Attachment 13755 Details for Bug 13118

[patch] git-am fix for master.

master-13118.patch (text/plain), 4.89 KB, created by Jeremy Allison on 2017-11-03 22:41 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Jeremy Allison

Created: 2017-11-03 22:41 UTC

Size: 4.89 KB

patch

obsolete

>From 86f31ccb577a5a9215eaf638bf4b0d027cb91bed Mon Sep 17 00:00:00 2001
>From: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
>Date: Fri, 3 Nov 2017 22:33:28 +0000
>Subject: [PATCH 1/2] s3: smbd: Fix delete-on-close after smb2_find
>
>Both dptr_create() and can_delete_directory_fsp() are calling OpenDir_fsp()
>to get a directory handle. This causes an issue when delete-on-close is
>set after smb2_find because both directory handle instances share the same
>underlying file descriptor. In addition the SMB_ASSERT() in destructor
>smb_Dir_destructor() gets triggered.
>
>To avoid this use OpenDir() instead of OpenDir_fsp().
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13118
>
>Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>---
> source3/smbd/dir.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
>diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
>index cb54be4de76..19e29640118 100644
>--- a/source3/smbd/dir.c
>+++ b/source3/smbd/dir.c
>@@ -2128,9 +2128,9 @@ NTSTATUS can_delete_directory_fsp(files_struct *fsp)
> 	char *talloced = NULL;
> 	SMB_STRUCT_STAT st;
> 	struct connection_struct *conn = fsp->conn;
>-	struct smb_Dir *dir_hnd = OpenDir_fsp(talloc_tos(),
>+	struct smb_Dir *dir_hnd = OpenDir(talloc_tos(),
> 					conn,
>-					fsp,
>+					fsp->fsp_name,
> 					NULL,
> 					0);
> 
>-- 
>2.15.0.403.gc27cc4dac6-goog
>
>
>From f541e6870924c5cb0d160c726d4cb66cd75689ad Mon Sep 17 00:00:00 2001
>From: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
>Date: Fri, 27 Oct 2017 14:59:32 +0200
>Subject: [PATCH 2/2] s4: torture: Add smb2 FIND_and_set_DOC test case.
>
>Regression tests doing an SMB2_find followed by
>a set delete on close and then close on a directory.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13118
>
>Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>---
> source4/torture/smb2/delete-on-close.c | 66 ++++++++++++++++++++++++++++++++++
> 1 file changed, 66 insertions(+)
>
>diff --git a/source4/torture/smb2/delete-on-close.c b/source4/torture/smb2/delete-on-close.c
>index 44ef33ec6f8..2312df285a3 100644
>--- a/source4/torture/smb2/delete-on-close.c
>+++ b/source4/torture/smb2/delete-on-close.c
>@@ -516,6 +516,71 @@ static bool test_doc_create_if_exist(struct torture_context *tctx, struct smb2_t
> 	return true;
> }
> 
>+static bool test_doc_find_and_set_doc(struct torture_context *tctx, struct smb2_tree *tree)
>+{
>+	struct smb2_create io;
>+	struct smb2_find find;
>+	NTSTATUS status;
>+	union smb_search_data *d;
>+	union smb_setfileinfo sfinfo;
>+	unsigned int count;
>+	uint32_t perms = 0;
>+
>+	perms = SEC_STD_SYNCHRONIZE | SEC_STD_READ_CONTROL | SEC_STD_DELETE |
>+		SEC_DIR_WRITE_ATTRIBUTE | SEC_DIR_READ_ATTRIBUTE |
>+		SEC_DIR_WRITE_EA | SEC_FILE_APPEND_DATA |
>+		SEC_FILE_WRITE_DATA | SEC_DIR_LIST;
>+
>+	/* File should not exist for this first test, so make sure */
>+	set_dir_delete_perms(tctx, tree);
>+
>+	smb2_deltree(tree, DNAME);
>+
>+	create_dir(tctx, tree);
>+
>+	torture_comment(tctx, "FIND and delete directory\n");
>+	torture_comment(tctx, "We expect NT_STATUS_OK\n");
>+
>+	/* open the directory first */
>+	ZERO_STRUCT(io);
>+	io.in.desired_access	 = perms;
>+	io.in.file_attributes	 = FILE_ATTRIBUTE_DIRECTORY;
>+	io.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
>+	io.in.share_access	 = NTCREATEX_SHARE_ACCESS_READ |
>+				   NTCREATEX_SHARE_ACCESS_DELETE;
>+	io.in.create_options     = NTCREATEX_OPTIONS_DIRECTORY;
>+	io.in.fname              = DNAME;
>+
>+	status = smb2_create(tree, tctx, &io);
>+	CHECK_STATUS(status, NT_STATUS_OK);
>+
>+	/* list directory */
>+	ZERO_STRUCT(find);
>+	find.in.file.handle        = io.out.file.handle;
>+	find.in.pattern            = "*";
>+	find.in.continue_flags     = SMB2_CONTINUE_FLAG_SINGLE;
>+	find.in.max_response_size  = 0x100;
>+	find.in.level              = SMB2_FIND_BOTH_DIRECTORY_INFO;
>+
>+	/* start enumeration on directory */
>+	status = smb2_find_level(tree, tree, &find, &count, &d);
>+	CHECK_STATUS(status, NT_STATUS_OK);
>+
>+	/* set delete-on-close */
>+	ZERO_STRUCT(sfinfo);
>+	sfinfo.generic.level = RAW_SFILEINFO_DISPOSITION_INFORMATION;
>+	sfinfo.disposition_info.in.delete_on_close = 1;
>+	sfinfo.generic.in.file.handle = io.out.file.handle;
>+	status = smb2_setinfo_file(tree, &sfinfo);
>+	CHECK_STATUS(status, NT_STATUS_OK);
>+
>+	/* close directory */
>+	status = smb2_util_close(tree, io.out.file.handle);
>+	CHECK_STATUS(status, NT_STATUS_OK);
>+	return true;
>+}
>+
>+
> /*
>  *  Extreme testing of Delete On Close and permissions
>  */
>@@ -529,6 +594,7 @@ struct torture_suite *torture_smb2_doc_init(TALLOC_CTX *ctx)
> 	torture_suite_add_1smb2_test(suite, "CREATE Existing", test_doc_create_exist);
> 	torture_suite_add_1smb2_test(suite, "CREATE_IF", test_doc_create_if);
> 	torture_suite_add_1smb2_test(suite, "CREATE_IF Existing", test_doc_create_if_exist);
>+	torture_suite_add_1smb2_test(suite, "FIND_and_set_DOC", test_doc_find_and_set_doc);
> 
> 	suite->description = talloc_strdup(suite, "SMB2-Delete-on-Close-Perms tests");
> 
>-- 
>2.15.0.403.gc27cc4dac6-goog
>

Flags:

slow: review+

Actions: View

Attachments on bug 13118: 13754 | 13755 | 13761