IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This fixes a bug in 116ce19b, where we didn't clear the pid cache in
become_daemon() and thus the /var/run/smbd.pid didn't match the actual
pid of the parent process.
Currently S4 will clear the pid cache on fork but doesn't yet take
advantage of the pid cache by using sys_pid() instead of the direct
get_pid().
Implements a custom backend for onefs that exclusively uses the wbclient
interface for all passdb calls.
It lacks some features of a standard passdb.
In particular it's a read only interface and doesn't implement privileges.
This new backend is custom tailored to onefs' unique requirements:
1) No fallback logic
2) Does not validate the domain of the user
3) Handles unencrypted passwords
The OneFS Samba implementation of change notify is modeled after the
usage of Linux's inotify kernel subsystem. A single call is made
into the onefs.so VFS module to initialize kernel tracking of certain
file change events. When these events occur a kernel notification is
sent to smbd and the notification event is translated and given to the
general Samba Change Notify layer through a callback function.
The most difficult aspect is converting an SMB CompletionFilter to
a matching ifs_event mask, and then back to an appropriate change
notify action. Currently, not all possible cases are handled by the
this module, but the most prevalent ones, which are tested by
smbtorture, are implemented.
* Much of the beginning should look familiar, as I re-used the OneFS oplock
callback record concept. This was necessary to keep our own state around - it
really only consists of a lock state, per asynchronous lock that is currently
unsatisfied. The onefs_cbrl_callback_records map to BLRs by the id.
* There are 4 states an async lock can be in. NONE means there is no async
currently out for the lock, as opposed to ASYNC. DONE means we've locked
*every* lock (keep in mind a request can ask for multiple locks at a time.)
ERROR is an error.
* onefs_cbrl_async_success: The lock_num is incremented, and the state changed,
so that when process_blocking_lock_queue is run, we will try the *next* lock,
rather than the same one again.
* onefs_brl_lock_windows() has some complicated logic:
* We do a no-op if we're passed a BLR and the matching state is ASYNC --
this means Samba is trying to get the same lock twice, and we just need
to wait longer, so we return an error.
* PENDING lock calls happen when the lock is being queued on the BLQ -- we
do async in this case.
* We also do async in the case that we're passed a BLR, but the lock is not
pending. This is an async lock being probed by process_blocking_lock_queue.
* We do a sync lock for any normal first request of a lock.
* Failure is returned, but it doesn't go to the client unless the lock has
actually timed out.
OneFS provides the bulk directory enumeration syscall readdirplus(). This
syscall has the same semantics as the NFSv3 READDIRPLUS command, returning
a batch of directory entries with prefetched stat information via one
syscall.
This commit wraps the readdirplus() call in the existing POSIX
readdir/seekdir VFS interface. By default a batch of 128 directory entries
are optimistically read from the kernel into a global cache, and fed to
iterative calls of VFS_OP_READDIR.
The global buffers could be avoided in the future by hanging connection
specific buffers off the conn struct.
Added new parameter "onefs:use readdirplus" which toggles usage of this
code on or off.
A few functions in oplocks_onefs.c need to be accessed from the onefs
vfs module. It would be ideal if oplocks were implemented at the vfs
layer, but since they aren't yet, a new header is added to
source3/include to make these functions available to the onefs vfs
module. oplocks_onefs.o doesn't need to be linked into the onefs vfs
module explicitly, since it is already linked into smbd by default.
This changelist allows for the addition of custom performance
monitoring modules through smb.conf. Entrypoints in the main message
processing code have been added to capture the command, subop, ioctl,
identity and message size statistics.
The idea of this is that all client utils like smbpasswd and also for example
"net join" do not access our internal databases like passdb and secrets.tdb
directly anymore but pass everything throught the well-established RPC
interfaces.
The way you use this is the following: With rpc_cli_smbd_conn_init() or its
async variant you initialize a "struct rpc_cli_smbd_conn". This structure is
the link to a freshly forked smbd, ready to be used for RPC services. You
should only ever have one such structure in your program. More don't hurt, but
are plainly unnecessary.
If you want to use the SAMR pipe to change a passwort, you connect to that pipe
with rpc_pipe_open_local. Do you normal rpccli_samr calls on that and your
locally forked smbd will connect to passdb for you.
