mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2024-10-19 19:59:43 +00:00
Code Issues Releases Activity

Update Samba 4.8 to the 4.8.3 version.

Browse Source
This commit is contained in:
Timur I. Bakeyev 2018-07-31 12:32:45 +00:00
parent b13b6cf000
commit 2f783138a9
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=475995
18 changed files with 2099 additions and 313 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
net/samba48/Makefile
View File

@ -3,7 +3,7 @@
PORTNAME= ${SAMBA4_BASENAME}48
PORTVERSION= ${SAMBA4_VERSION}
PORTREVISION= 1
PORTREVISION= 0
CATEGORIES?= net
MASTER_SITES= SAMBA/samba/stable SAMBA/samba/rc
DISTNAME= ${SAMBA4_DISTNAME}
@ -14,20 +14,24 @@ COMMENT= Free SMB/CIFS and AD/DC server and client for Unix
LICENSE= GPLv3
BROKEN_powerpc64= fails to compile: auth.idl:107: Unable to determine origin of type struct cli_credentials
IGNORE_NONTHREAD_PYTHON= needs port lang/python${PYTHON_SUFFIX} to be build with THREADS support
CONFLICTS_INSTALL?= samba4-4.0.* samba4[1-79]-4.* p5-Parse-Pidl-4.*
EXTRA_PATCHES+= ${PATCHDIR}/0001-Zfs-provision-1.patch:-p1
EXTRA_PATCHES+= ${PATCHDIR}/0001-Freenas-master-mdns-fixes-22.patch:-p1
EXTRA_PATCHES+= ${PATCHDIR}/0001-bug-13427.patch:-p1
EXTRA_PATCHES+= ${PATCHDIR}/0001-audit.patch:-p1
EXTRA_PATCHES+= ${PATCHDIR}/0001-ctdb.patch:-p1
EXTRA_PATCHES+= ${PATCHDIR}/0001-bug-13175.patch:-p1
EXTRA_PATCHES+= ${PATCHDIR}/0001-bug-13351.patch:-p1
EXTRA_PATCHES+= ${PATCHDIR}/0001-bug-13441.patch:-p1
EXTRA_PATCHES+= ${PATCHDIR}/0001-bug-13451.patch:-p1
EXTRA_PATCHES+= ${PATCHDIR}/0001-bug-13537.patch:-p1
EXTRA_PATCHES+= ${PATCHDIR}/0001-bug-228462.patch:-p1
SAMBA4_BASENAME= samba
SAMBA4_PORTNAME= ${SAMBA4_BASENAME}4
SAMBA4_VERSION= 4.8.2
SAMBA4_VERSION= 4.8.3
SAMBA4_DISTNAME= ${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}
WRKSRC?= ${WRKDIR}/${DISTNAME}
@ -98,7 +102,7 @@ OPTIONS_DEFINE+= DEVELOPER MANDOC
OPTIONS_DEFINE_amd64= AESNI
OPTIONS_DEFAULT_amd64= AESNI
OPTIONS_DEFINE+= CUPS GPGME NTVFS SPOTLIGHT
OPTIONS_DEFINE+= CLUSTER CUPS GPGME NTVFS SPOTLIGHT
#OPTIONS_DEFINE+= MEMORY_DEBUG
OPTIONS_SINGLE= GSSAPI
@ -133,9 +137,11 @@ GSSAPI_BUILTIN_DESC= GSSAPI support via bundled Heimdal
BIND911_DESC= Use Bind 9.11 as AD DC DNS server frontend
NSUPDATE_DESC= Use samba NSUPDATE utility for AD DC
##############################################################################
PLIST_SUB+= CLUSTER="@comment "
SUB_LIST+= CLUSTER="@comment "
# XXX: Unconditional dependencies which can't be switched off(if present in the system)
# XXX: Unconditional dependencies which can't be switched off(if present in
# the system)
# Readline(sponsored by Python)
# XXX: USES=readline pollutes CPPFLAGS, so we explicitly put dependency
LIB_DEPENDS+= libreadline.so.7:devel/readline
# popt
LIB_DEPENDS+= libpopt.so:devel/popt
# inotify
@ -159,7 +165,7 @@ RUN_DEPENDS+= libarchive>=3.1.2:archivers/libarchive
#SAMBA4_BUNDLED_TALLOC= yes
#SAMBA4_BUNDLED_TEVENT= yes
#SAMBA4_BUNDLED_TDB= yes
#SAMBA4_BUNDLED_LDB= yes
SAMBA4_BUNDLED_LDB= yes
SAMBA4_LDB= 13
# cmocka
.if defined(SAMBA4_BUNDLED_CMOCKA)
@ -182,8 +188,8 @@ PLIST_SUB+= SAMBA4_BUNDLED_TALLOC=""
SUB_LIST+= SAMBA4_BUNDLED_TALLOC=""
.else
SAMBA4_BUNDLED_LIBS+= !talloc
BUILD_DEPENDS+= talloc>=2.1.13:devel/talloc
RUN_DEPENDS+= talloc>=2.1.13:devel/talloc
BUILD_DEPENDS+= talloc>=2.1.14:devel/talloc
RUN_DEPENDS+= talloc>=2.1.14:devel/talloc
PLIST_SUB+= SAMBA4_BUNDLED_TALLOC="@comment "
SUB_LIST+= SAMBA4_BUNDLED_TALLOC="@comment "
.endif
@ -195,8 +201,8 @@ PLIST_SUB+= SAMBA4_BUNDLED_TEVENT=""
SUB_LIST+= SAMBA4_BUNDLED_TEVENT=""
.else
SAMBA4_BUNDLED_LIBS+= !tevent
BUILD_DEPENDS+= tevent>=0.9.36:devel/tevent
RUN_DEPENDS+= tevent>=0.9.36:devel/tevent
BUILD_DEPENDS+= tevent>=0.9.37:devel/tevent
RUN_DEPENDS+= tevent>=0.9.37:devel/tevent
PLIST_SUB+= SAMBA4_BUNDLED_TEVENT="@comment "
SUB_LIST+= SAMBA4_BUNDLED_TEVENT="@comment "
.endif
@ -222,8 +228,8 @@ PLIST_SUB+= SAMBA4_BUNDLED_LDB=""
SUB_LIST+= SAMBA4_BUNDLED_LDB=""
.else
. if ${SAMBA4_LDB} == 13
BUILD_DEPENDS+= ldb13>=1.3.3:databases/ldb13
RUN_DEPENDS+= ldb13>=1.3.3:databases/ldb13
BUILD_DEPENDS+= ldb13>=1.3.4:databases/ldb13
RUN_DEPENDS+= ldb13>=1.3.4:databases/ldb13
. elif ${SAMBA4_LDB} == 12
BUILD_DEPENDS+= ldb12>=1.2.3:databases/ldb12
RUN_DEPENDS+= ldb12>=1.2.3:databases/ldb12
@ -431,10 +437,10 @@ BUILD_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}iso8601>=0.1.11:devel/py-iso8601@${PY_F
RUN_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}iso8601>=0.1.11:devel/py-iso8601@${PY_FLAVOR}
# XXX: This is a gross hack to make port use both Python 2.7+ and 3.3+
# This is not officially supported, use at your own risk
.if defined(WITH_SAMBA4_PYTHON3) && ${WITH_SAMBA4_PYTHON3:Mpython3\.[0-9]}
SAMBA4_PYTHON3= ${WITH_SAMBA4_PYTHON3}
SAMBA4_PYTHON3_VERSION:= ${SAMBA4_PYTHON3:S/^python//}
SAMBA4_PYTHON3_VER:= ${SAMBA4_PYTHON3_VERSION:C/\.//}
.if defined(WITH_SAMBA4_PYTHON3) && ${WITH_SAMBA4_PYTHON3:M3\.[0-9]}
SAMBA4_PYTHON3_VERSION= ${WITH_SAMBA4_PYTHON3}
SAMBA4_PYTHON3= python${SAMBA4_PYTHON3_VERSION}
SAMBA4_PYTHON3_VER= ${SAMBA4_PYTHON3_VERSION:C/\.//}
.if !exists(${PORTSDIR}/lang/python${SAMBA4_PYTHON3_VER})
.error unsupported or unknown Python version ${SAMBA4_PYTHON3_VERSION}
.endif
@ -476,8 +482,11 @@ PLIST_FILES+= lib/samba4/private/libaesni-intel-samba4.so
CONFIGURE_ARGS+= --accel-aes=none
.endif
.if ${PORT_OPTIONS:MAD_DC} && ${PORT_OPTIONS:MGSSAPI_MIT}
.if ${PORT_OPTIONS:MGSSAPI_MIT}
PLIST_FILES+= lib/samba4/winbind-krb5-localauth.so
. if ${PORT_OPTIONS:MAD_DC}
PLIST_FILES+= lib/samba4/krb5/plugins/kdb/samba.so
. endif
.endif
# for libexecinfo: (so that __builtin_frame_address() finds the top of the stack)
CFLAGS_amd64+= -fno-omit-frame-pointer
@ -585,6 +594,10 @@ post-install-rm-junk:
.for f in vfs_aio_linux.8 vfs_btrfs.8 vfs_ceph.8 vfs_gpfs.8
${RM} ${STAGEDIR}${PREFIX}/man/man8/${f}
.endfor
.if defined(NO_PYTHON)
${RM} -r ${STAGEDIR}${PYTHON_SITELIBDIR}/samba/third_party/dns \
${STAGEDIR}${PYTHON_SITELIBDIR}/samba/third_party/iso8601
.endif
post-install: post-install-rm-junk
${LN} -sf smb.conf.5.gz ${STAGEDIR}${PREFIX}/man/man5/smb4.conf.5.gz

6
net/samba48/distinfo
View File

@ -1,3 +1,3 @@
TIMESTAMP = 1526478569
SHA256 (samba-4.8.2.tar.gz) = 62e552296d49e6ab44bb87d120a288813fa52e42435d53a1f71b77596512bf22
SIZE (samba-4.8.2.tar.gz) = 17675145
TIMESTAMP = 1530185888
SHA256 (samba-4.8.3.tar.gz) = e0569a8a605d5dfb49f1fdd11db796f4d36fe0351c4a7f21387ef253010b82ed
SIZE (samba-4.8.3.tar.gz) = 17680660

60
net/samba48/files/0001-Zfs-provision-1.patch
View File

@ -120,11 +120,13 @@ diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c
index 63fc5d68c33..f5a536ee186 100644
--- a/source3/smbd/pysmbd.c
+++ b/source3/smbd/pysmbd.c
@@ -335,6 +335,18 @@ static SMB_ACL_T make_simple_acl(gid_t gid, mode_t chmod_mode)
@@ -368,6 +368,20 @@ static SMB_ACL_T make_simple_acl(TALLOC_
return acl;
}
+static SMB_ACL_T make_simple_nfsv4_acl(gid_t gid, mode_t chmod_mode)
+static SMB_ACL_T make_simple_nfsv4_acl(TALLOC_CTX *mem_ctx,
+ gid_t gid,
+ mode_t chmod_mode)
+{
+ /*
+ * This function needs to create an NFSv4 ACL. Currently, the only way
@ -139,25 +141,10 @@ index 63fc5d68c33..f5a536ee186 100644
/*
set a simple ACL on a file, as a test
*/
@@ -363,6 +375,53 @@ static PyObject *py_smbd_set_simple_acl(PyObject *self, PyObject *args, PyObject
}
@@ -413,6 +427,53 @@ static PyObject *py_smbd_set_simple_acl(
}
ret = set_sys_acl_conn(fname, SMB_ACL_TYPE_ACCESS, acl, conn);
+
+ TALLOC_FREE(acl);
+
+ if (ret != 0) {
+ TALLOC_FREE(frame);
+ errno = ret;
+ return PyErr_SetFromErrno(PyExc_OSError);
+ }
+
+ TALLOC_FREE(frame);
+
+ Py_RETURN_NONE;
+}
+
+/*
/*
+ set a simple NFSv4 ACL on a file, as a test
+ */
+static PyObject *py_smbd_set_simple_nfsv4_acl(PyObject *self, PyObject *args, PyObject *kwargs)
@ -175,10 +162,14 @@ index 63fc5d68c33..f5a536ee186 100644
+ &fname, &mode, &gid, &service))
+ return NULL;
+
+ acl = make_simple_nfsv4_acl(gid, mode);
+
+ frame = talloc_stackframe();
+
+ acl = make_simple_nfsv4_acl(frame, gid, mode);
+ if (acl == NULL) {
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+
+ conn = get_conn(frame, service);
+ if (!conn) {
+ return NULL;
@ -187,13 +178,24 @@ index 63fc5d68c33..f5a536ee186 100644
+ /*
+ * SMB_ACL_TYPE_ACCESS -> ACL_TYPE_ACCESS -> Not valid for NFSv4 ACL
+ */
+ //ret = set_sys_acl_conn(fname, SMB_ACL_TYPE_ACCESS, acl, conn);
+ ret = 0;
+
TALLOC_FREE(acl);
if (ret != 0) {
@@ -483,7 +542,7 @@ static PyObject *py_smbd_unlink(PyObject *self, PyObject *args, PyObject *kwargs
+ if (ret != 0) {
+ TALLOC_FREE(frame);
+ errno = ret;
+ return PyErr_SetFromErrno(PyExc_OSError);
+ }
+
+ TALLOC_FREE(frame);
+
+ Py_RETURN_NONE;
+}
+
+/*
chown a file
*/
static PyObject *py_smbd_chown(PyObject *self, PyObject *args, PyObject *kwargs)
@@ -519,7 +580,7 @@ static PyObject *py_smbd_unlink(PyObject
}
/*
@ -202,7 +204,7 @@ index 63fc5d68c33..f5a536ee186 100644
*/
static PyObject *py_smbd_have_posix_acls(PyObject *self)
{
@@ -494,6 +553,86 @@ static PyObject *py_smbd_have_posix_acls(PyObject *self)
@@ -530,6 +591,86 @@ static PyObject *py_smbd_have_posix_acls
#endif
}
@ -289,7 +291,7 @@ index 63fc5d68c33..f5a536ee186 100644
/*
set the NT ACL on a file
*/
@@ -681,9 +820,24 @@ static PyMethodDef py_smbd_methods[] = {
@@ -717,9 +858,24 @@ static PyMethodDef py_smbd_methods[] = {
{ "have_posix_acls",
(PyCFunction)py_smbd_have_posix_acls, METH_NOARGS,
NULL },

