Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • lts-team/packages/samba
  • thctlo/samba-lintianfix
  • arnaudr/samba
  • jrwren/samba
  • paride/samba
  • athos/samba
  • henrich/samba
  • cnotin/samba
  • mimi89999/samba
  • samba-team/samba
  • ahasenack/samba
  • jrtc27/samba
  • noel/samba
13 results
Show changes
Commits on Source (44)
Showing
with 117 additions and 373 deletions
......@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=17
SAMBA_VERSION_RELEASE=4
SAMBA_VERSION_RELEASE=5
########################################################
# If a official release has a serious bug #
......
==============================
Release Notes for Samba 4.17.5
January 26, 2023
==============================
This is the latest stable release of the Samba 4.17 release series.
Changes since 4.17.4
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 14808: smbc_getxattr() return value is incorrect.
* BUG 15172: Compound SMB2 FLUSH+CLOSE requests from MacOSX are not handled
correctly.
* BUG 15210: synthetic_pathref AFP_AfpInfo failed errors.
* BUG 15226: samba-tool gpo listall fails IPv6 only - finddcs() fails to find
DC when there is only an AAAA record for the DC in DNS.
* BUG 15236: smbd crashes if an FSCTL request is done on a stream handle.
* BUG 15277: DFS links don't work anymore on Mac clients since 4.17.
* BUG 15283: vfs_virusfilter segfault on access, directory edgecase
(accessing NULL value).
o Samuel Cabrero <scabrero@samba.org>
* BUG 15240: CVE-2022-38023 [SECURITY] Samba should refuse RC4 (aka md5)
based SChannel on NETLOGON (additional changes).
o Volker Lendecke <vl@samba.org>
* BUG 15243: %U for include directive doesn't work for share listing
(netshareenum).
* BUG 15266: Shares missing from netshareenum response in samba 4.17.4.
* BUG 15269: ctdb: use-after-free in run_proc.
o Stefan Metzmacher <metze@samba.org>
* BUG 15243: %U for include directive doesn't work for share listing
(netshareenum).
* BUG 15266: Shares missing from netshareenum response in samba 4.17.4.
* BUG 15280: irpc_destructor may crash during shutdown.
* BUG 15286: auth3_generate_session_info_pac leaks wbcAuthUserInfo.
o Andreas Schneider <asn@samba.org>
* BUG 15268: smbclient segfaults with use after free on an optimized build.
o Jones Syue <jonessyue@qnap.com>
* BUG 15282: smbstatus leaking files in msg.sock and msg.lock.
o Andrew Walker <awalker@ixsystems.com>
* BUG 15164: Leak in wbcCtxPingDc2.
* BUG 15265: Access based share enum does not work in Samba 4.16+.
* BUG 15267: Crash during share enumeration.
* BUG 15271: rep_listxattr on FreeBSD does not properly check for reads off
end of returned buffer.
o Florian Weimer <fweimer@redhat.com>
* BUG 15281: Avoid relying on C89 features in a few places.
#######################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical:matrix.org matrix room, or
#samba-technical IRC channel on irc.libera.chat.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the Samba 4.1 and newer product in the project's Bugzilla
database (https://bugzilla.samba.org/).
======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================
Release notes for older releases follow:
----------------------------------------
==============================
Release Notes for Samba 4.17.4
December 15, 2022
......@@ -152,8 +234,7 @@ database (https://bugzilla.samba.org/).
======================================================================
Release notes for older releases follow:
----------------------------------------
----------------------------------------------------------------------
==============================
Release Notes for Samba 4.17.3
November 15, 2022
......
......@@ -209,7 +209,8 @@ def CHECK_LIBRARY_SUPPORT(conf, rpath=False, version_script=False, msg=None):
lib_node.parent.mkdir()
lib_node.write('int lib_func(void) { return 42; }\n', 'w')
main_node = bld.srcnode.make_node('main.c')
main_node.write('int main(void) {return !(lib_func() == 42);}', 'w')
main_node.write('int lib_func(void);\n'
'int main(void) {return !(lib_func() == 42);}', 'w')
linkflags = []
if version_script:
script = bld.srcnode.make_node('ldscript')
......
