IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Will be used to trigger Directory Lease breaks from notify_fname().
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Checks for Directory Lease breaks on the parent directory of smb_fname. Gets a
sharemode lock on the locking.tdb record of the directory, hence it mustn't be
called if the caller still has another sharmode lock.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
notify_fname() for NOTIFY_ACTION_DIRLEASE_BREAK will soon need the lease of the
current open and to implement "MS-FSA 2.1.4.12 Algorithm to Check for an Oplock
Break" with flags=PARENT_OBJECT.
No change in behaviour for now, all callers pass lease=NULL;
Also change path arg to struct smb_filename.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This will be a common pattern in the upcoming code dealing with Directory Lease
breaks: when checking for Directory Lease breaks on the parent directory, we
take the sharemode lock on the parent and hence by then must have dropped the
sharemode lock on the object that performs the Directory Lease break check. That
functionality will be later added to notify_fname().
This means the notification will be sent a wee bit later, but that's something
the change notification protocol has to live with anyway.
For Directory Leases the sequence to check for Directory Lease breaks is to call
MS-FSA 2.1.4.12 "Algorithm to Check for an Oplock Break" with
flags=PARENT_OBJECT at the end of each relevant operation, eg creating a file
asf, when processing of the operation that will call 2.1.4.12 is already
completed.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Check for open files recursively when renaming a directory and wait for handle
lease breaks.
As delay_for_handle_lease_break_send() does the same check as
have_file_open_below(), remove have_file_open_below() from can_rename() so it is
not called twice for SMB2 renames, and add calls to have_file_open_below() to the
SMB1 entry rename entry points.
This is a bit ugly, but I don't see any other good way of doing this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15608
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Let have_file_open_below() be the single function to check if
"have_file_open_below" and let it check internally whether to just search the
fsp list in the process or traversing locking.tdb based on the setting of
"strict rename".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15608
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
In the future not all callers will have a share_mode_lock around.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15608
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
All existing callers use share_entry_forall_read, so no change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15608
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Gives the callback function more control about when of a locking.tdb
traverse is stopped. If the callback function returns:
0 => continue traverse
1 => stop loop over share_mode_entries, but continue share_mode_data traverse
-1 => stop whole share_mode_data traverse
All existing callers of share_entry_forall() either return 0 or -1 from their
callback functions, so no change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15608
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
All existing callers use share_mode_forall_read(), so no change in behaviour.
Note: doing the indirection via the function pointers "ro_fn" and "rw_fn" in a
single state "struct share_mode_forall_state" avoids duplicating
share_mode_forall_dump_fn() and share_mode_forall_fn() and has the benefit of
code sharing of these functions for both read-only and read-write cases.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15608
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Gives callers the option to modify data if needed. All existing
callers use g_lock_locks_read(), so no change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15608
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This ensures common cleanup code via
smbXsrv_connection_shutdown_send() ->
-> smbXsrv_session_disconnect_xconn()
-> smbXsrv_session_remove_channel()
-> smb2srv_session_shutdown_send()
is used if the last (only) connection goes away as well. In the future this
should be implemented for the
xconn->has_cluster_movable_ip
case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15608
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Add a version of delay_rename_for_lease_break() that is usable in other places
where we have to check for handle lease breaks. No change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15608
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
in_input_buffer just points into the smbd_smb2_request iovecs data which is
guarenteed to have the same lifetime as the deferred rename processing, no need
to make a copy.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15608
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
ce459ddbcd recently switched the readdir
implementation to use ceph_readdir_r(). Thus ceph_readdir() is
unnecessarily loaded which is no longer used.
https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: John Mulligan <jmulligan@redhat.com>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Sun Nov 3 11:07:23 UTC 2024 on atb-devel-224
Store the set of open O_XXX flags as part of the referenced file-handle
to allow more verbose debug-logging info upon close. This should ease
the developer's logging analysis where same inode is opened multiple
times but with different flags set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: John Mulligan <jmulligan@redhat.com>
Have more verbose and explicit values in various DBG_DEBUG logging. In
particular, do not use the redundant '__func__' argument as it's info is
already provided via the DBG_ logging macros.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: John Mulligan <jmulligan@redhat.com>
Add extra debug-logging to mount/umount flows, with more verbose info.