247
net/samba48/files/0001-audit.patch Normal file
View File

@ -0,0 +1,247 @@
From 7d1bcfc99c393367093c903f95a5e365881b7989 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@iXsystems.com>
Date: Fri, 22 Jun 2018 12:15:30 +0800
Subject: [PATCH 1/3] Make sure that vfs*audit modules recognize and accept all
the syslog facilities.
---
source3/modules/vfs_audit.c | 34 +++++++++++++++++++++++-----------
source3/modules/vfs_extd_audit.c | 34 +++++++++++++++++++++++-----------
source3/modules/vfs_full_audit.c | 34 +++++++++++++++++++++++-----------
3 files changed, 69 insertions(+), 33 deletions(-)
diff --git a/source3/modules/vfs_audit.c b/source3/modules/vfs_audit.c
index 12477d5b01f..4f9d16c452e 100644
--- a/source3/modules/vfs_audit.c
+++ b/source3/modules/vfs_audit.c
@@ -33,16 +33,28 @@
static int audit_syslog_facility(vfs_handle_struct *handle)
{
static const struct enum_list enum_log_facilities[] = {
- { LOG_USER, "USER" },
- { LOG_LOCAL0, "LOCAL0" },
- { LOG_LOCAL1, "LOCAL1" },
- { LOG_LOCAL2, "LOCAL2" },
- { LOG_LOCAL3, "LOCAL3" },
- { LOG_LOCAL4, "LOCAL4" },
- { LOG_LOCAL5, "LOCAL5" },
- { LOG_LOCAL6, "LOCAL6" },
- { LOG_LOCAL7, "LOCAL7" },
- { -1, NULL}
+ { LOG_AUTH, "AUTH" },
+ { LOG_CRON, "CRON" },
+ { LOG_DAEMON, "DAEMON" },
+ { LOG_FTP, "FTP" },
+ { LOG_KERN, "KERN" },
+ { LOG_LPR, "LPR" },
+ { LOG_MAIL, "MAIL" },
+ { LOG_NEWS, "NEWS" },
+ { LOG_NTP, "NTP" },
+ { LOG_SECURITY, "SECURITY" },
+ { LOG_SYSLOG, "SYSLOG" },
+ { LOG_USER, "USER" },
+ { LOG_UUCP, "UUCP" },
+ { LOG_LOCAL0, "LOCAL0" },
+ { LOG_LOCAL1, "LOCAL1" },
+ { LOG_LOCAL2, "LOCAL2" },
+ { LOG_LOCAL3, "LOCAL3" },
+ { LOG_LOCAL4, "LOCAL4" },
+ { LOG_LOCAL5, "LOCAL5" },
+ { LOG_LOCAL6, "LOCAL6" },
+ { LOG_LOCAL7, "LOCAL7" },
+ { -1, NULL }
};
int facility;
@@ -64,7 +76,7 @@ static int audit_syslog_priority(vfs_handle_struct *handle)
{ LOG_NOTICE, "NOTICE" },
{ LOG_INFO, "INFO" },
{ LOG_DEBUG, "DEBUG" },
- { -1, NULL}
+ { -1, NULL }
};
int priority;
diff --git a/source3/modules/vfs_extd_audit.c b/source3/modules/vfs_extd_audit.c
index 7d1fe273978..5307569a010 100644
--- a/source3/modules/vfs_extd_audit.c
+++ b/source3/modules/vfs_extd_audit.c
@@ -36,16 +36,28 @@ static int vfs_extd_audit_debug_level = DBGC_VFS;
static int audit_syslog_facility(vfs_handle_struct *handle)
{
static const struct enum_list enum_log_facilities[] = {
- { LOG_USER, "USER" },
- { LOG_LOCAL0, "LOCAL0" },
- { LOG_LOCAL1, "LOCAL1" },
- { LOG_LOCAL2, "LOCAL2" },
- { LOG_LOCAL3, "LOCAL3" },
- { LOG_LOCAL4, "LOCAL4" },
- { LOG_LOCAL5, "LOCAL5" },
- { LOG_LOCAL6, "LOCAL6" },
- { LOG_LOCAL7, "LOCAL7" },
- { -1, NULL}
+ { LOG_AUTH, "AUTH" },
+ { LOG_CRON, "CRON" },
+ { LOG_DAEMON, "DAEMON" },
+ { LOG_FTP, "FTP" },
+ { LOG_KERN, "KERN" },
+ { LOG_LPR, "LPR" },
+ { LOG_MAIL, "MAIL" },
+ { LOG_NEWS, "NEWS" },
+ { LOG_NTP, "NTP" },
+ { LOG_SECURITY, "SECURITY" },
+ { LOG_SYSLOG, "SYSLOG" },
+ { LOG_USER, "USER" },
+ { LOG_UUCP, "UUCP" },
+ { LOG_LOCAL0, "LOCAL0" },
+ { LOG_LOCAL1, "LOCAL1" },
+ { LOG_LOCAL2, "LOCAL2" },
+ { LOG_LOCAL3, "LOCAL3" },
+ { LOG_LOCAL4, "LOCAL4" },
+ { LOG_LOCAL5, "LOCAL5" },
+ { LOG_LOCAL6, "LOCAL6" },
+ { LOG_LOCAL7, "LOCAL7" },
+ { -1, NULL }
};
int facility;
@@ -67,7 +79,7 @@ static int audit_syslog_priority(vfs_handle_struct *handle)
{ LOG_NOTICE, "NOTICE" },
{ LOG_INFO, "INFO" },
{ LOG_DEBUG, "DEBUG" },
- { -1, NULL}
+ { -1, NULL }
};
int priority;
diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
index a205007f46f..a52af4b5740 100644
--- a/source3/modules/vfs_full_audit.c
+++ b/source3/modules/vfs_full_audit.c
@@ -357,16 +357,28 @@ static struct {
static int audit_syslog_facility(vfs_handle_struct *handle)
{
static const struct enum_list enum_log_facilities[] = {
- { LOG_USER, "USER" },
- { LOG_LOCAL0, "LOCAL0" },
- { LOG_LOCAL1, "LOCAL1" },
- { LOG_LOCAL2, "LOCAL2" },
- { LOG_LOCAL3, "LOCAL3" },
- { LOG_LOCAL4, "LOCAL4" },
- { LOG_LOCAL5, "LOCAL5" },
- { LOG_LOCAL6, "LOCAL6" },
- { LOG_LOCAL7, "LOCAL7" },
- { -1, NULL}
+ { LOG_AUTH, "AUTH" },
+ { LOG_CRON, "CRON" },
+ { LOG_DAEMON, "DAEMON" },
+ { LOG_FTP, "FTP" },
+ { LOG_KERN, "KERN" },
+ { LOG_LPR, "LPR" },
+ { LOG_MAIL, "MAIL" },
+ { LOG_NEWS, "NEWS" },
+ { LOG_NTP, "NTP" },
+ { LOG_SECURITY, "SECURITY" },
+ { LOG_SYSLOG, "SYSLOG" },
+ { LOG_USER, "USER" },
+ { LOG_UUCP, "UUCP" },
+ { LOG_LOCAL0, "LOCAL0" },
+ { LOG_LOCAL1, "LOCAL1" },
+ { LOG_LOCAL2, "LOCAL2" },
+ { LOG_LOCAL3, "LOCAL3" },
+ { LOG_LOCAL4, "LOCAL4" },
+ { LOG_LOCAL5, "LOCAL5" },
+ { LOG_LOCAL6, "LOCAL6" },
+ { LOG_LOCAL7, "LOCAL7" },
+ { -1, NULL }
};
int facility;
@@ -387,7 +399,7 @@ static int audit_syslog_priority(vfs_handle_struct *handle)
{ LOG_NOTICE, "NOTICE" },
{ LOG_INFO, "INFO" },
{ LOG_DEBUG, "DEBUG" },
- { -1, NULL}
+ { -1, NULL }
};
int priority;
--
2.16.3
From b98fc517251ad25b695ef64453ffe3eaaffed5d8 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@iXsystems.com>
Date: Fri, 22 Jun 2018 12:19:42 +0800
Subject: [PATCH 2/3] Make "none" is the default setting for the successful and
failed operations in the vfs_full_audit, so you don't blow up your server by
just adding this module to the configuration.
---
source3/modules/vfs_full_audit.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
index a52af4b5740..bc40c8137dc 100644
--- a/source3/modules/vfs_full_audit.c
+++ b/source3/modules/vfs_full_audit.c
@@ -624,6 +624,7 @@ static int smb_full_audit_connect(vfs_handle_struct *handle,
const char *svc, const char *user)
{
int result;
+ const char *none[] = { "none" };
struct vfs_full_audit_private_data *pd = NULL;
result = SMB_VFS_NEXT_CONNECT(handle, svc, user);
@@ -663,10 +664,10 @@ static int smb_full_audit_connect(vfs_handle_struct *handle,
pd->success_ops = init_bitmap(
pd, lp_parm_string_list(SNUM(handle->conn), "full_audit",
- "success", NULL));
+ "success", none));
pd->failure_ops = init_bitmap(
pd, lp_parm_string_list(SNUM(handle->conn), "full_audit",
- "failure", NULL));
+ "failure", none));
/* Store the private data. */
SMB_VFS_HANDLE_SET_DATA(handle, pd, NULL,
--
2.16.3
From e25f3a6cfc284737d8df941686f6629568763103 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@iXsystems.com>
Date: Fri, 22 Jun 2018 12:36:07 +0800
Subject: [PATCH 3/3] Document that vfs_full_audit defaults are "none" for the
successful and failed operations.
---
docs-xml/manpages/vfs_full_audit.8.xml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/docs-xml/manpages/vfs_full_audit.8.xml b/docs-xml/manpages/vfs_full_audit.8.xml
index cefe66d8b6f..ac8473f9990 100644
--- a/docs-xml/manpages/vfs_full_audit.8.xml
+++ b/docs-xml/manpages/vfs_full_audit.8.xml
@@ -164,7 +164,7 @@
<para>LIST is a list of VFS operations that should be
recorded if they succeed. Operations are specified using
the names listed above. Operations can be unset by prefixing
- the names with "!". The default is all operations.
+ the names with "!". The default is none operations.
</para>
</listitem>
@@ -176,7 +176,7 @@
<para>LIST is a list of VFS operations that should be
recorded if they failed. Operations are specified using
the names listed above. Operations can be unset by prefixing
- the names with "!". The default is all operations.
+ the names with "!". The default is none operations.
</para>
</listitem>
--
2.16.3