......@@ -408,10 +408,10 @@ struct tevent_req *run_proc_send(TALLOC_CTX *mem_ctx,
static int run_proc_state_destructor(struct run_proc_state *state)
{
/* Do not get rid of the child process if timeout has occurred */
if (state->proc->req != NULL) {
if ((state->proc != NULL) && (state->proc->req != NULL)) {
state->proc->req = NULL;
DLIST_REMOVE(state->run_ctx->plist, state->proc);
talloc_free(state->proc);
TALLOC_FREE(state->proc);
}
return 0;
......@@ -439,6 +439,7 @@ static void run_proc_kill(struct tevent_req *req)
req, struct run_proc_state);
state->proc->req = NULL;
state->proc = NULL;
state->result.sig = SIGKILL;
......
......@@ -2,12 +2,12 @@
.\" Title: ctdb-etcd
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 12/15/2022
.\" Date: 01/26/2023
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "CTDB\-ETCD" "7" "12/15/2022" "ctdb" "CTDB \- clustered TDB database"
.TH "CTDB\-ETCD" "7" "01/26/2023" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......
......@@ -2,12 +2,12 @@
.\" Title: ctdb-script.options
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 12/15/2022
.\" Date: 01/26/2023
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "CTDB\-SCRIPT\&.OPTIO" "5" "12/15/2022" "ctdb" "CTDB \- clustered TDB database"
.TH "CTDB\-SCRIPT\&.OPTIO" "5" "01/26/2023" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......
......@@ -2,12 +2,12 @@
.\" Title: ctdb-statistics
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 12/15/2022
.\" Date: 01/26/2023
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "CTDB\-STATISTICS" "7" "12/15/2022" "ctdb" "CTDB \- clustered TDB database"
.TH "CTDB\-STATISTICS" "7" "01/26/2023" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......
......@@ -2,12 +2,12 @@
.\" Title: ctdb-tunables
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 12/15/2022
.\" Date: 01/26/2023
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "CTDB\-TUNABLES" "7" "12/15/2022" "ctdb" "CTDB \- clustered TDB database"
.TH "CTDB\-TUNABLES" "7" "01/26/2023" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......
......@@ -2,12 +2,12 @@
.\" Title: ctdb
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 12/15/2022
.\" Date: 01/26/2023
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "CTDB" "1" "12/15/2022" "ctdb" "CTDB \- clustered TDB database"
.TH "CTDB" "1" "01/26/2023" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......
......@@ -2,12 +2,12 @@
.\" Title: ctdb
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 12/15/2022
.\" Date: 01/26/2023
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "CTDB" "7" "12/15/2022" "ctdb" "CTDB \- clustered TDB database"
.TH "CTDB" "7" "01/26/2023" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......
......@@ -2,12 +2,12 @@
.\" Title: ctdb.conf
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 12/15/2022
.\" Date: 01/26/2023
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "CTDB\&.CONF" "5" "12/15/2022" "ctdb" "CTDB \- clustered TDB database"
.TH "CTDB\&.CONF" "5" "01/26/2023" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......
......@@ -2,12 +2,12 @@
.\" Title: ctdb.sysconfig
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 12/15/2022
.\" Date: 01/26/2023
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "CTDB\&.SYSCONFIG" "5" "12/15/2022" "ctdb" "CTDB \- clustered TDB database"
.TH "CTDB\&.SYSCONFIG" "5" "01/26/2023" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......
......@@ -2,12 +2,12 @@
.\" Title: ctdb_diagnostics
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 12/15/2022
.\" Date: 01/26/2023
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "CTDB_DIAGNOSTICS" "1" "12/15/2022" "ctdb" "CTDB \- clustered TDB database"
.TH "CTDB_DIAGNOSTICS" "1" "01/26/2023" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......