Try to make logging messages follow a 'key=value' format.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: John Mulligan <jmulligan@redhat.com>
Use boolean return value from cephmount_cache_add, to align code-style
with other caphmount helper functions. Returns false in case of memory
allocation failure, true otherwise (success).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: John Mulligan <jmulligan@redhat.com>
Use singed int32_t for cached mount-entries reference counting. Define
helper function for inc/dec ref-count which also provides proper
logging. Prefer boolean return-value for 'cephmount_cache_remove' as
'int' is often used as error indicator within the context of libcephfs
and this VFS module.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: John Mulligan <jmulligan@redhat.com>
Do not set 'errno' to ENOENT in cephmount_cache_update. Setting this
errno value upon newly inserted entry may cause vfs_ceph_connect to
change errno to non-zero value even though the final result is OK.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: John Mulligan <jmulligan@redhat.com>
Align code-style of 'cephmount_mount_fs' with rest of the code: use
'goto' for bail-out upon error case (with proper cleanups). For the
common case of successful operation complete execution and return final
value. Added extra debug-logging for good-path case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: John Mulligan <jmulligan@redhat.com>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15749
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Oct 31 14:02:39 UTC 2024 on atb-devel-224
This was missing in commit 628d7b6f2e.
We should not alter the name to '<UNKNOWN>'!
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
We must also break leases on other opens if the open of the rename doesn't have
a lease itself. The existing test test_lease_v2_rename() that was added
alongside the deferred rename server code didn't cover this case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15697
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Oct 31 12:47:24 UTC 2024 on atb-devel-224
For a compound related request chain of eg CREATE+NOTIFY+GETINFO, the NOTIFY
will typically go async. When this is noted in smbd_smb2_request_pending_queue()
the pending async tevent_req is cancelled which means we return
NT_STATUS_CANCELLED to the client while Windows returns
NT_STATUS_INTERNAL_ERROR.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15697
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This will be needed when we implement netr_ServerAuthenticateKerberos...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This will be needed when we implement netr_ServerAuthenticateKerberos...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
creds->sid will be removed soon...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This will make the following changes simpler...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
With SAMBA_WEAK_CRYPTO_DISALLOWED we will return DOWNGRADE_DETECTED with negotiate_flags = 0,
if AES was not negotiated...
And if AES was negotiated there's no harm in returning the ARCFOUR
flag...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This was missing from commit 6140c3177a and causes
all opens of directories to be handled as stat opens, bypassing the sharemode
check.
Not adding a test at this time, as my (hopefully) soon to be merged Directory
Leases branch has a test which actually detected this problem.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15732
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Oct 29 12:44:49 UTC 2024 on atb-devel-224
Essentially FSP_POSIX_FLAGS_OPEN implies FSP_POSIX_FLAGS_PATHNAMES, so we can
just remove FSP_POSIX_FLAGS_PATHNAMES and simplify things.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
This option of the vfs_fruit VFS module that could be used to enable POSIX
directory rename behaviour for OS X clients has been removed as it could result
in severe problems for Windows clients.
As a possible workaround it is possible to prevent creation of .DS_Store files
(a Finder thingy to store directory view settings) on network mounts by running
$ defaults write com.apple.desktopservices DSDontWriteNetworkStores true
on the Mac.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Prefer a safe version of ceph_readdir, where the directory entry struct
is allocated by the caller. Use a dynamic-allocated 'struct dirent'
which is associated with a directory vfs_ceph_fh (optional), which is