50
net/samba48/files/0001-bug-13351.patch Normal file
View File

@ -0,0 +1,50 @@
From 1598b78bf791b5a2b8ff52745563ebfcc2a5a0cb Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Thu, 22 Mar 2018 08:03:58 +0100
Subject: [PATCH] s3: smbd: always set vuid in check_user_ok()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
A SMB session reauth will have invalidated conn->vuid via
conn_clear_vuid_caches().
Ensure conn->vuid always has the vuid of the current user in
check_user_ok().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13351
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Mar 22 18:26:04 CET 2018 on sn-devel-144
(cherry picked from commit 42d6dd2f30b6c3b3176bd1f378422a2eb62b1008)
---
source3/smbd/uid.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index 6eb53920abf..b24ae3cc3b0 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -202,6 +202,7 @@ static bool check_user_ok(connection_struct *conn,
conn->session_info = ent->session_info;
conn->read_only = ent->read_only;
conn->share_access = ent->share_access;
+ conn->vuid = ent->vuid;
return(True);
}
}
@@ -250,6 +251,7 @@ static bool check_user_ok(connection_struct *conn,
ent->share_access = share_access;
free_conn_session_info_if_unused(conn);
conn->session_info = ent->session_info;
+ conn->vuid = ent->vuid;
if (vuid == UID_FIELD_INVALID) {
/*
* Not strictly needed, just make it really
--
2.13.6

213
net/samba48/files/0001-bug-13427.patch
View File

@ -1,213 +0,0 @@
From 31e168958987826ab7cce61b854daf2a8f3f2adb Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 9 May 2018 13:30:13 +0200
Subject: [PATCH 1/3] auth/ntlmssp: add ntlmssp_client:ldap_style_send_seal
option
This will be used to similate a Windows client only
using NTLMSSP_NEGOTIATE_SIGN without NTLMSSP_NEGOTIATE_SEAL
on an LDAP connection, which is indicated internally by
GENSEC_FEATURE_LDAP_STYLE.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13427
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 7f2bebf09cd8056b3f901dd9ff1fc9e9525f3e9d)
---
auth/ntlmssp/ntlmssp_client.c | 24 +++++++++++++++++-------
1 file changed, 17 insertions(+), 7 deletions(-)
diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
index db2003f0d6b..54fda41b534 100644
--- a/auth/ntlmssp/ntlmssp_client.c
+++ b/auth/ntlmssp/ntlmssp_client.c
@@ -865,13 +865,23 @@ NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security)
* is requested.
*/
ntlmssp_state->force_wrap_seal = true;
- /*
- * We want also work against old Samba servers
- * which didn't had GENSEC_FEATURE_LDAP_STYLE
- * we negotiate SEAL too. We may remove this
- * in a few years. As all servers should have
- * GENSEC_FEATURE_LDAP_STYLE by then.
- */
+ }
+ }
+ if (ntlmssp_state->force_wrap_seal) {
+ bool ret;
+
+ /*
+ * We want also work against old Samba servers
+ * which didn't had GENSEC_FEATURE_LDAP_STYLE
+ * we negotiate SEAL too. We may remove this
+ * in a few years. As all servers should have
+ * GENSEC_FEATURE_LDAP_STYLE by then.
+ */
+ ret = gensec_setting_bool(gensec_security->settings,
+ "ntlmssp_client",
+ "ldap_style_send_seal",
+ true);
+ if (ret) {
ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SEAL;
}
}
--
2.14.3
From 1734791570ff0eb57a04fef779a093c20c83ed9d Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 9 May 2018 13:33:05 +0200
Subject: [PATCH 2/3] s4:selftest: run test_ldb_simple.sh with more auth
options
This demonstrates the broken GENSEC_FEATURE_LDAP_STYLE
handling in our LDAP server.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13427
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit fc1c5bd3be2c3f90eab2f31e43cf053f7ff13782)
---
selftest/knownfail.d/ntlmssp_ldap_style_send_seal | 1 +
source4/selftest/tests.py | 7 +++++++
2 files changed, 8 insertions(+)
create mode 100644 selftest/knownfail.d/ntlmssp_ldap_style_send_seal
diff --git a/selftest/knownfail.d/ntlmssp_ldap_style_send_seal b/selftest/knownfail.d/ntlmssp_ldap_style_send_seal
new file mode 100644
index 00000000000..0cd7cc2ea39
--- /dev/null
+++ b/selftest/knownfail.d/ntlmssp_ldap_style_send_seal
@@ -0,0 +1 @@
+^samba4.ldb.simple.ldap.*ldap_style_send_seal=no
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index 621a61347bc..226617f3b6a 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -116,6 +116,13 @@ for env in ["ad_dc_ntvfs", "fl2008r2dc", "fl2003dc"]:
'--option=clientldapsaslwrapping=plain',
'--sign',
'--encrypt',
+ '-k yes --option=clientldapsaslwrapping=plain',
+ '-k yes --sign',
+ '-k yes --encrypt',
+ '-k no --option=clientldapsaslwrapping=plain',
+ '-k no --sign --option=ntlmssp_client:ldap_style_send_seal=no',
+ '-k no --sign',
+ '-k no --encrypt',
]
for auth_option in auth_options:
--
2.14.3
From 4b612bcfb938a49b2725e913a95004bd9fa6c3c3 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 7 May 2018 14:50:27 +0200
Subject: [PATCH 3/3] auth/ntlmssp: fix handling of GENSEC_FEATURE_LDAP_STYLE
as a server
This fixes "NTLMSSP NTLM2 packet check failed due to invalid signature!"
error messages, which were generated if the client only sends
NTLMSSP_NEGOTIATE_SIGN without NTLMSSP_NEGOTIATE_SEAL on an LDAP
connection.
This fixes a regession in the combination of commits
77adac8c3cd2f7419894d18db735782c9646a202 and
3a0b835408a6efa339e8b34333906bfe3aacd6e3.
We need to evaluate GENSEC_FEATURE_LDAP_STYLE at the end
of the authentication (as a server, while we already
do so at the beginning as a client).
As a reminder I introduced GENSEC_FEATURE_LDAP_STYLE
(as an internal flag) in order to let us work as a
Windows using NTLMSSP for LDAP. Even if only signing is
negotiated during the authentication the following PDUs
will still be encrypted if NTLMSSP is used. This is exactly the
same as if the client would have negotiated NTLMSSP_NEGOTIATE_SEAL.
I guess it's a bug in Windows, but we have to reimplement that
bug. Note this only applies to NTLMSSP and only to LDAP!
Signing only works fine for LDAP with Kerberos
or DCERPC and NTLMSSP.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13427
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed May 16 03:26:03 CEST 2018 on sn-devel-144
(cherry picked from commit c7a3ce95ac4ce837d8fde36578b3b1f56c3ac2fa)
---
auth/ntlmssp/gensec_ntlmssp_server.c | 19 -------------------
auth/ntlmssp/ntlmssp_server.c | 8 ++++++++
selftest/knownfail.d/ntlmssp_ldap_style_send_seal | 1 -
3 files changed, 8 insertions(+), 20 deletions(-)
delete mode 100644 selftest/knownfail.d/ntlmssp_ldap_style_send_seal
diff --git a/auth/ntlmssp/gensec_ntlmssp_server.c b/auth/ntlmssp/gensec_ntlmssp_server.c
index c0e6cff5952..ab92f4d0c09 100644
--- a/auth/ntlmssp/gensec_ntlmssp_server.c
+++ b/auth/ntlmssp/gensec_ntlmssp_server.c
@@ -179,25 +179,6 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
- if (gensec_security->want_features & GENSEC_FEATURE_SESSION_KEY) {
- ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
- }
- if (gensec_security->want_features & GENSEC_FEATURE_SIGN) {
- ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
-
- if (gensec_security->want_features & GENSEC_FEATURE_LDAP_STYLE) {
- /*
- * We need to handle NTLMSSP_NEGOTIATE_SIGN as
- * NTLMSSP_NEGOTIATE_SEAL if GENSEC_FEATURE_LDAP_STYLE
- * is requested.
- */
- ntlmssp_state->force_wrap_seal = true;
- }
- }
- if (gensec_security->want_features & GENSEC_FEATURE_SEAL) {
- ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
- ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
- }
if (role == ROLE_STANDALONE) {
ntlmssp_state->server.is_standalone = true;
diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c
index 37ed2bc9565..140e89daeb1 100644
--- a/auth/ntlmssp/ntlmssp_server.c
+++ b/auth/ntlmssp/ntlmssp_server.c
@@ -1080,6 +1080,14 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security,
data_blob_free(&ntlmssp_state->challenge_blob);
if (gensec_ntlmssp_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
+ if (gensec_security->want_features & GENSEC_FEATURE_LDAP_STYLE) {
+ /*
+ * We need to handle NTLMSSP_NEGOTIATE_SIGN as
+ * NTLMSSP_NEGOTIATE_SEAL if GENSEC_FEATURE_LDAP_STYLE
+ * is requested.
+ */
+ ntlmssp_state->force_wrap_seal = true;
+ }
nt_status = ntlmssp_sign_init(ntlmssp_state);
}
diff --git a/selftest/knownfail.d/ntlmssp_ldap_style_send_seal b/selftest/knownfail.d/ntlmssp_ldap_style_send_seal
deleted file mode 100644
index 0cd7cc2ea39..00000000000
--- a/selftest/knownfail.d/ntlmssp_ldap_style_send_seal
+++ /dev/null
@@ -1 +0,0 @@
-^samba4.ldb.simple.ldap.*ldap_style_send_seal=no
--
2.14.3

