get_daemon_cfg();
+
+ if (!cmdline_daemon_cfg->interactive) {
+ setup_logging(getprogname(), DEBUG_FILE);
+ }
+ break;
+ }
+ default:
+ break;
+ }
+
config_file = get_dyn_CONFIGFILE();
ok = lpcfg_load(lp_ctx, config_file);
if (!ok) {
--
2.33.1

View File

@ -1,61 +0,0 @@
From 3d02bf10d7738fe604b524863764de3ca1faa081 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Thu, 4 Nov 2021 22:22:44 +0100
Subject: [PATCH] s3-winexe: Fix winexe core dump (use-after-free)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14893
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Nov 5 11:43:57 UTC 2021 on sn-devel-184
(cherry picked from commit e9495d2ed28a26899dc3dd77bdfe56e284980218)
---
examples/winexe/winexe.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/examples/winexe/winexe.c b/examples/winexe/winexe.c
index 3e0813a4091..59fb9dbdebb 100644
--- a/examples/winexe/winexe.c
+++ b/examples/winexe/winexe.c
@@ -220,8 +220,6 @@ static void parse_args(int argc, const char *argv[],
*port_str = '\0';
}
- poptFreeContext(pc);
-
if (options->runas == NULL && options->runas_file != NULL) {
struct cli_credentials *runas_cred;
const char *user;
@@ -253,9 +251,19 @@ static void parse_args(int argc, const char *argv[],
options->credentials = samba_cmdline_get_creds();
- options->hostname = argv_new[0] + 2;
+ options->hostname = talloc_strdup(mem_ctx, argv_new[0] + 2);
+ if (options->hostname == NULL) {
+ DBG_ERR("Out of memory\n");
+ exit(1);
+ }
options->port = port;
- options->cmd = argv_new[1];
+ options->cmd = talloc_strdup(mem_ctx, argv_new[1]);
+ if (options->cmd == NULL) {
+ DBG_ERR("Out of memory\n");
+ exit(1);
+ }
+
+ poptFreeContext(pc);
options->flags = flag_interactive;
if (flag_reinstall) {
--
2.33.1

View File

@ -1,58 +0,0 @@
From 61fd63d70578043de9f3bff1c3267c499dbf50a0 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 10 Nov 2021 12:06:51 +0100
Subject: [PATCH] auth:creds: Guess the username first via getpwuid(my_id)
If we have a container, we often don't have USER or LOGNAME set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14883
Tested-by: Anoop C S <anoopcs@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit c28be4067463e582e378df402f812e510883d606)
---
auth/credentials/credentials.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index 02a3cf3b354..c5a6ba6940c 100644
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -30,6 +30,7 @@
#include "tevent.h"
#include "param/param.h"
#include "system/filesys.h"
+#include "system/passwd.h"
/**
* Create a new credentials structure
@@ -1159,6 +1160,7 @@ _PUBLIC_ bool cli_credentials_guess(struct cli_credentials *cred,
{
const char *error_string;
const char *env = NULL;
+ struct passwd *pwd = NULL;
bool ok;
if (lp_ctx != NULL) {
@@ -1168,6 +1170,17 @@ _PUBLIC_ bool cli_credentials_guess(struct cli_credentials *cred,
}
}
+ pwd = getpwuid(getuid());
+ if (pwd != NULL) {
+ size_t len = strlen(pwd->pw_name);
+
+ if (len > 0 && len <= 1024) {
+ (void)cli_credentials_parse_string(cred,
+ pwd->pw_name,
+ CRED_GUESS_ENV);
+ }
+ }
+
env = getenv("LOGNAME");
if (env != NULL) {
size_t len = strlen(env);
--
2.33.1