allocated on-the-fly upon start of READDIR and released at the end or
CLOSEDIR (or unlikely readdir error).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Fri Oct 25 10:29:44 UTC 2024 on atb-devel-224
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Oct 24 12:05:10 UTC 2024 on atb-devel-224
==36258==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x51300000b096 at pc 0x7fb6b4880b46 bp 0x7ffc67d44b40 sp 0x7ffc67d44300
READ of size 1 at 0x51300000b096 thread T0
#0 0x7fb6b4880b45 in strlen ../../../../libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:391
#1 0x560fe898cde3 in winbindd_wins_byip_done ../../source3/winbindd/winbindd_wins_byip.c:111
#2 0x7fb6b4ef8ae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#3 0x7fb6b4ef8d1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#4 0x7fb6b4ef8d84 in _tevent_req_done ../../lib/tevent/tevent_req.c:240
#5 0x7fb6b1e24c80 in node_status_query_done ../../source3/libsmb/namequery.c:904
#6 0x7fb6b4ef8ae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#7 0x7fb6b4ef8d1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#8 0x7fb6b4ef8d84 in _tevent_req_done ../../lib/tevent/tevent_req.c:240
#9 0x7fb6b1e250bc in nb_trans_done ../../source3/libsmb/namequery.c:756
#10 0x7fb6b4ef8ae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#11 0x7fb6b4ef8d1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#12 0x7fb6b4ef8d84 in _tevent_req_done ../../lib/tevent/tevent_req.c:240
#13 0x7fb6b1e270af in sock_packet_read_got_socket ../../source3/libsmb/namequery.c:537
#14 0x7fb6b4ef8ae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#15 0x7fb6b4ef8d1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#16 0x7fb6b4ef8d84 in _tevent_req_done ../../lib/tevent/tevent_req.c:240
#17 0x7fb6b33db183 in tdgram_recvfrom_done ../../lib/tsocket/tsocket.c:240
#18 0x7fb6b4ef8ae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#19 0x7fb6b4ef8d1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#20 0x7fb6b4ef8d84 in _tevent_req_done ../../lib/tevent/tevent_req.c:240
#21 0x7fb6b33e0d99 in tdgram_bsd_recvfrom_handler ../../lib/tsocket/tsocket_bsd.c:1087
#22 0x7fb6b33e0263 in tdgram_bsd_fde_handler ../../lib/tsocket/tsocket_bsd.c:811
#23 0x7fb6b4ef5ac1 in tevent_common_invoke_fd_handler ../../lib/tevent/tevent_fd.c:174
#24 0x7fb6b4f0b185 in epoll_event_loop ../../lib/tevent/tevent_epoll.c:696
#25 0x7fb6b4f0b185 in epoll_event_loop_once ../../lib/tevent/tevent_epoll.c:926
#26 0x7fb6b4f037b8 in std_event_loop_once ../../lib/tevent/tevent_standard.c:110
#27 0x7fb6b4ef3549 in _tevent_loop_once ../../lib/tevent/tevent.c:820
#28 0x560fe8a15198 in main ../../source3/winbindd/winbindd.c:1729
#29 0x7fb6afe2a2ad in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#30 0x7fb6afe2a378 in __libc_start_main_impl ../csu/libc-start.c:360
#31 0x560fe89454e4 in _start ../sysdeps/x86_64/start.S:115
0x51300000b096 is located 12 bytes after 330-byte region [0x51300000af40,0x51300000b08a)
allocated by thread T0 here:
#0 0x7fb6b48fc777 in malloc ../../../../libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fb6b3a64c57 in __talloc_with_prefix ../../lib/talloc/talloc.c:783
#2 0x7fb6b3a66acf in __talloc ../../lib/talloc/talloc.c:825
#3 0x7fb6b3a66acf in _talloc_named_const ../../lib/talloc/talloc.c:982
#4 0x7fb6b3a66acf in _talloc_array ../../lib/talloc/talloc.c:2784
#5 0x7fb6b1e2b43e in parse_node_status ../../source3/libsmb/namequery.c:337
#6 0x7fb6b1e2b43e in node_status_query_recv ../../source3/libsmb/namequery.c:921
#7 0x560fe898cc4f in winbindd_wins_byip_done ../../source3/winbindd/winbindd_wins_byip.c:87
#8 0x7fb6b4ef8ae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#9 0x7fb6b4ef8d1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#10 0x7fb6b4ef8d84 in _tevent_req_done ../../lib/tevent/tevent_req.c:240
#11 0x7fb6b1e24c80 in node_status_query_done ../../source3/libsmb/namequery.c:904
#12 0x7fb6b4ef8ae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#13 0x7fb6b4ef8d1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#14 0x7fb6b4ef8d84 in _tevent_req_done ../../lib/tevent/tevent_req.c:240
#15 0x7fb6b1e250bc in nb_trans_done ../../source3/libsmb/namequery.c:756
#16 0x7fb6b4ef8ae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#17 0x7fb6b4ef8d1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#18 0x7fb6b4ef8d84 in _tevent_req_done ../../lib/tevent/tevent_req.c:240
#19 0x7fb6b1e270af in sock_packet_read_got_socket ../../source3/libsmb/namequery.c:537