343
net/samba48/files/0001-bug-13441.patch Normal file
View File

@ -0,0 +1,343 @@
From 1aa2785b7549205c4187c2afcd171ea1ade96ba9 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Sat, 19 May 2018 01:36:21 +0200
Subject: [PATCH 1/3] s4:torture/vfs/fruit: decrease large resource fork size
in test from 1 GB to 64 MB
64 MB is a more realistic value and lets the test pass on FreeBSD with
fruit:resource=stream and vfs_streams_xattr.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 2729b4329af0ad0b6a8bd188450b8abd76670d8a)
---
source4/torture/vfs/fruit.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/source4/torture/vfs/fruit.c b/source4/torture/vfs/fruit.c
index 4564047e0fb..543b1c5d969 100644
--- a/source4/torture/vfs/fruit.c
+++ b/source4/torture/vfs/fruit.c
@@ -1594,11 +1594,11 @@ static bool test_write_atalk_rfork_io(struct torture_context *tctx,
ret &= write_stream(tree, __location__, tctx, mem_ctx,
fname, AFPRESOURCE_STREAM_NAME,
- (off_t)1<<32, 10, rfork_content);
+ (off_t)64*1024*1024, 10, rfork_content);
ret &= check_stream(tree, __location__, tctx, mem_ctx,
fname, AFPRESOURCE_STREAM_NAME,
- (off_t)1<<32, 10, 0, 10, rfork_content);
+ (off_t)64*1024*1024, 10, 0, 10, rfork_content);
/* Truncate back to size of 1 byte */
--
2.13.6
From 928b66f9b798497bb694434e08384bb75d029913 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Thu, 17 May 2018 16:43:49 +0200
Subject: [PATCH 2/3] s4:torture: test setting EOF of a stream to 0 with
enabled AAPL extensions
macOS SMB server uses xattrs as storage backend for streams, directly
exposing xattr get/set characteristics. Setting EOF on a stream to 0
just deletes the xattr as macOS doesn't support 0-byte sized xattrs.
Note that this does not apply to the AFP_AfpInfo and AFP_Resource
streams, they have even stranger semantics and we have other tests
for those.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13441
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit cf5d471544f0cb0d072e4af1ee36798580d32897)
---
selftest/knownfail.d/samba3.vfs.fruit | 3 +
source4/torture/vfs/fruit.c | 197 ++++++++++++++++++++++++++++++++++
2 files changed, 200 insertions(+)
diff --git a/selftest/knownfail.d/samba3.vfs.fruit b/selftest/knownfail.d/samba3.vfs.fruit
index 8df25bccb79..5931c471086 100644
--- a/selftest/knownfail.d/samba3.vfs.fruit
+++ b/selftest/knownfail.d/samba3.vfs.fruit
@@ -1 +1,4 @@
^samba3.vfs.fruit streams_depot.OS X AppleDouble file conversion\(nt4_dc\)
+^samba3.vfs.fruit metadata_netatalk.setinfo eof stream\(nt4_dc\)
+^samba3.vfs.fruit metadata_stream.setinfo eof stream\(nt4_dc\)
+^samba3.vfs.fruit streams_depot.setinfo eof stream\(nt4_dc\)
diff --git a/source4/torture/vfs/fruit.c b/source4/torture/vfs/fruit.c
index 543b1c5d969..1202adb2cbf 100644
--- a/source4/torture/vfs/fruit.c
+++ b/source4/torture/vfs/fruit.c
@@ -4578,6 +4578,202 @@ static bool test_nfs_aces(struct torture_context *tctx,
return ret;
}
+static bool test_setinfo_stream_eof(struct torture_context *tctx,
+ struct smb2_tree *tree)
+{
+ bool ret = true;
+ NTSTATUS status;
+ struct smb2_create create;
+ union smb_setfileinfo sfinfo;
+ union smb_fileinfo finfo;
+ struct smb2_handle h1;
+ TALLOC_CTX *mem_ctx = talloc_new(tctx);
+ const char *fname = BASEDIR "\\file";
+ const char *sname = BASEDIR "\\file:foo";
+
+ torture_assert_goto(tctx, mem_ctx != NULL, ret, done,
+ "talloc_new failed\n");
+
+ torture_comment(tctx, "Test setting EOF on a stream\n");
+
+ smb2_deltree(tree, BASEDIR);
+ status = torture_smb2_testdir(tree, BASEDIR, &h1);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "torture_smb2_testdir\n");
+ smb2_util_close(tree, h1);
+
+ status = torture_smb2_testfile(tree, fname, &h1);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "torture_smb2_testfile failed\n");
+ smb2_util_close(tree, h1);
+
+ status = torture_smb2_testfile_access(tree, sname, &h1,
+ SEC_FILE_WRITE_DATA);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "torture_smb2_testfile failed\n");
+
+ status = smb2_util_write(tree, h1, "1234567890", 0, 10);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "smb2_util_write failed\n");
+ smb2_util_close(tree, h1);
+
+ /*
+ * Test setting EOF to 21
+ */
+
+ torture_comment(tctx, "Setting stream EOF to 21\n");
+
+ status = torture_smb2_testfile_access(tree, sname, &h1,
+ SEC_FILE_WRITE_DATA);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "torture_smb2_testfile failed\n");
+
+ ZERO_STRUCT(sfinfo);
+ sfinfo.generic.in.file.handle = h1;
+ sfinfo.generic.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
+ sfinfo.position_information.in.position = 21;
+ status = smb2_setinfo_file(tree, &sfinfo);
+ torture_assert_ntstatus_ok_goto(tctx, status,
+ ret, done, "set EOF 21 failed\n");
+
+ smb2_util_close(tree, h1);
+
+ status = torture_smb2_testfile_access(tree, sname, &h1,
+ SEC_FILE_WRITE_DATA);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "torture_smb2_testfile failed\n");
+
+ ZERO_STRUCT(finfo);
+ finfo.generic.level = RAW_FILEINFO_STANDARD_INFORMATION;
+ finfo.generic.in.file.handle = h1;
+ status = smb2_getinfo_file(tree, mem_ctx, &finfo);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "smb2_getinfo_file failed");
+
+ smb2_util_close(tree, h1);
+
+ torture_assert_goto(tctx, finfo.standard_info.out.size == 21,
+ ret, done, "size != 21\n");
+
+ /*
+ * Test setting EOF to 0
+ */
+
+ torture_comment(tctx, "Setting stream EOF to 0\n");
+
+ status = torture_smb2_testfile_access(tree, sname, &h1,
+ SEC_FILE_WRITE_DATA);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "torture_smb2_testfile failed\n");
+
+ ZERO_STRUCT(sfinfo);
+ sfinfo.generic.in.file.handle = h1;
+ sfinfo.generic.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
+ sfinfo.position_information.in.position = 0;
+ status = smb2_setinfo_file(tree, &sfinfo);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "set eof 0 failed\n");
+
+ smb2_util_close(tree, h1);
+
+ status = torture_smb2_testfile_access(tree, sname, &h1,
+ SEC_FILE_WRITE_DATA);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "torture_smb2_testfile failed\n");
+
+ ZERO_STRUCT(finfo);
+ finfo.generic.level = RAW_FILEINFO_STANDARD_INFORMATION;
+ finfo.generic.in.file.handle = h1;
+ status = smb2_getinfo_file(tree, mem_ctx, &finfo);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "smb2_getinfo_file failed\n");
+
+ smb2_util_close(tree, h1);
+
+ torture_assert_goto(tctx, finfo.standard_info.out.size == 0,
+ ret, done, "size != 0\n");
+
+ /*
+ * Test setinfo end-of-file info to 1
+ */
+
+ torture_comment(tctx, "Setting stream EOF to 1\n");
+
+ status = torture_smb2_testfile_access(tree, sname, &h1,
+ SEC_FILE_WRITE_DATA);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "torture_smb2_testfile failed\n");
+
+ ZERO_STRUCT(sfinfo);
+ sfinfo.generic.in.file.handle = h1;
+ sfinfo.generic.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
+ sfinfo.position_information.in.position = 1;
+ status = smb2_setinfo_file(tree, &sfinfo);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "set EOF 1 failed\n");
+
+ smb2_util_close(tree, h1);
+
+ status = torture_smb2_testfile_access(tree, sname, &h1,
+ SEC_FILE_WRITE_DATA);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "torture_smb2_testfile failed\n");
+
+ ZERO_STRUCT(finfo);
+ finfo.generic.level = RAW_FILEINFO_STANDARD_INFORMATION;
+ finfo.generic.in.file.handle = h1;
+ status = smb2_getinfo_file(tree, mem_ctx, &finfo);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "smb2_getinfo_file failed\n");
+
+ smb2_util_close(tree, h1);
+
+ torture_assert_goto(tctx, finfo.standard_info.out.size == 1,
+ ret, done, "size != 1\n");
+
+ /*
+ * Test setting EOF to 0 with AAPL enabled, should delete stream
+ */
+
+ torture_comment(tctx, "Enabling AAPL extensions\n");
+
+ ret = enable_aapl(tctx, tree);
+ torture_assert(tctx, ret == true, "enable_aapl failed\n");
+
+ torture_comment(tctx, "Setting stream EOF to 0\n");
+ status = torture_smb2_testfile_access(tree, sname, &h1,
+ SEC_FILE_WRITE_DATA);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "torture_smb2_testfile failed\n");
+
+ ZERO_STRUCT(sfinfo);
+ sfinfo.generic.in.file.handle = h1;
+ sfinfo.generic.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
+ sfinfo.position_information.in.position = 0;
+ status = smb2_setinfo_file(tree, &sfinfo);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "set eof 0 failed\n");
+
+ smb2_util_close(tree, h1);
+
+ ZERO_STRUCT(create);
+ create.in.desired_access = SEC_FILE_READ_ATTRIBUTE;
+ create.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+ create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+ create.in.create_disposition = NTCREATEX_DISP_OPEN;
+ create.in.fname = sname;
+
+ status = smb2_create(tree, tctx, &create);
+ torture_assert_ntstatus_equal_goto(
+ tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND, ret, done,
+ "Unexpected status\n");
+
+done:
+ smb2_util_unlink(tree, fname);
+ smb2_util_rmdir(tree, BASEDIR);
+ return ret;
+}
+
/*
* Note: This test depends on "vfs objects = catia fruit streams_xattr". For
* some tests torture must be run on the host it tests and takes an additional
@@ -4610,6 +4806,7 @@ struct torture_suite *torture_vfs_fruit(TALLOC_CTX *ctx)
torture_suite_add_1smb2_test(suite, "create delete-on-close AFP_AfpResource", test_create_delete_on_close_resource);
torture_suite_add_1smb2_test(suite, "setinfo delete-on-close AFP_AfpResource", test_setinfo_delete_on_close_resource);
torture_suite_add_1smb2_test(suite, "setinfo eof AFP_AfpResource", test_setinfo_eof_resource);
+ torture_suite_add_1smb2_test(suite, "setinfo eof stream", test_setinfo_stream_eof);
torture_suite_add_1smb2_test(suite, "null afpinfo", test_null_afpinfo);
torture_suite_add_1smb2_test(suite, "delete", test_delete_file_with_rfork);
torture_suite_add_1smb2_test(suite, "read open rsrc after rename", test_rename_and_read_rsrc);
--
2.13.6
From d85666f4c4062af68606790df2c5e1fdba135906 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Thu, 17 May 2018 16:48:09 +0200
Subject: [PATCH 3/3] vfs_fruit: delete 0 byte size streams if AAPL is enabled
macOS SMB server uses xattrs as storage backend for streams, directly
exposing xattr get/set characteristics. Setting EOF on a stream to 0
just deletes the xattr as macOS doesn't support 0-byte sized xattrs.
Note that this does not apply to the AFP_AfpInfo and AFP_Resource
streams, they have even stranger semantics and we have other tests
for those.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13441
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May 30 02:34:29 CEST 2018 on sn-devel-144
(cherry picked from commit 46d127865f3fb14041797d395db3b3234ed3bd6c)
---
selftest/knownfail.d/samba3.vfs.fruit | 3 ---
source3/modules/vfs_fruit.c | 3 +++
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/selftest/knownfail.d/samba3.vfs.fruit b/selftest/knownfail.d/samba3.vfs.fruit
index 5931c471086..8df25bccb79 100644
--- a/selftest/knownfail.d/samba3.vfs.fruit
+++ b/selftest/knownfail.d/samba3.vfs.fruit
@@ -1,4 +1 @@
^samba3.vfs.fruit streams_depot.OS X AppleDouble file conversion\(nt4_dc\)
-^samba3.vfs.fruit metadata_netatalk.setinfo eof stream\(nt4_dc\)
-^samba3.vfs.fruit metadata_stream.setinfo eof stream\(nt4_dc\)
-^samba3.vfs.fruit streams_depot.setinfo eof stream\(nt4_dc\)
diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
index 1a05d0bae34..013dec0186a 100644
--- a/source3/modules/vfs_fruit.c
+++ b/source3/modules/vfs_fruit.c
@@ -5537,6 +5537,9 @@ static int fruit_ftruncate(struct vfs_handle_struct *handle,
(intmax_t)offset);
if (fio == NULL) {
+ if (offset == 0 && global_fruit_config.nego_aapl) {
+ return SMB_VFS_NEXT_UNLINK(handle, fsp->fsp_name);
+ }
return SMB_VFS_NEXT_FTRUNCATE(handle, fsp, offset);
}
--
2.13.6