......@@ -2,12 +2,12 @@
.\" Title: Ceph RADOS Mutex
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 12/15/2022
.\" Date: 01/26/2023
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "CEPH RADOS MUTEX" "7" "12/15/2022" "ctdb" "CTDB \- clustered TDB database"
.TH "CEPH RADOS MUTEX" "7" "01/26/2023" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......
......@@ -2,12 +2,12 @@
.\" Title: ctdbd
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 12/15/2022
.\" Date: 01/26/2023
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "CTDBD" "1" "12/15/2022" "ctdb" "CTDB \- clustered TDB database"
.TH "CTDBD" "1" "01/26/2023" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......
......@@ -2,12 +2,12 @@
.\" Title: ltdbtool
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 12/15/2022
.\" Date: 01/26/2023
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "LTDBTOOL" "1" "12/15/2022" "ctdb" "CTDB \- clustered TDB database"
.TH "LTDBTOOL" "1" "01/26/2023" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......
......@@ -2,12 +2,12 @@
.\" Title: onnode
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 12/15/2022
.\" Date: 01/26/2023
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "ONNODE" "1" "12/15/2022" "ctdb" "CTDB \- clustered TDB database"
.TH "ONNODE" "1" "01/26/2023" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......
......@@ -2,12 +2,12 @@
.\" Title: ping_pong
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 12/15/2022
.\" Date: 01/26/2023
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "PING_PONG" "1" "12/15/2022" "ctdb" "CTDB \- clustered TDB database"
.TH "PING_PONG" "1" "01/26/2023" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......
From: Michael Tokarev <mjt@tls.msk.ru>
Subject: Bug 15266 - shares missing from netshareenum response in samba 4.17.4
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15266
git-am patch for samba bug 15266.
Remove addition and deletion of selftest/knownfail.d/registry_share
file (quilt dislikes when a file is added and deleted in one patch)
From 53d81dbecbca90b9b4715de3d895ea881725138e Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Wed, 9 Nov 2022 14:04:23 +0100
Subject: [PATCH 1/3] testprogs: Add testit_grep_count() helper
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 55feb593012fc5b24e795a00081666fca740429c)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15243
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15266
---
testprogs/blackbox/subunit.sh | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/testprogs/blackbox/subunit.sh b/testprogs/blackbox/subunit.sh
index 75a9b5ec7e3c..ba4e997c5253 100755
--- a/testprogs/blackbox/subunit.sh
+++ b/testprogs/blackbox/subunit.sh
@@ -121,6 +121,35 @@ testit_grep()
return $status
}
+# This returns 0 if the command gave success and the grep value was found
+# num times all other cases return != 0
+testit_grep_count()
+{
+ name="$1"
+ shift
+ grep="$1"
+ shift
+ num="$1"
+ shift
+ cmdline="$@"
+ subunit_start_test "$name"
+ output=$($cmdline 2>&1)
+ status=$?
+ if [ x$status != x0 ]; then
+ printf '%s' "$output" | subunit_fail_test "$name"
+ return $status
+ fi
+ found=$(printf '%s' "$output" | grep -c "$grep")
+ if [ x"$found" = x"$num" ]; then
+ subunit_pass_test "$name"
+ else
+ printf 'GREP: "%s" found "%d" times, expected "%d" in output:\n%s'\
+ "$grep" "$found" "$num" "$output" |
+ subunit_fail_test "$name"
+ fi
+ return $status
+}
+
testit_expect_failure()
{
name="$1"
--
2.34.1
From 1d6cc05bf6c231cf6d4bb46d2f1370f6a6c393d4 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 28 Dec 2022 16:18:40 +0100