#20 0x7fb6b4ef8ae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#21 0x7fb6b4ef8d1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#22 0x7fb6b4ef8d84 in _tevent_req_done ../../lib/tevent/tevent_req.c:240
#23 0x7fb6b33db183 in tdgram_recvfrom_done ../../lib/tsocket/tsocket.c:240
#24 0x7fb6b4ef8ae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#25 0x7fb6b4ef8d1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#26 0x7fb6b4ef8d84 in _tevent_req_done ../../lib/tevent/tevent_req.c:240
#27 0x7fb6b33e0d99 in tdgram_bsd_recvfrom_handler ../../lib/tsocket/tsocket_bsd.c:1087
#28 0x7fb6b33e0263 in tdgram_bsd_fde_handler ../../lib/tsocket/tsocket_bsd.c:811
#29 0x7fb6b4ef5ac1 in tevent_common_invoke_fd_handler ../../lib/tevent/tevent_fd.c:174
#30 0x7fb6b4f0b185 in epoll_event_loop ../../lib/tevent/tevent_epoll.c:696
#31 0x7fb6b4f0b185 in epoll_event_loop_once ../../lib/tevent/tevent_epoll.c:926
#32 0x7fb6b4f037b8 in std_event_loop_once ../../lib/tevent/tevent_standard.c:110
#33 0x7fb6b4ef3549 in _tevent_loop_once ../../lib/tevent/tevent.c:820
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Direct leak of 120 byte(s) in 1 object(s) allocated from:
#0 0x7f2f7f0fc777 in malloc ../../../../libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7f2f7ee24c57 in __talloc_with_prefix ../../lib/talloc/talloc.c:783
#2 0x7f2f7ee26acf in __talloc ../../lib/talloc/talloc.c:825
#3 0x7f2f7ee26acf in _talloc_named_const ../../lib/talloc/talloc.c:982
#4 0x7f2f7ee26acf in _talloc_array ../../lib/talloc/talloc.c:2784
#5 0x7f2f7e3f6a99 in data_blob_talloc_named ../../lib/util/data_blob.c:58
#6 0x7f2f7e3f6b1b in data_blob_named ../../lib/util/data_blob.c:40
#7 0x5570b9e36100 in test_lm_ntlm_broken ../../source3/utils/ntlm_auth_diagnostics.c:56
#8 0x5570b9e36b5d in test_ntlm ../../source3/utils/ntlm_auth_diagnostics.c:180
#9 0x5570b9e387f3 in diagnose_ntlm_auth ../../source3/utils/ntlm_auth_diagnostics.c:707
#10 0x5570b9e34efd in main ../../source3/utils/ntlm_auth.c:2855
#11 0x7f2f7ba2a2ad in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
Reviewed-by: Martin Schwenke <martin@meltin.net>
Direct leak of 192 byte(s) in 1 object(s) allocated from:
#0 0x7fc5afefc777 in malloc ../../../../libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fc5afaefc57 in __talloc_with_prefix ../../lib/talloc/talloc.c:783
#2 0x7fc5afaf18cf in __talloc ../../lib/talloc/talloc.c:825
#3 0x7fc5afaf18cf in _talloc_named_const ../../lib/talloc/talloc.c:982
#4 0x7fc5afaf18cf in _talloc_zero ../../lib/talloc/talloc.c:2421
#5 0x7fc5aeac4809 in loadparm_init_s3 ../../lib/param/loadparm.c:3223
#6 0x560ee34b3949 in main ../../source3/utils/ntlm_auth.c:2806
#7 0x7fc5ac62a2ad in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15732
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Oct 14 12:23:04 UTC 2024 on atb-devel-224
So far, the create context is used as it is sent by the client.
Now we first check whether posix extensions are negotiated.
Pair-Programmed-With: Ralph Boehme <slow@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Needed as in_file_info_class type to query posix filesystem information.
Used in the subsequent commit.
Pair-Programmed-With: Jule Anger <janger@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
It might be useful to see timestamps for some smbtorture tests.
Timestamps can be printed via 'debug syslog format=always'.
It can be specified either in smb.conf or directly via smbtorture option
-T 'OPTION=VALUE' smb.conf option line
However, smbtorture is not evaluating the option. It needs to call
reopen_logs()->debug_set_settings() to copy
'Globals.debug_syslog_format' to 'state->settings.debug_syslog_format'
$ bin/smbtorture3 //foo/bar -U% LOCAL-G-LOCK4 -d10 -T 'debug syslog format=always'
Before:
dbwrap_lock_order_unlock: release lock order 3 for /home/pfilipen/ws/projects/samba/smbtorture/st/client/lockdir/g_lock.tdb
waited
child 2473726 exited with 0
g_lock_lock_retry: watch_recv returned NT_STATUS_OK
After (see 1 sec delay):
2024-10-13T21:26:56.476859+00:00 addc.addom.samba.example.com smbtorture[2473806]: dbwrap_lock_order_unlock: release lock order 3 for /home/pfilipen/ws/projects/samba/smbtorture/st/client/lockdir/g_lock.tdb
waited
child 2473807 exited with 0
2024-10-13T21:26:57.487363+00:00 addc.addom.samba.example.com smbtorture[2473806]: g_lock_lock_retry: watch_recv returned NT_STATUS_OK
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
stat opens should not cause a oplock/lease downgrade if
they don't have a lease attached to itself.