461
net/samba48/files/0001-bug-13451.patch Normal file
View File

@ -0,0 +1,461 @@
From 7bf82ece36c384784b1ba672667c5461fd0d7c29 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Sat, 26 May 2018 16:30:47 +0200
Subject: [PATCH 1/6] selftest: run smb2.streams tests against a share with
vfs_streams_xattr
The tests are currently only run against streams_depot, where stream IO
is handle based, compared to streams_xattr which is path
based. vfs_streams_xattr is also used much more in real world setups, so
we should run our tests against it.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13451
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit aa096ab70a466388a9947f73a525b2dcbb9821e5)
---
selftest/knownfail | 3 +++
source3/selftest/tests.py | 4 ++++
2 files changed, 7 insertions(+)
diff --git a/selftest/knownfail b/selftest/knownfail
index eaddaece25c..ba16fd72290 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -177,6 +177,9 @@
^samba3.smb2.streams.rename
^samba3.smb2.streams.rename2
^samba3.smb2.streams.attributes
+^samba3.smb2.streams streams_xattr.rename\(nt4_dc\)
+^samba3.smb2.streams streams_xattr.rename2\(nt4_dc\)
+^samba3.smb2.streams streams_xattr.attributes\(nt4_dc\)
^samba3.smb2.getinfo.complex
^samba3.smb2.getinfo.fsinfo # quotas don't work yet
^samba3.smb2.setinfo.setinfo
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index f43d2b14d3a..9092c1776c8 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -559,6 +559,10 @@ tests= base + raw + smb2 + rpc + unix + local + rap + nbt + libsmbclient + idmap
elif t == "rpc.samba3.netlogon" or t == "rpc.samba3.sessionkey":
plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD --option=torture:wksname=samba3rpctest')
plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD --option=torture:wksname=samba3rpctest')
+ elif t == "smb2.streams":
+ plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD')
+ plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD')
+ plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/streams_xattr -U$USERNAME%$PASSWORD', 'streams_xattr')
else:
plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD')
plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD')
--
2.13.6
From 495303b80c7cc87a5b2c6a8b6c6d545db7b48d8b Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Sat, 26 May 2018 16:07:14 +0200
Subject: [PATCH 2/6] s4:torture/smb2/streams: try to rename basefile while is
has open streams
This tests the following:
- create a file with a stream
- open the the stream and keep it open
- on a second connection, try to rename the basefile, this should fail
with NT_STATUS_ACCESS_DENIED
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13451
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 00d19bdab15102083b8ba395ede161824c898be1)
---
selftest/knownfail.d/samba3.smb2.streams | 2 +
source4/torture/smb2/streams.c | 82 ++++++++++++++++++++++++++++++++
2 files changed, 84 insertions(+)
create mode 100644 selftest/knownfail.d/samba3.smb2.streams
diff --git a/selftest/knownfail.d/samba3.smb2.streams b/selftest/knownfail.d/samba3.smb2.streams
new file mode 100644
index 00000000000..26d40a67bda
--- /dev/null
+++ b/selftest/knownfail.d/samba3.smb2.streams
@@ -0,0 +1,2 @@
+samba3.smb2.streams.basefile-rename-with-open-stream\(.*\)
+samba3.smb2.streams streams_xattr.basefile-rename-with-open-stream\(nt4_dc\)
diff --git a/source4/torture/smb2/streams.c b/source4/torture/smb2/streams.c
index d302bf923c9..b39d96d4924 100644
--- a/source4/torture/smb2/streams.c
+++ b/source4/torture/smb2/streams.c
@@ -1830,6 +1830,86 @@ static bool test_stream_attributes(struct torture_context *tctx,
return ret;
}
+static bool test_basefile_rename_with_open_stream(struct torture_context *tctx,
+ struct smb2_tree *tree)
+{
+ bool ret = true;
+ NTSTATUS status;
+ struct smb2_tree *tree2 = NULL;
+ struct smb2_create create, create2;
+ struct smb2_handle h1 = {{0}}, h2 = {{0}};
+ const char *fname = "test_rename_openfile";
+ const char *sname = "test_rename_openfile:foo";
+ const char *fname_renamed = "test_rename_openfile_renamed";
+ union smb_setfileinfo sinfo;
+ const char *data = "test data";
+
+ ret = torture_smb2_connection(tctx, &tree2);
+ torture_assert_goto(tctx, ret == true, ret, done,
+ "torture_smb2_connection failed\n");
+
+ torture_comment(tctx, "Creating file with stream\n");
+
+ ZERO_STRUCT(create);
+ create.in.desired_access = SEC_FILE_ALL;
+ create.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+ create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+ create.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+ create.in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION;
+ create.in.fname = sname;
+
+ status = smb2_create(tree, tctx, &create);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "smb2_create failed\n");
+
+ h1 = create.out.file.handle;
+
+ torture_comment(tctx, "Writing to stream\n");
+
+ status = smb2_util_write(tree, h1, data, 0, strlen(data));
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "smb2_util_write failed\n");
+
+ torture_comment(tctx, "Renaming base file\n");
+
+ ZERO_STRUCT(create2);
+ create2.in.desired_access = SEC_FILE_ALL;
+ create2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+ create2.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+ create2.in.create_disposition = NTCREATEX_DISP_OPEN;
+ create2.in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION;
+ create2.in.fname = fname;
+
+ status = smb2_create(tree2, tctx, &create2);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "smb2_create failed\n");
+
+ h2 = create2.out.file.handle;
+
+ ZERO_STRUCT(sinfo);
+ sinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+ sinfo.rename_information.in.file.handle = h2;
+ sinfo.rename_information.in.new_name = fname_renamed;
+
+ status = smb2_setinfo_file(tree2, &sinfo);
+ torture_assert_ntstatus_equal_goto(
+ tctx, status, NT_STATUS_ACCESS_DENIED, ret, done,
+ "smb2_setinfo_file didn't return NT_STATUS_ACCESS_DENIED\n");
+
+ smb2_util_close(tree2, h2);
+
+done:
+ if (!smb2_util_handle_empty(h1)) {
+ smb2_util_close(tree, h1);
+ }
+ if (!smb2_util_handle_empty(h2)) {
+ smb2_util_close(tree2, h2);
+ }
+ smb2_util_unlink(tree, fname);
+ smb2_util_unlink(tree, fname_renamed);
+
+ return ret;
+}
/*
basic testing of streams calls SMB2
@@ -1850,6 +1930,8 @@ struct torture_suite *torture_smb2_streams_init(TALLOC_CTX *ctx)
torture_suite_add_1smb2_test(suite, "attributes", test_stream_attributes);
torture_suite_add_1smb2_test(suite, "delete", test_stream_delete);
torture_suite_add_1smb2_test(suite, "zero-byte", test_zero_byte_stream);
+ torture_suite_add_1smb2_test(suite, "basefile-rename-with-open-stream",
+ test_basefile_rename_with_open_stream);
suite->description = talloc_strdup(suite, "SMB2-STREAM tests");
--
2.13.6
From fbdb42c19526ff2ddeab378f384526156da161b0 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Sat, 26 May 2018 18:33:00 +0200
Subject: [PATCH 3/6] s4:torture/vfs/fruit: adjust test testing basefile rename
to expect failure
Renaming a basefile that has open streams must fail with
NT_STATUS_ACCESS_DENIED.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13451
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit f166207fc0344b51879d863857055ab7ff36a09b)
---
selftest/knownfail.d/samba3.vfs.fruit | 3 +++
source4/torture/vfs/fruit.c | 25 ++++---------------------
2 files changed, 7 insertions(+), 21 deletions(-)
diff --git a/selftest/knownfail.d/samba3.vfs.fruit b/selftest/knownfail.d/samba3.vfs.fruit
index 8df25bccb79..bf97dbc5822 100644
--- a/selftest/knownfail.d/samba3.vfs.fruit
+++ b/selftest/knownfail.d/samba3.vfs.fruit
@@ -1 +1,4 @@
^samba3.vfs.fruit streams_depot.OS X AppleDouble file conversion\(nt4_dc\)
+^samba3.vfs.fruit metadata_netatalk.read open rsrc after rename\(nt4_dc\)
+^samba3.vfs.fruit metadata_stream.read open rsrc after rename\(nt4_dc\)
+^samba3.vfs.fruit streams_depot.read open rsrc after rename\(nt4_dc\)
diff --git a/source4/torture/vfs/fruit.c b/source4/torture/vfs/fruit.c
index 65109cc1934..4564047e0fb 100644
--- a/source4/torture/vfs/fruit.c
+++ b/source4/torture/vfs/fruit.c
@@ -3897,7 +3897,6 @@ static bool test_rename_and_read_rsrc(struct torture_context *tctx,
const char *fname_renamed = "test_rename_openfile_renamed";
const char *data = "1234567890";
union smb_setfileinfo sinfo;
- struct smb2_read r;
ret = enable_aapl(tctx, tree);
torture_assert_goto(tctx, ret == true, ret, done, "enable_aapl failed");
@@ -3949,28 +3948,12 @@ static bool test_rename_and_read_rsrc(struct torture_context *tctx,
sinfo.rename_information.in.new_name = fname_renamed;
status = smb2_setinfo_file(tree, &sinfo);
- torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_setinfo_file failed");
-
- smb2_util_close(tree, h2);
-
- ZERO_STRUCT(r);
- r.in.file.handle = h1;
- r.in.length = 10;
- r.in.offset = 0;
-
- torture_comment(tctx, "Read resource fork of renamed file\n");
-
- status = smb2_read(tree, tree, &r);
- torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_read failed");
+ torture_assert_ntstatus_equal_goto(
+ tctx, status, NT_STATUS_ACCESS_DENIED, ret, done,
+ "smb2_setinfo_file failed");
smb2_util_close(tree, h1);
-
- torture_assert_goto(tctx, r.out.data.length == 10, ret, done,
- talloc_asprintf(tctx, "smb2_read returned %jd bytes, expected 10\n",
- (intmax_t)r.out.data.length));
-
- torture_assert_goto(tctx, memcmp(r.out.data.data, data, 10) == 0, ret, done,
- talloc_asprintf(tctx, "Bad data in stream\n"));
+ smb2_util_close(tree, h2);
done:
smb2_util_unlink(tree, fname);
--
2.13.6
From 33e52b7e4e7d54b3488a54e2620f5e07b3042b9c Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Sun, 27 May 2018 13:01:50 +0200
Subject: [PATCH 4/6] s3:smbd: add private option
NTCREATEX_OPTIONS_PRIVATE_STREAM_BASEOPEN
This will be used to mark basefile opens of streams opens. This is
needed to later implement a function that can determine if a file has
stream opens.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13451
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 37e7ff05ab9443c0330e68f5c701ffecedf2d738)
---
source3/include/smb.h | 3 +++
source3/smbd/open.c | 7 ++++++-
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 3316f09d94f..5e83ee90afe 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -419,6 +419,9 @@ Offset Data length.
/* Private options for printer support */
#define NTCREATEX_OPTIONS_PRIVATE_DELETE_ON_CLOSE 0x0008
+/* Private option for streams support */
+#define NTCREATEX_OPTIONS_PRIVATE_STREAM_BASEOPEN 0x0010
+
/* Flag for NT transact rename call. */
#define RENAME_REPLACE_IF_EXISTS 1
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 3708bdd10fa..8a9288dbdb4 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -5091,6 +5091,7 @@ static NTSTATUS create_file_unixpath(connection_struct *conn,
&& (!(private_flags & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) {
uint32_t base_create_disposition;
struct smb_filename *smb_fname_base = NULL;
+ uint32_t base_privflags;
if (create_options & FILE_DIRECTORY_FILE) {
status = NT_STATUS_NOT_A_DIRECTORY;
@@ -5141,13 +5142,17 @@ static NTSTATUS create_file_unixpath(connection_struct *conn,
}
}
+ base_privflags = NTCREATEX_OPTIONS_PRIVATE_STREAM_BASEOPEN;
+
/* Open the base file. */
status = create_file_unixpath(conn, NULL, smb_fname_base, 0,
FILE_SHARE_READ
| FILE_SHARE_WRITE
| FILE_SHARE_DELETE,
base_create_disposition,
- 0, 0, 0, NULL, 0, 0, NULL, NULL,
+ 0, 0, 0, NULL, 0,
+ base_privflags,
+ NULL, NULL,
&base_fsp, NULL);
TALLOC_FREE(smb_fname_base);
--
2.13.6
From f2f02d9b9f2d6c38b2813757ee942b8910985839 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Sun, 27 May 2018 13:03:25 +0200
Subject: [PATCH 5/6] s3:locking: add file_has_open_streams()
This can be used to check if a file opened by fsp also has stream opens.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13451
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit dd8cf54c79fe8536e34cde15801d60931cd47b8b)
---
source3/locking/locking.c | 31 +++++++++++++++++++++++++++++++
source3/locking/proto.h | 1 +
2 files changed, 32 insertions(+)
diff --git a/source3/locking/locking.c b/source3/locking/locking.c
index 4e9f1bbc681..f71cd176029 100644
--- a/source3/locking/locking.c
+++ b/source3/locking/locking.c
@@ -1318,3 +1318,34 @@ struct timespec get_share_mode_write_time(struct share_mode_lock *lck)
}
return d->old_write_time;
}
+
+bool file_has_open_streams(files_struct *fsp)
+{
+ struct share_mode_lock *lock = NULL;
+ struct share_mode_data *d = NULL;
+ uint32_t i;
+
+ lock = get_existing_share_mode_lock(talloc_tos(), fsp->file_id);
+ if (lock == NULL) {
+ return false;
+ }
+ d = lock->data;
+
+ for (i = 0; i < d->num_share_modes; i++) {
+ struct share_mode_entry *e = &d->share_modes[i];
+
+ if (share_mode_stale_pid(d, i)) {
+ continue;
+ }
+
+ if (e->private_options &
+ NTCREATEX_OPTIONS_PRIVATE_STREAM_BASEOPEN)
+ {
+ TALLOC_FREE(lock);
+ return true;
+ }
+ }
+
+ TALLOC_FREE(lock);
+ return false;
+}
diff --git a/source3/locking/proto.h b/source3/locking/proto.h
index 33184e0fa0a..4cd38091f3c 100644
--- a/source3/locking/proto.h
+++ b/source3/locking/proto.h
@@ -205,6 +205,7 @@ bool is_delete_on_close_set(struct share_mode_lock *lck, uint32_t name_hash);
bool set_sticky_write_time(struct file_id fileid, struct timespec write_time);
bool set_write_time(struct file_id fileid, struct timespec write_time);
struct timespec get_share_mode_write_time(struct share_mode_lock *lck);
+bool file_has_open_streams(files_struct *fsp);
int share_mode_forall(int (*fn)(struct file_id fid,
const struct share_mode_data *data,
void *private_data),
--
2.13.6
From 809c3b9f13d5d22847a94fcfdec27b022fdb099d Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Sat, 26 May 2018 18:32:21 +0200
Subject: [PATCH 6/6] s3:smbd: don't allow renaming basefile if streams are
open
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13451
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 465b7d07e5db787c3d6330371e5e42ecbb1b57b9)
---
selftest/knownfail.d/samba3.smb2.streams | 2 --
selftest/knownfail.d/samba3.vfs.fruit | 3 ---
source3/smbd/reply.c | 4 ++++
3 files changed, 4 insertions(+), 5 deletions(-)
delete mode 100644 selftest/knownfail.d/samba3.smb2.streams
diff --git a/selftest/knownfail.d/samba3.smb2.streams b/selftest/knownfail.d/samba3.smb2.streams
deleted file mode 100644
index 26d40a67bda..00000000000
--- a/selftest/knownfail.d/samba3.smb2.streams
+++ /dev/null
@@ -1,2 +0,0 @@
-samba3.smb2.streams.basefile-rename-with-open-stream\(.*\)
-samba3.smb2.streams streams_xattr.basefile-rename-with-open-stream\(nt4_dc\)
diff --git a/selftest/knownfail.d/samba3.vfs.fruit b/selftest/knownfail.d/samba3.vfs.fruit
index bf97dbc5822..8df25bccb79 100644
--- a/selftest/knownfail.d/samba3.vfs.fruit
+++ b/selftest/knownfail.d/samba3.vfs.fruit
@@ -1,4 +1 @@
^samba3.vfs.fruit streams_depot.OS X AppleDouble file conversion\(nt4_dc\)
-^samba3.vfs.fruit metadata_netatalk.read open rsrc after rename\(nt4_dc\)
-^samba3.vfs.fruit metadata_stream.read open rsrc after rename\(nt4_dc\)
-^samba3.vfs.fruit streams_depot.read open rsrc after rename\(nt4_dc\)
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 623f83b1250..2b5bb8f1ed6 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -6642,6 +6642,10 @@ NTSTATUS rename_internals_fsp(connection_struct *conn,
return status;
}
+ if (file_has_open_streams(fsp)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
/* Make a copy of the dst smb_fname structs */
smb_fname_dst = cp_smb_filename(ctx, smb_fname_dst_in);
--
2.13.6