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmGJC1MACgkQqplEL7aA
tiCwkhAAgHQFzw/TiURShe+AAw9eE168VXPICTBPNSRRiYH2FBbqG4qSHxG/SSAr
Fq8tMAoGhVuPC+Rjie7wMYoF9R7wd3X+KQ2GzLismbHS6Cn2C1EJ0cX/UJqP+Qpu
vitKHTpczNqEtWbYiMO2NKuLz1pyGl8/i/HErlVmSVFrHUnyLDXkZn1R1+R8b4hg
9Nj27L41ndAqyws24MCKoWNuhkwCN3QLf/n4/b22wZwJyNmiwvJlH5nK0RF4gY1T
Ne09HHNovcBvIgtJCp+ABcSKVQXGj2L47XDLBEXU4AeM+dzbRP0dBOCzs50ZbYQ1
8JMq7+r/MWSKuiDf1ofW6EYZPcxRsKcFGhpnP7rlMucxNRN358CqTaVW8qmhBRDV
9mglTBX6ie+Jj8fYP7Ak5rc+LYxolfTZmniH+dk7HH4QUdXjL/P3SpSwhwNmxtmc
JCWP4Tszw0tpRwoGRdt3A+I1/YRRCftSL5/Nm8q+ERyW77uVH+IkWdAsjuZUHyod
sT1+YQGoPrBRmESpugqqKQKQ9/CgVL1PZLjfKAgFP2a5/gwTr12rjXXn7uEMShjq
WDduBZRH6873IcVYkV/TVmqd+AfHk31d4B4Djzy7itGqF4XNCpWFlmLj4kApNY99
IXPfzua5Owjc8LIZssRSmPE0BLa1ElCfPvk6q2IJnpWZ04EdCjo=
=sYeb
-----END PGP SIGNATURE-----

View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmGww0kACgkQqplEL7aA
tiCzMg/+IzBD53oeYFSSt6V9o1ZhD/7bL425n/7Ea2iLaHkOEQWN3AgKV7h1rdSb
tS/Ys3xUf9LB1ZVkXbu17oWj5pG8aWcp6Ky80uXHycZ5X0/fcHegSU5SIyUfLs0F
d3BXvFWkPIy8H9a55wFTpJte2ofRoFqWUG4MAlOq83ummnmrz0W5j6QcufVIRjWq
hGMbg8Vjk+UEtKNO7fl8iSQ0ZRyXCkBR3biDBtMbvtoluaVkixxwwSPqgDoNXgju
ox2EbVfHLSHc+7Tb30uKQq/mf3uhf6ASIrajNVrXotK1fgpCCKnMLb9qRHEftttY
DwYKQvsrHCw9vYg/xyO2NOBr82mxjE6NBLsV1Kp8pdc4vInmAqOCsQpOuZ0SgO6u
sZk4c5AkfH7pZtHeNtlefiGe8/7ApU6UC6kkXT3mnLBtWKMBte9/NR6ZgCLle7tV
aAx6Io9j/rAeueRRgIK98bzxXSufjtFyNmM+Qr7IXnFHtJNM919ib4pr5DzpGwAc
+FMG0LfmU0XiUXcbw/IZ3AOD2DBwZC58ZezO3alUS8eRqNTP13v3Uhg9F78+eyah
Wbohx05Y4MA1ywtMd8z/dZn97nw3bw+z6fLNC//1Sq1qo1fXipaoSQW1LK9IHeVO
cV7cvd2c16p7NN3Op+34QY7Nc7b1uhtTV3v3tiEQYR/uQx+tyz8=
=fu6B
-----END PGP SIGNATURE-----

View File

@ -0,0 +1,64 @@
From e556b4067e0c4036e20fc26523e3b4d6d5c6be42 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 7 Oct 2021 15:55:37 +0200
Subject: [PATCH] waf: Fix resolv_wrapper with glibc 2.34
With glibc 2.34 we are not able to talk to the DNS server via socket_wrapper
anymore. The res_* symbols have been moved from libresolv to libc. We are not
able to intercept any traffic inside of libc.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
---
selftest/wscript | 2 +-
third_party/resolv_wrapper/wscript | 13 +++++++++++++
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/selftest/wscript b/selftest/wscript
index a6be06c2ae9..85d9338489a 100644
--- a/selftest/wscript
+++ b/selftest/wscript
@@ -252,7 +252,7 @@ def cmd_testonly(opt):
if os.environ.get('USE_NAMESPACES') is None:
env.OPTIONS += " --socket_wrapper_so_path=" + CONFIG_GET(opt, 'LIBSOCKET_WRAPPER_SO_PATH')
- if Utils.unversioned_sys_platform() in ('netbsd', 'openbsd', 'sunos'):
+ if not CONFIG_SET(opt, 'HAVE_RESOLV_CONF_SUPPORT'):
env.OPTIONS += " --use-dns-faking"
if CONFIG_GET(opt, 'USING_SYSTEM_KRB5') and CONFIG_GET(opt, 'MIT_KDC_PATH'):
diff --git a/third_party/resolv_wrapper/wscript b/third_party/resolv_wrapper/wscript
index a7f18389b0f..7e369bd90b5 100644
--- a/third_party/resolv_wrapper/wscript
+++ b/third_party/resolv_wrapper/wscript
@@ -1,6 +1,7 @@
#!/usr/bin/env python
import os
+from waflib import Logs
VERSION="1.1.7"
@@ -49,6 +50,18 @@ def configure(conf):
if conf.CONFIG_SET('HAVE_RES_NCLOSE'):
conf.DEFINE('HAVE_RES_NCLOSE_IN_LIBRESOLV', 1)
+ # If we find res_nquery in libc, we can't do resolv.conf redirect
+ conf.CHECK_FUNCS('res_nquery __res_nquery')
+ if (conf.CONFIG_SET('HAVE_RES_NQUERY')
+ or conf.CONFIG_SET('HAVE___RES_NQUERY')):
+ Logs.warn("Detection for resolv_wrapper: "
+ "Only dns faking will be available")
+ else:
+ if conf.CHECK_FUNCS('res_nquery', lib='resolv'):
+ conf.DEFINE('HAVE_RESOLV_CONF_SUPPORT', 1)
+ if conf.CHECK_FUNCS('__res_nquery', lib='resolv'):
+ conf.DEFINE('HAVE_RESOLV_CONF_SUPPORT', 1)
+
conf.CHECK_FUNCS_IN('res_init __res_init', 'resolv', checklibc=True)
conf.CHECK_FUNCS_IN('res_ninit __res_ninit', 'resolv', checklibc=True)
conf.CHECK_FUNCS_IN('res_close __res_close', 'resolv', checklibc=True)
--
2.33.1