Note that opens broken to NONE still count if they are
non-stat opens...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15649
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15651
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Oct 10 13:59:18 UTC 2024 on atb-devel-224
vfs_glusterfs is supposed to be the last entry when listed with
other vfs modules. This is due to the fact that the connection path
is not local to the server but relative to the virtual remote file
system beneath it. Especially SMB_VFS_FS_CAPABILITIES implementation
from vfs_default is likely to return incorrect results based on the
connection path assumed to be local to the server which might not be
the case with glusterfs module stacked. Therefore it doesn't make sense
to pass through any vfs interface implementations further down the line
to vfs_default.
Instead make use of get_fs_capabilties to start with already known fs
capabilties from connect phase.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15716
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Oct 7 13:36:11 UTC 2024 on atb-devel-224
Make use of get_fs_capabilties to start with already known fs
capabilties from connect phase.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15716
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
SMB_VFS_STATVFS implementation for vfs_ceph_new failed to fill in the
FsCapabilities field for vfs_statvfs_struct. Insert the minimum
required values for defining the capabilties of a ceph file system.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15716
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
vfs_ceph is supposed to be the last entry when listed with other vfs
modules. This is due to the fact that the connection path is not local
to the server but relative to the virtual remote file system beneath
it. Especially SMB_VFS_FS_CAPABILITIES implementation from vfs_default
is likely to return incorrect results based on the connection path
assumed to be local to the server which might not be the case with
ceph module stacked. Therefore it doesn't make sense to pass through
any vfs interface implementations further down the line to vfs_default.
Instead make use of get_fs_capabilties to start with already known fs
capabilties from connect phase.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15716
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
SMB_VFS_STATVFS implementation for vfs_ceph failed to fill in the
FsCapabilities field for vfs_statvfs_struct. Insert the minimum
required values for defining the capabilties of a ceph file system.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15716
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Make use of get_fs_capabilties to start with already known fs
capabilties from connect phase.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15716
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
We create a new helper function to retrieve the fs capabilties via
STATVFS call. Additionally set other capabilities based on specific
parametric options. This is 99.9% taken from SMB_VFS_FS_CAPABILITIES
implementation of vfs_default in preparation to be called from any
required vfs module.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15716
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Obvious omission
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sun Oct 6 02:25:09 UTC 2024 on atb-devel-224
This should fix a few Coverity Resource Leak findings. Coverity does
not understand that SMB_ASSERT aborts the program, so it believes if
realloc fails we leak the previous allocation. Those are false
positives, but doing it this way does not cost much.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
ADD_TO_ARRAY with an explicit NULL mem_ctx is only used in 3
places. I've checked the other places, and I think I made sure that the
mem_ctx being passed in is non-NULL everywhere else.
This makes the "legacy" use with SMB_REALLOC more obvious.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
d1846452e9 vfs: Add VFS_OPEN_HOW_WITH_BACKUP_INTENT introduced
VFS_OPEN_HOW_WITH_BACKUP_INTENT for files opened with
FILE_OPEN_FOR_BACKUP_INTENT. shadow_copy2 refuses the open on a file if
any flage in how.resolve is set. Change the check in shadow_copy2 to
allow opening of files with VFS_OPEN_HOW_WITH_BACKUP_INTENT.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15730
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Oct 2 08:06:38 UTC 2024 on atb-devel-224
This fixes a O(n²) performance regression in notifyd. The problem was
that we had a watcher per notify instance. This changes the code to have
a watcher per notify db entry.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14430
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Oct 1 14:22:43 UTC 2024 on atb-devel-224
We could avoid relying on smbXcli_conn_remote_sockaddr() as much as
possible, because we aim to remove domain->conn.cli same day...
Also note that find_dc() always filled domain->dcaddr already
when cm_open_connection() calls store_current_dc_in_gencache().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Oct 1 11:01:35 UTC 2024 on atb-devel-224
The makes things easier to understand, because the callers
pass in &domain->dcaddr, which could also used as output value.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
In the end set_dc_type_and_flags should be removed completely, but
this is a good start in the right direction...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
We at least pass SEC_CHAN_LOCAL for internal domains,
only learned domains use SEC_CHAN_NULL.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
No need to use dssetup_DsRoleGetPrimaryDomainInformation that
only adds latency...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This means as domain member we require it also for our primary domain.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
The is not critical, but avoids using the ip address with
fallback to '*SMBSERVER' for connections to port 139.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
NO_MEMORY is the only possible error.
Pair-Programmed-With: Volker Lendecke <vl@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Oct 1 08:15:35 UTC 2024 on atb-devel-224
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Sep 30 17:03:55 UTC 2024 on atb-devel-224
We shouldd not rely on cli_state to be a valid pointer
(at least not when NCACN_IP_TCP is used...)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
pylibsmb is supposed to be used only internally, at least I hope this
has not made it into an API that is perceived to be publically used.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Sep 26 16:35:55 UTC 2024 on atb-devel-224
Remove enum perm_type: Only the _NEW_ defines were actually used, and
this made the logic harder for me to understand than necessary.