539
net/samba48/files/0001-bug-13537.patch Normal file
View File

@ -0,0 +1,539 @@
From f0ed4f0930673ee044f187085e8972b8be104ebd Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 18 Jul 2018 13:32:49 -0700
Subject: [PATCH 1/5] s3: smbd: Fix Linux sendfile() for SMB2. Ensure we don't
spin on EAGAIN.
For SMB2 the socket is set non-blocking. Ensure sendfile()
calls complete by saving the socket state, setting it blocking,
doing the sendfile until completion and then restoring the socket
state.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13537
Signed-off-by: Jeremy Allison <jra@samba.org>
---
source3/lib/sendfile.c | 54 ++++++++++++++++++++++++++++++++++++------
1 file changed, 47 insertions(+), 7 deletions(-)
diff --git a/source3/lib/sendfile.c b/source3/lib/sendfile.c
index 3d457bd6f13..a578a66e7de 100644
--- a/source3/lib/sendfile.c
+++ b/source3/lib/sendfile.c
@@ -24,6 +24,7 @@
*/
#include "includes.h"
+#include "system/filesys.h"
#if defined(LINUX_SENDFILE_API)
@@ -36,8 +37,23 @@
ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset, size_t count)
{
size_t total=0;
- ssize_t ret;
+ ssize_t ret = -1;
size_t hdr_len = 0;
+ int saved_errno = 0;
+ int old_flags = 0;
+
+ /*
+ * Sendfile must complete before we can
+ * send any other outgoing data on the socket.
+ * Ensure socket is in blocking mode.
+ * For SMB2 by default the socket is in non-blocking
+ * mode.
+ */
+ old_flags = fcntl(tofd, F_GETFL, 0);
+ ret = set_blocking(tofd, true);
+ if (ret == -1) {
+ goto out;
+ }
/*
* Send the header first.
@@ -48,8 +64,9 @@ ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset
hdr_len = header->length;
while (total < hdr_len) {
ret = sys_send(tofd, header->data + total,hdr_len - total, MSG_MORE);
- if (ret == -1)
- return -1;
+ if (ret == -1) {
+ goto out;
+ }
total += ret;
}
}
@@ -59,7 +76,7 @@ ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset
ssize_t nwritten;
do {
nwritten = sendfile(tofd, fromfd, &offset, total);
- } while (nwritten == -1 && (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK));
+ } while (nwritten == -1 && errno == EINTR);
if (nwritten == -1) {
if (errno == ENOSYS || errno == EINVAL) {
/* Ok - we're in a world of pain here. We just sent
@@ -72,17 +89,40 @@ ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset
*/
errno = EINTR; /* Normally we can never return this. */
}
- return -1;
+ ret = -1;
+ goto out;
}
if (nwritten == 0) {
/*
* EOF, return a short read
*/
- return hdr_len + (count - total);
+ ret = hdr_len + (count - total);
+ goto out;
}
total -= nwritten;
}
- return count + hdr_len;
+
+ ret = count + hdr_len;
+
+ out:
+
+ if (ret == -1) {
+ saved_errno = errno;
+ }
+
+ {
+ /* Restore the blocking state of the socket. */
+ int err = fcntl(tofd, F_SETFL, old_flags);
+ if (err == -1) {
+ return -1;
+ }
+ }
+
+ if (ret == -1) {
+ errno = saved_errno;
+ }
+
+ return ret;
}
#elif defined(SOLARIS_SENDFILE_API)
--
2.18.0.203.gfac676dfb9-goog
From abc681420b88a2d795adc44808c7e52eb2775cf6 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 18 Jul 2018 15:29:37 -0700
Subject: [PATCH 2/5] s3: smbd: Fix Solaris sendfile() for SMB2. Ensure we
don't spin on EAGAIN.
For SMB2 the socket is set non-blocking. Ensure sendfile()
calls complete by saving the socket state, setting it blocking,
doing the sendfile until completion and then restoring the socket
state.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13537
Signed-off-by: Jeremy Allison <jra@samba.org>
---
source3/lib/sendfile.c | 52 +++++++++++++++++++++++++++++++++++++-----
1 file changed, 46 insertions(+), 6 deletions(-)
diff --git a/source3/lib/sendfile.c b/source3/lib/sendfile.c
index a578a66e7de..6c323213830 100644
--- a/source3/lib/sendfile.c
+++ b/source3/lib/sendfile.c
@@ -139,6 +139,9 @@ ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset
size_t total, xferred;
struct sendfilevec vec[2];
ssize_t hdr_len = 0;
+ int saved_errno = 0;
+ int old_flags = 0;
+ ssize_t ret = -1;
if (header) {
sfvcnt = 2;
@@ -164,6 +167,19 @@ ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset
total = count + hdr_len;
+ /*
+ * Sendfile must complete before we can
+ * send any other outgoing data on the socket.
+ * Ensure socket is in blocking mode.
+ * For SMB2 by default the socket is in non-blocking
+ * mode.
+ */
+ old_flags = fcntl(tofd, F_GETFL, 0);
+ ret = set_blocking(tofd, true);
+ if (ret == -1) {
+ goto out;
+ }
+
while (total) {
ssize_t nwritten;
@@ -175,17 +191,21 @@ ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset
xferred = 0;
nwritten = sendfilev(tofd, vec, sfvcnt, &xferred);
- if (nwritten == -1 && (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK)) {
+ if (nwritten == -1 && errno == EINTR) {
if (xferred == 0)
continue; /* Nothing written yet. */
else
nwritten = xferred;
}
- if (nwritten == -1)
- return -1;
- if (nwritten == 0)
- return -1; /* I think we're at EOF here... */
+ if (nwritten == -1) {
+ ret = -1;
+ goto out;
+ }
+ if (nwritten == 0) {
+ ret = -1;
+ goto out; /* I think we're at EOF here... */
+ }
/*
* If this was a short (signal interrupted) write we may need
@@ -207,7 +227,27 @@ ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset
}
total -= nwritten;
}
- return count + hdr_len;
+ ret = count + hdr_len;
+
+ out:
+
+ if (ret == -1) {
+ saved_errno = errno;
+ }
+
+ {
+ /* Restore the blocking state of the socket. */
+ int err = fcntl(tofd, F_SETFL, old_flags);
+ if (err == -1) {
+ return -1;
+ }
+ }
+
+ if (ret == -1) {
+ errno = saved_errno;
+ }
+
+ return ret;
}
#elif defined(HPUX_SENDFILE_API)
--
2.18.0.203.gfac676dfb9-goog
From 0068f7d136da89d96d50dced5eda8738c28e2938 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 18 Jul 2018 15:36:47 -0700
Subject: [PATCH 3/5] s3: smbd: Fix HPUX sendfile() for SMB2. Ensure we don't
spin on EAGAIN.
For SMB2 the socket is set non-blocking. Ensure sendfile()
calls complete by saving the socket state, setting it blocking,
doing the sendfile until completion and then restoring the socket
state.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13537
Signed-off-by: Jeremy Allison <jra@samba.org>
---
source3/lib/sendfile.c | 53 +++++++++++++++++++++++++++++++++++++-----
1 file changed, 47 insertions(+), 6 deletions(-)
diff --git a/source3/lib/sendfile.c b/source3/lib/sendfile.c
index 6c323213830..63f50d1946f 100644
--- a/source3/lib/sendfile.c
+++ b/source3/lib/sendfile.c
@@ -260,6 +260,9 @@ ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset
size_t total=0;
struct iovec hdtrl[2];
size_t hdr_len = 0;
+ int saved_errno = 0;
+ int old_flags = 0;
+ ssize_t ret = -1;
if (header) {
/* Set up the header/trailer iovec. */
@@ -273,6 +276,20 @@ ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset
hdtrl[1].iov_len = 0;
total = count;
+
+ /*
+ * Sendfile must complete before we can
+ * send any other outgoing data on the socket.
+ * Ensure socket is in blocking mode.
+ * For SMB2 by default the socket is in non-blocking
+ * mode.
+ */
+ old_flags = fcntl(tofd, F_GETFL, 0);
+ ret = set_blocking(tofd, true);
+ if (ret == -1) {
+ goto out;
+ }
+
while (total + hdtrl[0].iov_len) {
ssize_t nwritten;
@@ -285,11 +302,15 @@ ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset
do {
nwritten = sendfile(tofd, fromfd, offset, total, &hdtrl[0], 0);
- } while (nwritten == -1 && (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK));
- if (nwritten == -1)
- return -1;
- if (nwritten == 0)
- return -1; /* I think we're at EOF here... */
+ } while (nwritten == -1 && errno == EINTR);
+ if (nwritten == -1) {
+ ret = -1;
+ goto out;
+ }
+ if (nwritten == 0) {
+ ret = -1; /* I think we're at EOF here... */
+ goto out;
+ }
/*
* If this was a short (signal interrupted) write we may need
@@ -313,7 +334,27 @@ ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset
total -= nwritten;
offset += nwritten;
}
- return count + hdr_len;
+ ret = count + hdr_len;
+
+ out:
+
+ if (ret == -1) {
+ saved_errno = errno;
+ }
+
+ {
+ /* Restore the blocking state of the socket. */
+ int err = fcntl(tofd, F_SETFL, old_flags);
+ if (err == -1) {
+ return -1;
+ }
+ }
+
+ if (ret == -1) {
+ errno = saved_errno;
+ }
+
+ return ret;
}
#elif defined(FREEBSD_SENDFILE_API) || defined(DARWIN_SENDFILE_API)
--
2.18.0.203.gfac676dfb9-goog
From 8df7360c2198098a2cb757910974110e33e4d4cf Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 18 Jul 2018 15:44:34 -0700
Subject: [PATCH 4/5] s3: smbd: Fix FreeBSD sendfile() for SMB2. Ensure we
don't spin on EAGAIN.
For SMB2 the socket is set non-blocking. Ensure sendfile()
calls complete by saving the socket state, setting it blocking,
doing the sendfile until completion and then restoring the socket
state.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13537
Signed-off-by: Jeremy Allison <jra@samba.org>
---
source3/lib/sendfile.c | 44 ++++++++++++++++++++++++++++++++++++++----
1 file changed, 40 insertions(+), 4 deletions(-)
diff --git a/source3/lib/sendfile.c b/source3/lib/sendfile.c
index 63f50d1946f..575428deb15 100644
--- a/source3/lib/sendfile.c
+++ b/source3/lib/sendfile.c
@@ -368,9 +368,11 @@ ssize_t sys_sendfile(int tofd, int fromfd,
{
struct sf_hdtr sf_header = {0};
struct iovec io_header = {0};
+ int saved_errno = 0;
+ int old_flags = 0;
off_t nwritten;
- int ret;
+ ssize_t ret = -1;
if (header) {
sf_header.headers = &io_header;
@@ -381,6 +383,19 @@ ssize_t sys_sendfile(int tofd, int fromfd,
sf_header.trl_cnt = 0;
}
+ /*
+ * Sendfile must complete before we can
+ * send any other outgoing data on the socket.
+ * Ensure socket is in blocking mode.
+ * For SMB2 by default the socket is in non-blocking
+ * mode.
+ */
+ old_flags = fcntl(tofd, F_GETFL, 0);
+ ret = set_blocking(tofd, true);
+ if (ret == -1) {
+ goto out;
+ }
+
while (count != 0) {
nwritten = count;
@@ -391,9 +406,10 @@ ssize_t sys_sendfile(int tofd, int fromfd,
#else
ret = sendfile(fromfd, tofd, offset, count, &sf_header, &nwritten, 0);
#endif
- if (ret == -1 && errno != EINTR && errno != EAGAIN && errno != EWOULDBLOCK) {
+ if (ret == -1 && errno != EINTR) {
/* Send failed, we are toast. */
- return -1;
+ ret = -1;
+ goto out;
}
if (nwritten == 0) {
@@ -420,7 +436,27 @@ ssize_t sys_sendfile(int tofd, int fromfd,
count -= nwritten;
}
- return nwritten;
+ ret = nwritten;
+
+ out:
+
+ if (ret == -1) {
+ saved_errno = errno;
+ }
+
+ {
+ /* Restore the blocking state of the socket. */
+ int err = fcntl(tofd, F_SETFL, old_flags);
+ if (err == -1) {
+ return -1;
+ }
+ }
+
+ if (ret == -1) {
+ errno = saved_errno;
+ }
+
+ return ret;
}
#elif defined(AIX_SENDFILE_API)
--
2.18.0.203.gfac676dfb9-goog
From 019c677b42184d5f45931bdb549b22aad25ee2e9 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 18 Jul 2018 15:49:29 -0700
Subject: [PATCH 5/5] s3: smbd: Fix AIX sendfile() for SMB2. Ensure we don't
spin on EAGAIN.
For SMB2 the socket is set non-blocking. Ensure sendfile()
calls complete by saving the socket state, setting it blocking,
doing the sendfile until completion and then restoring the socket
state.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13537
Signed-off-by: Jeremy Allison <jra@samba.org>
---
source3/lib/sendfile.c | 45 +++++++++++++++++++++++++++++++++++++-----
1 file changed, 40 insertions(+), 5 deletions(-)
diff --git a/source3/lib/sendfile.c b/source3/lib/sendfile.c
index 575428deb15..a28102b5bf9 100644
--- a/source3/lib/sendfile.c
+++ b/source3/lib/sendfile.c
@@ -469,6 +469,9 @@ ssize_t sys_sendfile(int tofd, int fromfd,
ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset, size_t count)
{
struct sf_parms hdtrl;
+ int saved_errno = 0;
+ int old_flags = 0;
+ ssize_t ret = -1;
/* Set up the header/trailer struct params. */
if (header) {
@@ -485,9 +488,20 @@ ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset
hdtrl.file_offset = offset;
hdtrl.file_bytes = count;
- while ( hdtrl.file_bytes + hdtrl.header_length ) {
- ssize_t ret;
+ /*
+ * Sendfile must complete before we can
+ * send any other outgoing data on the socket.
+ * Ensure socket is in blocking mode.
+ * For SMB2 by default the socket is in non-blocking
+ * mode.
+ */
+ old_flags = fcntl(tofd, F_GETFL, 0);
+ ret = set_blocking(tofd, true);
+ if (ret == -1) {
+ goto out;
+ }
+ while ( hdtrl.file_bytes + hdtrl.header_length ) {
/*
Return Value
@@ -505,12 +519,33 @@ ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset
*/
do {
ret = send_file(&tofd, &hdtrl, 0);
- } while ((ret == 1) || (ret == -1 && (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK)));
- if ( ret == -1 )
+ } while ((ret == 1) || (ret == -1 && errno == EINTR));
+ if ( ret == -1 ) {
+ goto out;
+ }
+ }
+
+ ret = count + header->length;
+
+ out:
+
+ if (ret == -1) {
+ saved_errno = errno;
+ }
+
+ {
+ /* Restore the blocking state of the socket. */
+ int err = fcntl(tofd, F_SETFL, old_flags);
+ if (err == -1) {
return -1;
+ }
}
- return count + header->length;
+ if (ret == -1) {
+ errno = saved_errno;
+ }
+
+ return ret;
}
/* END AIX SEND_FILE */
--
2.18.0.203.gfac676dfb9-goog