Subject: [PATCH 2/3] selftest: add samba3.blackbox.registry_share
This demonstrates the regression introduced by
f03665bb7e8ea97699062630f2aa1bac4c5dfc7f, where
registry shares are no longer listed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15243
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15266
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Walker <awalker@ixsystems.com>
(cherry picked from commit a00c7395fbc7974a61a70ae54ea6ae6349933de2)
---
selftest/target/Samba3.pm | 30 ++++++++++++++++
source3/script/tests/test_registry_share.sh | 39 +++++++++++++++++++++
source3/selftest/tests.py | 4 +++
3 files changed, 73 insertions(+)
create mode 100755 source3/script/tests/test_registry_share.sh
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 64374ab9bcde..72c8abac8670 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -532,6 +532,36 @@ sub setup_clusteredmember
return undef;
}
+ my $registry_share_template = "$node_ret->{SERVERCONFFILE}.registry_share_template";
+ unless (open(REGISTRYCONF, ">$registry_share_template")) {
+ warn("Unable to open $registry_share_template");
+ teardown_env($self, $node_ret);
+ teardown_env($self, $ctdb_data);
+ return undef;
+ }
+
+ print REGISTRYCONF "
+[registry_share]
+ copy = tmp
+ comment = smb username is [%U]
+";
+
+ close(REGISTRYCONF);
+
+ my $net = Samba::bindir_path($self, "net");
+ my $cmd = "";
+
+ $cmd .= "UID_WRAPPER_ROOT=1 ";
+ $cmd .= "$net conf import $node_ret->{CONFIGURATION} ${registry_share_template}";
+
+ my $net_ret = system($cmd);
+ if ($net_ret != 0) {
+ warn("net conf import failed: $net_ret\n$cmd");
+ teardown_env($self, $node_ret);
+ teardown_env($self, $ctdb_data);
+ return undef;
+ }
+
my $nmblookup = Samba::bindir_path($self, "nmblookup");
do {
print "Waiting for the LOGON SERVER registration ...\n";
diff --git a/source3/script/tests/test_registry_share.sh b/source3/script/tests/test_registry_share.sh
new file mode 100755
index 000000000000..22e9f732a58c
--- /dev/null
+++ b/source3/script/tests/test_registry_share.sh
@@ -0,0 +1,39 @@
+#!/bin/sh
+# Blackbox tests for registry shares
+#
+
+if [ $# -lt 3 ]; then
+ cat <<EOF
+Usage: test_registry_share.sh SERVER USERNAME PASSWORD
+EOF
+ exit 1
+fi
+
+SERVER=$1
+USERNAME=$2
+PASSWORD=$3
+shift 3
+failed=0
+
+samba_bindir="$BINDIR"
+samba_srcdir="$SRCDIR"
+smbclient="$samba_bindir/smbclient"
+rpcclient="$samba_bindir/rpcclient"
+
+. $samba_srcdir/testprogs/blackbox/subunit.sh
+. $samba_srcdir/testprogs/blackbox/common_test_fns.inc
+
+test_smbclient \
+ "Test access to registry share [${USERNAME}]" \
+ "ls" "//${SERVER}/registry_share" "-U$USERNAME%$PASSWORD" ||
+ failed=$((failed + 1))
+
+testit_grep_count \
+ "Test for share enum with registry share" \
+ "netname: registry_share" \
+ 1 \
+ ${rpcclient} "ncacn_np:${SERVER}" "-U$USERNAME%$PASSWORD" \
+ -c netshareenum ||
+ failed=$((failed + 1))
+
+testok "$0" "$failed"
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 01ec90e9878c..54c788fd441d 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -1376,6 +1376,10 @@ plantestsuite("samba3.blackbox.smbXsrv_client_cross_node", "clusteredmember:loca
configuration,
'ctdb0', 'ctdb1',
"tmp"])
+plantestsuite("samba3.blackbox.registry_share", "clusteredmember",
+ [os.path.join(samba3srcdir,
+ "script/tests/test_registry_share.sh"),
+ "$SERVER", '$DC_USERNAME', "$DC_PASSWORD"])
env = 'fileserver'
plantestsuite("samba3.blackbox.virus_scanner", "%s:local" % (env),
--
2.34.1
From 791f82046b6dcc2f10e3017a8f90ce2ce8a9a7c2 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 28 Dec 2022 13:50:45 +0100
Subject: [PATCH 3/3] s3:rpc_server/srvsvc: make sure we (re-)load all shares
as root.