On the other hand, it forced you to think about what this is. Now you
could theoretically miss applying masks. Still, I like it better with
this patch.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Mostly symmetry reasons, we have the opposite function here as well
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Align naming with the perms functions, use the fact that the unix
types are numbered the way they are
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This way we could reuse the connection already created...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
We only need the logic to setup a full netlogon connection once...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
We either use security context multiplexing if negotiated and
just do an alter_context on the existing connection or
we create a new connection within the same association group.
This is basically what windows clients are doing...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Let the caller decide if it wants to keep the netlogon connection...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This will allow us to use it without creating a new
association group and transport connection.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This will allow to do an alter context if security context multiplexing
is negotiated or opening a new connection in the same association group.
The old connection will be kept open, but not used anymore...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This will allow NCACN_NP and NCACN_IP_TCP to support
alter_context with security context multiplexing
or otherwise more than one connection per association group.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This way cli_rpc_pipe_open() uses the same flow for
rpc_client_connection_np() and rpc_pipe_open_tcp_port().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This split out rpc_client_connection_np_send/recv, which will
be used as shortcut in a later commit.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Note that cli_rpc_pipe_open() calls rpc_client_association_create()
without a need for NCACN_NP, but that will change in the next commits...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
For rpc_pipe_open_local_np() it's not really important to abstract
these out, but we want to have these for all...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
For rpc_pipe_open_ncalrpc() it's not really important to abstract these
out, but we want to have these for all...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
They will be every useful for NCACN_NP and NCACN_IP_TCP,
so that we can support alter_context or more than one connection
per association group.
We mark the helpers as _UNUSED_ for now in order to compile...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
There's no need to have the ndr_interface_table at that stage...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This is ugly, but it's less ugly than doing it deep
inside of cli_spoolss.c and other code.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
All gensec backends support GENSEC_FEATURE_SIGN_PKT_HEADER, so there's
no point in negotiating header signing based on the
auth context used during the DCERPC Bind.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
We only ever create domain->lsa_pipe_tcp with
cli_rpc_pipe_open_schannel_with_creds() and hardcoded NCACN_IP_TCP.
And schannel_update_internal returns an error with
an auth level lower than DCERPC_AUTH_LEVEL_INTEGRITY.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
It's not per auth_context_id, currently there's no difference
but that will change in future...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Note we only need to call this once per connection, not after
each request...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Note we only need to call this once per connection, not after
each request...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
When turn-on 'log level = 3', sending SIGHUP to samba processes, for
example: smbd parent/children, smbd-notifyd, and smbd-cleanupd. Then
monitor log.smbd in order to parse sighup logs, it looks like the log level
is inconsistent among these processes: smbd parent/children use level 1,
and smbd-notifyd/smbd-cleanupd use level 3.
This patch raises sighup handler's log level from level 1 to level 3, which
is more consistent with smbd-notifyd by Commit 6e5bff80a0 ("s3:notifyd:
Handle sigup in notifyd to reparse smb.conf"), and smbd-cleanupd by Commit
57c1e115ec ("smbd: reopen logs on SIGHUP for notifyd and cleanupd").
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15706
Signed-off-by: Jones Syue <jonessyue@qnap.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Sep 25 01:38:02 UTC 2024 on atb-devel-224
Another leftover from symlinks in posix context to not open an fsp
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
To limit max_workers into 16 bits, cap it at UINT16_MAX (65535, not 65536)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
On a cluster we need to use the ctdb controlled database and not
a local secrets.tdb...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15714
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Sep 20 05:54:43 UTC 2024 on atb-devel-224
This will allow doing tests and make sure using anonymous credentials
doesn't cause false positive results...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15714
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Regression introduced by 55d98b29eb. D'oh!
We'll add a regression test for this soon,
but for now we want to unblocking testing from the linux
client...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15639
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Sep 19 21:27:07 UTC 2024 on atb-devel-224
Without this we leave stale sharemode entries around that can lead to all sorts
of havoc.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15624
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Sep 19 19:36:19 UTC 2024 on atb-devel-224
No change in behaviour, except that we now
also call fd_close() if vfs_default_durable_cookie()
failed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15624
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
This demonstrates the dead lock after a durable reconnect failed
because the stat info changed, the file can't be accessed anymore
as we leak the incomplete share mode entry in a still running
process.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15624
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
This allows to simulate durable reconnect failures because the stat
information of the file changed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15624
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Can be used to enable printing an error message if tevent event handlers ran
longer then three seconds. Also logs a message with a loglevel of 3 if there
were no events at hall.