View File

@ -132,9 +132,9 @@
%define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")
%global baserelease 2
%global baserelease 0
%global samba_version 4.15.2
%global samba_version 4.15.3
%global talloc_version 2.3.3
%global tdb_version 1.4.4
%global tevent_version 0.11.0
@ -203,13 +203,7 @@ Source201: README.downgrade
Patch0: samba-s4u.patch
Patch1: samba-ctdb-etcd-reclock.patch
Patch2: samba-4.15.1-winexe.patch
Patch3: samba-4.15-fix-winbind-no-trusted-domain.patch
Patch4: samba-4.15-logfile.patch
Patch5: samba-4.15.2-smbclient_anonymous.patch
Patch6: samba-4.15-ipa-dc-schannel.patch
Patch7: samba-4.15-fix-recursive-dir-delete.patch
Patch8: samba-4.15-fix-recursive-dir-delete-symlinks.patch
Patch2: samba-glibc-dns.patch
Requires(pre): /usr/sbin/groupadd
Requires(post): systemd
@ -613,6 +607,7 @@ Samba VFS module for Ceph distributed storage system integration.
Summary: Samba VFS module for io_uring
Requires: %{name} = %{samba_depver}
Requires: %{name}-libs = %{samba_depver}
Requires: %{name}-client-libs = %{samba_depver}
Provides: bundled(libreplace)
@ -949,6 +944,7 @@ necessary to communicate to the Winbind Daemon
Summary: Samba Winexe Windows Binary
License: GPLv3
Requires: %{name}-client-libs = %{samba_depver}
Requires: %{name}-common-libs = %{samba_depver}
Provides: bundled(libreplace)
@ -1796,7 +1792,6 @@ fi
%{_libdir}/samba/libdbwrap-samba4.so
%{_libdir}/samba/libdcerpc-pkt-auth-samba4.so
%{_libdir}/samba/libdcerpc-samba-samba4.so
%{_libdir}/samba/libdcerpc-pkt-auth-samba4.so
%{_libdir}/samba/libevents-samba4.so
%{_libdir}/samba/libflag-mapping-samba4.so
%{_libdir}/samba/libgenrand-samba4.so
@ -2937,6 +2932,7 @@ fi
%{python3_sitearch}/samba/tests/krb5/__pycache__/spn_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/s4u_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/test_ccache.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/test_idmap_nss.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/test_ldap.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/test_min_domain_uid.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/test_rpc.*.pyc
@ -2960,6 +2956,7 @@ fi
%{python3_sitearch}/samba/tests/krb5/simple_tests.py
%{python3_sitearch}/samba/tests/krb5/spn_tests.py
%{python3_sitearch}/samba/tests/krb5/test_ccache.py
%{python3_sitearch}/samba/tests/krb5/test_idmap_nss.py
%{python3_sitearch}/samba/tests/krb5/test_ldap.py
%{python3_sitearch}/samba/tests/krb5/test_min_domain_uid.py
%{python3_sitearch}/samba/tests/krb5/test_rpc.py