36
net/samba48/files/0001-bug-228462.patch
View File

@ -144,3 +144,39 @@ index 8714007cb8d..5f3dfb30beb 100644
--
2.16.3
From daa9930fc10459f0567931622e2ffbb636e365f0 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Sat, 19 May 2018 01:35:45 +0200
Subject: [PATCH] vfs_fruit: fixup broken AFP_Signatures
FreeBSD Bug: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228462
Signed-off-by: Ralph Boehme <slow@samba.org>
---
source3/modules/vfs_fruit.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
index d92049cc899..0594fd7a538 100644
--- a/source3/modules/vfs_fruit.c
+++ b/source3/modules/vfs_fruit.c
@@ -3935,10 +3935,16 @@ static ssize_t fruit_pread_meta_stream(vfs_handle_struct *handle,
{
ssize_t nread;
int ret;
+ char *p = (char *)data;
nread = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
if (nread == n) {
+ if (offset == 0 && nread > 3 && p[0] == 0 && p[1] == 'F' && p[2] == 'P') {
+ DBG_NOTICE("Fixing AFP_Info of [%s]\n",
+ fsp_str_dbg(fsp));
+ p[0] = 'A';
+ }
return nread;
}
--
2.17.0

308
net/samba48/files/0001-ctdb.patch Normal file
View File

@ -0,0 +1,308 @@
From 8304a62ea7847ba6934d44c1b5b7acef9667750d Mon Sep 17 00:00:00 2001
From: Martin Schwenke <martin@meltin.net>
Date: Fri, 8 Jun 2018 19:57:20 +1000
Subject: [PATCH 1/2] ctdb-common: New include file common/system_network.h
Contains declarations for functions that need ctdb_sock_addr.
Signed-off-by: Martin Schwenke <martin@meltin.net>
---
ctdb/common/system.h | 16 ------------
ctdb/common/system_aix.c | 1 +
ctdb/common/system_common.c | 2 +-
ctdb/common/system_freebsd.c | 1 +
ctdb/common/system_gnu.c | 1 +
ctdb/common/system_kfreebsd.c | 1 +
ctdb/common/system_linux.c | 1 +
ctdb/common/system_network.h | 46 ++++++++++++++++++++++++++++++++++
ctdb/server/ctdb_daemon.c | 1 +
ctdb/server/ctdb_recoverd.c | 2 +-
ctdb/server/ctdb_takeover.c | 1 +
ctdb/tests/src/porting_tests.c | 1 +
ctdb/tools/ctdb.c | 1 +
ctdb/tools/ctdb_killtcp.c | 2 +-
14 files changed, 58 insertions(+), 19 deletions(-)
create mode 100644 ctdb/common/system_network.h
diff --git a/ctdb/common/system.h b/ctdb/common/system.h
index e6f65b5e621..38ae67d2ab1 100644
--- a/ctdb/common/system.h
+++ b/ctdb/common/system.h
@@ -22,24 +22,8 @@
#include <talloc.h>
-/* From system_common.c */
-
-uint32_t uint16_checksum(uint16_t *data, size_t n);
-bool ctdb_sys_have_ip(ctdb_sock_addr *_addr);
-char *ctdb_sys_find_ifname(ctdb_sock_addr *addr);
-
/* From system_<os>.c */
-int ctdb_sys_send_arp(const ctdb_sock_addr *addr, const char *iface);
-int ctdb_sys_send_tcp(const ctdb_sock_addr *dest,
- const ctdb_sock_addr *src,
- uint32_t seq, uint32_t ack, int rst);
-int ctdb_sys_open_capture_socket(const char *iface, void **private_data);
-int ctdb_sys_close_capture_socket(void *private_data);
-int ctdb_sys_read_tcp_packet(int s, void *private_data,
- ctdb_sock_addr *src, ctdb_sock_addr *dst,
- uint32_t *ack_seq, uint32_t *seq,
- int *rst, uint16_t *window);
bool ctdb_sys_check_iface_exists(const char *iface);
int ctdb_get_peer_pid(const int fd, pid_t *peer_pid);
diff --git a/ctdb/common/system_aix.c b/ctdb/common/system_aix.c
index f0a0a62efc0..7be54c7a46b 100644
--- a/ctdb/common/system_aix.c
+++ b/ctdb/common/system_aix.c
@@ -38,6 +38,7 @@
#include "common/logging.h"
#include "common/system.h"
+#include "common/system_network.h"
#if 0
diff --git a/ctdb/common/system_common.c b/ctdb/common/system_common.c
index a80189cd6c8..2618bf88c7f 100644
--- a/ctdb/common/system_common.c
+++ b/ctdb/common/system_common.c
@@ -26,7 +26,7 @@
#include "protocol/protocol.h"
#include "common/logging.h"
-#include "common/system.h"
+#include "common/system_network.h"
/*
uint16 checksum for n bytes
diff --git a/ctdb/common/system_freebsd.c b/ctdb/common/system_freebsd.c
index b709a5c75c1..e5a6522c08f 100644
--- a/ctdb/common/system_freebsd.c
+++ b/ctdb/common/system_freebsd.c
@@ -41,6 +41,7 @@
#include "common/logging.h"
#include "common/system.h"
+#include "common/system_network.h"
#ifndef ETHERTYPE_IP6
#define ETHERTYPE_IP6 0x86dd
diff --git a/ctdb/common/system_gnu.c b/ctdb/common/system_gnu.c
index 38ccd13988b..683843a6b76 100644
--- a/ctdb/common/system_gnu.c
+++ b/ctdb/common/system_gnu.c
@@ -40,6 +40,7 @@
#include "common/logging.h"
#include "common/system.h"
+#include "common/system_network.h"
#ifndef ETHERTYPE_IP6
#define ETHERTYPE_IP6 0x86dd
diff --git a/ctdb/common/system_kfreebsd.c b/ctdb/common/system_kfreebsd.c
index d02f28659cb..cdf13572b2b 100644
--- a/ctdb/common/system_kfreebsd.c
+++ b/ctdb/common/system_kfreebsd.c
@@ -40,6 +40,7 @@
#include "common/logging.h"
#include "common/system.h"
+#include "common/system_network.h"
#ifndef ETHERTYPE_IP6
#define ETHERTYPE_IP6 0x86dd
diff --git a/ctdb/common/system_linux.c b/ctdb/common/system_linux.c
index fa77a45460f..beacbf34138 100644
--- a/ctdb/common/system_linux.c
+++ b/ctdb/common/system_linux.c
@@ -37,6 +37,7 @@
#include "common/logging.h"
#include "common/system.h"
+#include "common/system_network.h"
#ifndef ETHERTYPE_IP6
#define ETHERTYPE_IP6 0x86dd
diff --git a/ctdb/common/system_network.h b/ctdb/common/system_network.h
new file mode 100644
index 00000000000..b6761d29c76
--- /dev/null
+++ b/ctdb/common/system_network.h
@@ -0,0 +1,46 @@
+/*
+ System specific network code
+
+ Copyright (C) Amitay Isaacs 2015
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __CTDB_SYSTEM_NETWORK_H__
+#define __CTDB_SYSTEM_NETWORK_H__
+
+#include <talloc.h>
+
+#include "protocol/protocol.h"
+
+/* From system_common.c */
+
+uint32_t uint16_checksum(uint16_t *data, size_t n);
+bool ctdb_sys_have_ip(ctdb_sock_addr *_addr);
+char *ctdb_sys_find_ifname(ctdb_sock_addr *addr);
+
+/* From system_<os>.c */
+
+int ctdb_sys_send_arp(const ctdb_sock_addr *addr, const char *iface);
+int ctdb_sys_send_tcp(const ctdb_sock_addr *dest,
+ const ctdb_sock_addr *src,
+ uint32_t seq, uint32_t ack, int rst);
+int ctdb_sys_open_capture_socket(const char *iface, void **private_data);
+int ctdb_sys_close_capture_socket(void *private_data);
+int ctdb_sys_read_tcp_packet(int s, void *private_data,
+ ctdb_sock_addr *src, ctdb_sock_addr *dst,
+ uint32_t *ack_seq, uint32_t *seq,
+ int *rst, uint16_t *window);
+
+#endif /* __CTDB_SYSTEM_H__ */
diff --git a/ctdb/server/ctdb_daemon.c b/ctdb/server/ctdb_daemon.c
index 35c1ab639b5..37a93ec6de1 100644
--- a/ctdb/server/ctdb_daemon.c
+++ b/ctdb/server/ctdb_daemon.c
@@ -43,6 +43,7 @@
#include "common/rb_tree.h"
#include "common/reqid.h"
#include "common/system.h"
+#include "common/system_network.h"
#include "common/common.h"
#include "common/logging.h"
#include "common/pidfile.h"
diff --git a/ctdb/server/ctdb_recoverd.c b/ctdb/server/ctdb_recoverd.c
index 2b94fed7478..73451711845 100644
--- a/ctdb/server/ctdb_recoverd.c
+++ b/ctdb/server/ctdb_recoverd.c
@@ -38,7 +38,7 @@
#include "ctdb_private.h"
#include "ctdb_client.h"
-#include "common/system.h"
+#include "common/system_network.h"
#include "common/common.h"
#include "common/logging.h"
diff --git a/ctdb/server/ctdb_takeover.c b/ctdb/server/ctdb_takeover.c
index cd240875ba2..a97ce2b6de6 100644
--- a/ctdb/server/ctdb_takeover.c
+++ b/ctdb/server/ctdb_takeover.c
@@ -39,6 +39,7 @@
#include "common/rb_tree.h"
#include "common/reqid.h"
#include "common/system.h"
+#include "common/system_network.h"
#include "common/common.h"
#include "common/logging.h"
diff --git a/ctdb/tests/src/porting_tests.c b/ctdb/tests/src/porting_tests.c
index 74dbf0781b4..b7ad5256fdc 100644
--- a/ctdb/tests/src/porting_tests.c
+++ b/ctdb/tests/src/porting_tests.c
@@ -32,6 +32,7 @@
#include "protocol/protocol.h"
#include "common/system.h"
+#include "common/system_network.h"
#include "common/logging.h"
diff --git a/ctdb/tools/ctdb.c b/ctdb/tools/ctdb.c
index 2cb46b057f0..8cbe706ab54 100644
--- a/ctdb/tools/ctdb.c
+++ b/ctdb/tools/ctdb.c
@@ -41,6 +41,7 @@
#include "protocol/protocol_api.h"
#include "protocol/protocol_util.h"
#include "common/system.h"
+#include "common/system_network.h"
#include "client/client.h"
#include "client/client_sync.h"
diff --git a/ctdb/tools/ctdb_killtcp.c b/ctdb/tools/ctdb_killtcp.c
index 71b5999b10e..408a7b4e121 100644
--- a/ctdb/tools/ctdb_killtcp.c
+++ b/ctdb/tools/ctdb_killtcp.c
@@ -30,7 +30,7 @@
#include "protocol/protocol_util.h"
#include "common/db_hash.h"
-#include "common/system.h"
+#include "common/system_network.h"
#include "common/logging.h"
--
2.17.1
From fb350f80cc072d4b699759a432217211986926be Mon Sep 17 00:00:00 2001
From: Martin Schwenke <martin@meltin.net>
Date: Fri, 8 Jun 2018 22:31:48 +1000
Subject: [PATCH 2/2] ctdb-tests: Switch fake_ctdbd to use ctdb_get_peer_pid()
This potentially improves portability.
Signed-off-by: Martin Schwenke <martin@meltin.net>
---
ctdb/tests/src/fake_ctdbd.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/ctdb/tests/src/fake_ctdbd.c b/ctdb/tests/src/fake_ctdbd.c
index 2f4e87f6f6c..0e33f8c02e0 100644
--- a/ctdb/tests/src/fake_ctdbd.c
+++ b/ctdb/tests/src/fake_ctdbd.c
@@ -40,6 +40,7 @@
#include "common/logging.h"
#include "common/tunable.h"
#include "common/srvid.h"
+#include "common/system.h"
#include "ipalloc_read_known_ips.h"
@@ -3050,8 +3051,6 @@ static struct tevent_req *client_send(TALLOC_CTX *mem_ctx,
{
struct tevent_req *req;
struct client_state *state;
- struct ucred cr;
- socklen_t crl = sizeof(struct ucred);
int ret;
req = tevent_req_create(mem_ctx, &state, struct client_state);
@@ -3064,12 +3063,11 @@ static struct tevent_req *client_send(TALLOC_CTX *mem_ctx,
state->ctdb = ctdb;
state->pnn = pnn;
- ret = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &cr, &crl);
+ ret = ctdb_get_peer_pid(fd, &state->pid);
if (ret != 0) {
tevent_req_error(req, ret);
return tevent_req_post(req, ev);
}
- state->pid = cr.pid;
ret = comm_setup(state, ev, fd, client_read_handler, req,
client_dead_handler, req, &state->comm);
--
2.17.1