Enabled by default with 'log level = 10' or
'smbd profiling level = on'...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15624
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Next commit adds timestamp variables to trace_state that want to be initialized
with the current time, so moving behind tv we can then just reuse tv for that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15624
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
By enabling this a process sending a lease break message to another process
holding a lease will start watching that process and if that process didn't
process the lease break within 10 seconds (cf server_id_watch_waited()), we log
a kernel stack backtrace of that process.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15624
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
This takes just PID and NODE:PID on a cluster.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15624
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
We only do if sys_have_proc_fds() returns true, so it's most likely
linux...
Enabled by default with log level 10...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15624
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
FreeIPA uses own procedure to retrieve keytabs and during the setup of
Samba on FreeIPA client the keytab is already present, only machine
account needs to be set in the secrets database.
'sync machine password to keytab' option handling broke this use case by
always attempting to contact a domain controller and failing to do so
(Fedora bug https://bugzilla.redhat.com/show_bug.cgi?id=2309199).
The original synchronizing machine account password to keytab feature
did not have a mechanism to disable its logic at all.
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Fri Sep 13 13:16:09 UTC 2024 on atb-devel-224
vfs_ceph_new dynamically loads the appropriate libcephfs shared
libraries which means that we don't statically link against it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Replace direct function calls with pointers holding their equivalent
addresses.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
userperm helpers will switch to function references instead of direct
invocation of APIs. This would mean the matching config structure is
passed to those helpers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
This is required to perform the cleanup when fsp extension destructor is
called as part of VFS_REMOVE_FSP_EXTENSION where mount information and
function references are to be used in upcoming changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
vfs_ceph_userperm_new() only need connection structure from handle
for fetching the current unix token. Therefore modify the signature
to accept just handle->conn.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Use dlysm() for assigning addresses to already declared libcephfs
low-level API function pointers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Pair-Programmed-With: Anoop C S <anoopcs@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Declare necessary libcephfs low-level APIs as function pointers to be
assigned with corresponding loadable addresses.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Pair-Programmed-With: Anoop C S <anoopcs@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Use dlopen() to load either of the shared libraries(libcephfs.so or
libcephfs_proxy.so) based on the configuration for 'proxy' module
parameter. Further down the line we will define the required APIs
as function pointers within the config structure.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Pair-Programmed-With: Anoop C S <anoopcs@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Provide early support for consuming yet to come libcephfs proxy[1] for
optimized resource utilization. For better control we make use of an
additional module specific option 'proxy' to specify the intent to load
proxy library. With the default value 'no' a regular cephfs connection
is established. There is also an 'auto' mode which can fall back to the
regular connection if proxy requirements are not met.
[1] https://github.com/ceph/ceph/pull/58376
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Consolidate all required configuration related data under a dedicated
structure named vfs_ceph_config. As of now it includes the location of
configuration file, file system name, ceph client user id and mount
related information. This is expected to grow in future with more
details as and when required. Apart from that small cleanups are also
done to make code more robust.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Pair-Programmed-With: Anoop C S <anoopcs@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Refactor the VFS hooks 'create_dfs_pathat_fn' and 'read_dfs_pathat_fn'
in 'vfs_ceph_new.c' to use libcephfs low-level APIs: instead of using
path-based operations (as done in legacy 'vfs_ceph.c') use inode based
operations to create and read msdfs symbolic-links values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Sep 11 19:09:41 UTC 2024 on atb-devel-224
format_debug_text() still splits up lines with separate write-calls, but
DEBUGADD is something that I would like to get rid of.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
reinit_after_fork() may panic or return an error on failure. When smbd
is started in interactive mode, it ignores the reinit_after_fork()
return status and unconditionally proceeds to smbd_process().
Similarly, if messaging_reinit() fails within reinit_after_fork() then
it will subsequently call ctdb_async_ctx_reinit() if clustering is
enabled.
There's no reason why these errors shouldn't be handled immediately, so
add appropriate error handling.
Found by code inspection; not seen in the wild.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Sep 4 09:53:01 UTC 2024 on atb-devel-224
When inherting permissions on the created stream, we call into the VFS to fetch
the streams security descriptor via inherit_access_posix_acl() ->
copy_access_posix_acl() -> SMB_VFS_SYS_ACL_SET_FD() passing the stream fsp which
triggers the assert SMB_ASSERT(!fsp_is_alternate_stream(fsp)) in
vfswrap_sys_acl_set_fd() in vfs_default.