This fixes a regression in commit f03665bb7e8ea97699062630f2aa1bac4c5dfc7f
The use of reload_services() has a lot of side effects, e.g. reopen of
log files and other things, which are only useful in smbd, but not in rpcd_classic.
It was also unloading the user and registry shares we loaded a few lines
above.
We need to do all (re-)loading as root, otherwise we won't be able
to read root only smb.conf files, access registry shares, ...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15243
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15266
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Walker <awalker@ixsystems.com>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Dec 29 21:14:02 UTC 2022 on sn-devel-184
(cherry picked from commit f28553105be7465026bcc0fcbbed6a1a8c2133dd)
---
source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 28 +++++++++++++----------
1 file changed, 16 insertions(+), 12 deletions(-)
delete mode 100644 selftest/knownfail.d/registry_share
diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
index 233718ff310c..5114ccbdad4d 100644
--- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
@@ -628,30 +628,34 @@ static WERROR init_srv_share_info_ctr(struct pipes_struct *p,
union srvsvc_NetShareCtr ctr;
uint32_t resume_handle = resume_handle_p ? *resume_handle_p : 0;
const char *unix_name = session_info->unix_info->unix_name;
- int existing_home = lp_servicenumber(unix_name);
+ int existing_home = -1;
int added_home = -1;
WERROR ret = WERR_OK;
DEBUG(5,("init_srv_share_info_ctr\n"));
- /* Ensure all the usershares are loaded. */
+ /*
+ * We need to make sure to reload the services for the connecting user.
+ * It is possible that we have includes with substitutions.
+ *
+ * include = /etc/samba/%U.conf
+ *
+ * We also need all printers and usershares.
+ *
+ * We need to be root in order to have access to registry shares
+ * and root only smb.conf files.
+ */
become_root();
+ lp_kill_all_services();
+ lp_load_with_shares(get_dyn_CONFIGFILE());
delete_and_reload_printers();
load_usershare_shares(NULL, connections_snum_used);
load_registry_shares();
- unbecome_root();
-
+ existing_home = lp_servicenumber(unix_name);
if (existing_home == -1) {
added_home = register_homes_share(unix_name);
}
-
- /*
- * We need to make sure to reload the services for the connecting user.
- * It is possible that the we have includes with substitutions.
- *
- * include = /etc/samba/%U.conf
- */
- reload_services(NULL, NULL, false);
+ unbecome_root();
num_services = lp_numservices();
--
2.34.1
From 5c8e34cae96ee65d34da61801a0f04c562006369 Mon Sep 17 00:00:00 2001
From: Andrew <awalker@ixsystems.com>
Date: Fri, 16 Dec 2022 08:16:10 -0800
Subject: rpc_server:srvsvc - retrieve share ACL via root context
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15265
share_info.tdb has permissions of 0o600 and so we need
to become_root() prior to retrieving the security info.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15265
Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Dec 19 20:41:15 UTC 2022 on sn-devel-184
(cherry picked from commit 80c0b416892bfacc0d919fe032461748d7962f05)
---
source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
index 233718ff310..fbc617c3ac1 100644
--- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
@@ -540,6 +540,7 @@ static bool is_hidden_share(int snum)
static bool is_enumeration_allowed(struct pipes_struct *p,
int snum)
{
+ bool allowed;
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
@@ -556,9 +557,19 @@ static bool is_enumeration_allowed(struct pipes_struct *p,
return false;
}
- return share_access_check(session_info->security_token,
- lp_servicename(talloc_tos(), lp_sub, snum),
- FILE_READ_DATA, NULL);
+
+ /*
+ * share_access_check() must be opened as root
+ * because it ultimately gets a R/W db handle on share_info.tdb
+ * which has 0o600 permissions
+ */
+ become_root();
+ allowed = share_access_check(session_info->security_token,
+ lp_servicename(talloc_tos(), lp_sub, snum),
+ FILE_READ_DATA, NULL);
+ unbecome_root();
+
+ return allowed;
}
/****************************************************************************
--
2.34.1