11
net/samba48/files/patch-ctdb__common__ctdb_util.c Normal file
View File

@ -0,0 +1,11 @@
--- ctdb/common/ctdb_util.c.orig 2018-06-28 15:36:39 UTC
+++ ctdb/common/ctdb_util.c
@@ -390,7 +390,7 @@ void ctdb_canonicalize_ip(const ctdb_soc
} else {
cip->ip6.sin6_family = AF_INET6;
#ifdef HAVE_SOCK_SIN_LEN
- cip->ip6.sin_len = sizeof(ctdb_sock_addr);
+ cip->ip6.sin6_len = sizeof(ctdb_sock_addr);
#endif
cip->ip6.sin6_port = ip->ip6.sin6_port;
memcpy(&cip->ip6.sin6_addr,

19
net/samba48/files/patch-ctdb__wscript
View File

@ -10,7 +10,7 @@
opt.add_option('--with-logdir',
help=("Path to log directory"),
@@ -210,7 +213,7 @@ def configure(conf):
@@ -219,7 +222,7 @@ def configure(conf):
if Options.options.ctdb_ceph_reclock:
if (conf.CHECK_HEADERS('rados/librados.h', False, False, 'rados') and
@ -19,7 +19,7 @@
Logs.info('Building with Ceph librados recovery lock support')
conf.define('HAVE_LIBRADOS', 1)
else:
@@ -246,9 +249,15 @@ def configure(conf):
@@ -255,9 +258,15 @@ def configure(conf):
conf.env.CTDB_VARDIR,
conf.env.CTDB_RUNDIR))
@ -38,7 +38,7 @@
# Allow unified compilation and separate compilation of utilities
# to find includes
@@ -573,9 +582,9 @@ def build(bld):
@@ -592,9 +601,9 @@ def build(bld):
if bld.env.HAVE_LIBRADOS:
bld.SAMBA_BINARY('ctdb_mutex_ceph_rados_helper',
source='utils/ceph/ctdb_mutex_ceph_rados_helper.c',
@ -51,7 +51,7 @@
sed_expr1 = 's|/usr/local/var/lib/ctdb|%s|g' % (bld.env.CTDB_VARDIR)
sed_expr2 = 's|/usr/local/etc/ctdb|%s|g' % (bld.env.CTDB_ETCDIR)
@@ -718,6 +727,9 @@ def build(bld):
@@ -737,6 +746,9 @@ def build(bld):
bld.install_dir(bld.env.CTDB_RUNDIR)
bld.install_dir(bld.env.CTDB_VARDIR)
@ -61,14 +61,3 @@
# Unit tests
ctdb_unit_tests = [
'db_hash_test',
@@ -828,7 +840,9 @@ def build(bld):
ib_deps,
install_path='${CTDB_TEST_LIBEXECDIR}')
- if bld.env.HAVE_ROBUST_MUTEXES and sys.platform.startswith('linux'):
+ if bld.env.HAVE_ROBUST_MUTEXES and (
+ sys.platform.startswith('linux') or sys.platform.startswith('freebsd')
+ ):
bld.SAMBA_BINARY('test_mutex_raw',
source='tests/src/test_mutex_raw.c',
deps='pthread',

13
net/samba48/files/patch-dnssock.c Normal file
View File

@ -0,0 +1,13 @@
--- lib/addns/dnssock.c.orig 2018-06-11 14:38:36 UTC
+++ lib/addns/dnssock.c
@@ -221,9 +221,7 @@ static DNS_ERROR dns_send_udp(struct dns
ssize_t ret;
do {
- ret = sendto(conn->s, buf->data, buf->offset, 0,
- (struct sockaddr *)&conn->RecvAddr,
- sizeof(conn->RecvAddr));
+ ret = send(conn->s, buf->data, buf->offset, 0);
} while ((ret == -1) && (errno == EINTR));
if (ret != buf->offset) {

22
net/samba48/files/patch-lib__util__debug.c
View File

@ -1,12 +1,22 @@
--- lib/util/debug.c.orig 2017-09-17 19:15:34 UTC
+++ lib/util/debug.c
@@ -750,12 +750,21 @@ static void debug_dump_status(int level)
@@ -653,7 +653,8 @@ static int debug_lookup_classname_int(co
{
size_t i;
- if (!classname) return -1;
+ if (!classname)
+ return -1;
for (i=0; i < debug_num_classes; i++) {
if (strcmp(classname, classname_table[i])==0)
@@ -752,12 +753,21 @@ static void debug_dump_status(int level)
}
}
+static void debug_set_all_levels(int level)
+{
+ int i;
+ size_t i;
+ /* Array is debug_num_classes long */
+ for (i = DBGC_ALL; i < debug_num_classes; i++) {
+ DEBUGLEVEL_CLASS[i] = level;
@ -23,7 +33,7 @@
class_name = strtok_r(param, ":", &saveptr);
if (class_name == NULL) {
@@ -772,7 +781,13 @@ static bool debug_parse_param(char *para
@@ -774,7 +784,13 @@ static bool debug_parse_param(char *para
return false;
}
@ -38,16 +48,16 @@
return true;
}
@@ -788,7 +803,7 @@ bool debug_parse_levels(const char *para
@@ -790,7 +806,7 @@ bool debug_parse_levels(const char *para
size_t str_len = strlen(params_str);
char str[str_len+1];
char *tok, *saveptr;
- int i;
- size_t i;
+ int level = 0;
/* Just in case */
debug_init();
@@ -804,16 +819,11 @@ bool debug_parse_levels(const char *para
@@ -806,16 +822,11 @@ bool debug_parse_levels(const char *para
* v.s. "all:10", this is the traditional way to set DEBUGLEVEL
*/
if (isdigit(tok[0])) {

4
net/samba48/files/patch-source3__smbd__utmp.c
View File

@ -1,5 +1,5 @@
--- source3/smbd/utmp.c.orig 2018-01-15 04:41:58.000000000 +0800
+++ source3/smbd/utmp.c 2018-05-25 14:06:42.746302000 +0800
--- source3/smbd/utmp.c.orig 2018-01-15 12:41:58 UTC
+++ source3/smbd/utmp.c
@@ -257,7 +257,7 @@ static char *uw_pathname(TALLOC_CTX *ctx
Update utmp file directly. No subroutine interface: probably a BSD system.
****************************************************************************/

4
net/samba48/files/patch-source3__wscript
View File

@ -1,5 +1,5 @@
--- source3/wscript.orig 2018-03-02 04:18:10.000000000 +0800
+++ source3/wscript 2018-05-25 13:41:10.834885000 +0800
--- source3/wscript.orig 2018-03-02 12:18:10 UTC
+++ source3/wscript
@@ -47,6 +47,7 @@ def set_options(opt):
opt.SAMBA3_ADD_OPTION('sendfile-support')
opt.SAMBA3_ADD_OPTION('utmp')

23
net/samba48/files/patch-vfs_full_audit.c
View File

@ -1,23 +0,0 @@
--- source3/modules/vfs_full_audit.c.orig 2018-05-15 10:58:37 UTC
+++ source3/modules/vfs_full_audit.c
@@ -613,6 +613,7 @@ static int smb_full_audit_connect(vfs_ha
const char *svc, const char *user)
{
int result;
+ const char *none[] = { "none" };
struct vfs_full_audit_private_data *pd = NULL;
result = SMB_VFS_NEXT_CONNECT(handle, svc, user);
@@ -652,10 +653,10 @@ static int smb_full_audit_connect(vfs_ha
pd->success_ops = init_bitmap(
pd, lp_parm_string_list(SNUM(handle->conn), "full_audit",
- "success", NULL));
+ "success", none));
pd->failure_ops = init_bitmap(
pd, lp_parm_string_list(SNUM(handle->conn), "full_audit",
- "failure", NULL));
+ "failure", none));
/* Store the private data. */
SMB_VFS_HANDLE_SET_DATA(handle, pd, NULL,