Just passing the base fsp to the VFS fixes this.
vfs_streams_depot which *does use* distinct backend filesystem files for the
streams, currently does not apply permissions to the stream files at all, so the
incomplete behaviour of vfs_streams_depot is not affected by this change.
If in the future someone want to fix this defficiency in vfs_streams_depot, the
module code can use fsp->stream_fsp to base decisions in VFS ops whether the
module should carry out some action.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15695
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Sep 2 08:55:28 UTC 2024 on atb-devel-224
Commit 53c9269b (vfs_ceph_new: use low-level APIs for symlink/readlink)
introduced readlinkat using libcephfs low-level APIs. However, it does
not handle properly the case where readlinkat operates on empty name
string (see man readlinkat(2)), such as:
fd = openat(dirfd, symname, O_PATH | O_NOFOLLOW, 0);
readlinkat(fd, "", buf, bufsiz);
Handle this special case of readlinkat with empty name string by using
a reference to the symlink inode itself.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Fri Aug 30 10:42:27 UTC 2024 on atb-devel-224
As per MS-FSA 2.1.5.10.22 FSCTL_QUERY_ALLOCATED_RANGES, if response
range entries exceed in_max_output, then we should respond with
STATUS_BUFFER_OVERFLOW and a truncated output buffer.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15699
Reported-by: David Howells <dhowells@redhat.com>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Aug 28 08:54:11 UTC 2024 on atb-devel-224
Use 'auto' mode as the default for building ceph vfs modules so that an
explicit --enable-cephfs can reliably fail in the absence of required
dependencies.
ref: https://lists.samba.org/archive/samba/2024-August/249569.html
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Tue Aug 27 06:18:51 UTC 2024 on atb-devel-224
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Aug 22 10:38:09 UTC 2024 on atb-devel-224
Commit d00f20f3 ("vfs_ceph_new: debug-log upon libcephfs low-level
calls") introduced debug-logging before each call to libcephfs low-level
APIs. Unfortunately, one of the logging messages missed the terminating
newline ('\n') character.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: John Mulligan <jmulligan@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Wed Aug 21 14:18:07 UTC 2024 on atb-devel-224
I could not find any caller which uses rap_error outside of the
routine implementing the rap client call itself.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Aug 21 12:49:45 UTC 2024 on atb-devel-224
With renameat2(RENAME_NOREPLACE) being available
it's even better, as we don't even have the short
window where the incomplete directory is visible
to others.
The flow will be this:
tmp_name = ".::TMPNAME:D:$PID:client_name"
mkdirat(tmp_name, mode=client_mode);
prepare_acls(tmp_name);
renameat2(tmp_name, client_name, NOREPLACE);
if (EEXIST) {
unlinkat(tmp_name);
return EEXIST;
}
if (EINVAL) {
/* fallback if NOREPLACE is not supported */
mkdirat(client_name, mode=0);
if (EEXIST) {
unlinkat(tmp_name);
return EEXIST;
}
renameat(tmp_name, client_name);
}
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15693
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
We can use renameat2() without ifdef as libreplace always provides it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15693
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This will support renameat2-like operations in future.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15693
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Currently we do this in mkdir_internal():
mkdirat(client_name);
if (EEXIST) {
return EEXIST;
}
prepare_acls(client_name);
Note 'prepare_acls()' is a placeholder for the complex steps
it is doing to prepare the directory. During these steps
we have the problem that other clients already see
the directory and are able to create files or subdirectories
in it and these may not inherit the correct acls as
the their parent directory is not created completely.
I think I found a good strategie even without relying on
renameat2(RENAME_NOREPLACE).
We would do this instead:
tmp_name = ".::TMPNAME:D:$PID:client_name"
mkdirat(tmp_name, mode=client_mode);
prepare_acls(tmp_name);
mkdirat(client_name, mode=0);
if (EEXIST) {
unlinkat(tmp_name);
return EEXIST;
}
renameat(tmp_name, client_name);
So instead of having a long windows during prepare_acls,
we just have a short window between mkdirat(client_name, mode=0)
and renameat(tmp_name, client_name);
And in that short window the directory with the client_name
has a mode of 0, so it's not possible for other clients
to create files or subdirs in it.
As the mkdirat(client_name, mode=0) still catches
EEXIST the race where two clients try to create
the same client_name is closed as before,
so we don't need any other protection.
Following patches will make use of renameat2(RENAME_NOREPLACE),
but this already a very good improvement.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15693
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
We should have preparation steps as close as possible together.
We could move it for files as well, but that's a task for another
day...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15693
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