GD, this might make the distinction between the _l and _r calls in libnetapi
mostly unnecessary. At least it is intended to do so... :-)
- Adds new -c <custom conf> option to selftest.sh that when specified
adds a line to make test's server.conf: "include <custom conf>"
- Adds getopts processing to selftest.sh
- Changes selftest.sh shrdir arg to use -s <shrdir>
- Changes selftest.sh smbtorture4_path arg to use -t <smbtortur4 path>
- Adds configure option --with-selftest-custom-conf=<custom conf>
- Updates Makefile.in to take advantage of the new/changed parameters
This adds a lua command line interpreter with some sample code how to build
your own data types based on our internal data types.
Not meant as the final word, but as a playground for experiments for people.
Might be removed later when we find this turns out to be too awkward.
This is the first pass at extending the onefs vfs module to support
the CIFS-specific enhancements available on OneFS. Most of this patch
is massaging the sama open path to work with ifs_createfile.
ifs_createfile is a CIFS-specific syscall for opening/files and
directories. It adds support for:
- Full in-kernel access checks using a windows access_mask
- Cluster-coherent share mode locks
- Cluster-coherent oplocks
- Streams
- Setting security descriptors at create time
- Setting dos_attributes at create time
This patch does not implement the samba side of the streams support or
oplocks support. Tests that expect oplocks to be granted or streams
to be supported will fail. This will be remedied in upcoming patches.
Add to the OneFS VFS module, support for NTFS ACLs through the calls:
SMB_VFS_FGET_NT_ACL()
SMB_VFS_GET_NT_ACL()
SMB_VFS_FSET_NT_ACL()
Also create several new onefs specific smb.conf parameters in onefs.h
This removes the build-dependency on perl that was introduced in
commit e0905c3090.
The tables can now be re-built with "make ndr-tables".
This is also called by make samba3-idl to ensure that the tables
are updated after idl changes.
This hopefully fixes the build on some build farm hosts (e.g. gwen).
Michael
This causes make to fail on at least HP-UX and MacOS X with message
"no rule to make target -lz" or similar, when these object collections
are specified in dependencies.
Michael
Some systems need to have the tdbs (and other files required for samba
to run) on a different filesystem than the share directory that samba
is exporting.
This patch:
- Adds an optional "shrdir" argument to selftest.sh
- If shrdir is specified it will be used, otherwise the default
will be used: "<prefix>/tmp"
- Adds a new configure option: --with-selftest-shrdir
- Plumbs shrdir through Makefile.in and configure.in
This is to prevent problems with packaging scripts that pass CFLAGS
to make but not to make install...
Based on a patch for v3-2 by Martin Schwenke <martin@meltin.net>.
Michael
The util-linux-ng sources have a good, but rather complex scheme for
locking the mtab before updating it. Mount helpers need to follow the
same scheme. Advisory locking only works if everyone is using the same
locking scheme.
Copy the routines we need from util-linux-ng into a separate source file
and then have mount.cifs and umount.cifs link in this object.
The long term goal is to have these routines in a separate helper
library (libmount). Mount helpers can then dynamically link in that lib.
Until that happens, this should serve as a suitable stopgap solution.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
and other systems where sh does not support "export FOO=bar"
by separating setting and exporting the variable.
Thanks to Yasuma Takeda <yasuma@osstech.co.jp> for the patch.
Michael
This authenticates against a local running samba4 using SamLogonEx. We retrieve
the machine password using samba4's mymachinepwd script and store the schannel
key for re-use in secrets.tdb.
Used to gather data to feed to a database for live and historical
analysis of usage per user, per share, etc.
Helper apps to read the data still to come. This one still needs to be
made ipv6 enabled (connection is made to the helper app).
The adex idmap/nss_info plugin is an adapation of the Likewise
Enterprise plugin with support for OU based cells removed
(since the Windows pieces to manage the cells are not available).
This plugin supports
* The RFC2307 schema for users and groups.
* Connections to trusted domains
* Global catalog searches
* Cross forest trusts
* User and group aliases
Prerequiste: Add the following attributes to the Partial Attribute
Set in global catalog:
* uidNumber
* uid
* gidNumber
A basic config using the current trunk code would look like
[global]
idmap backend = adex
idmap uid = 10000 - 19999
idmap gid = 20000 - 29999
idmap config US:backend = adex
idmap config US:range = 20000 - 29999
winbind nss info = adex
winbind normalize names = yes
winbind refresh tickets = yes
template homedir = /home/%D/%U
template shell = /bin/bash
* Port the Likewise Open idmap/nss_info provider (renamed to
idmap_hash).
* uids & gids are generated based on a hashing algorithm that collapse
the Domain SID to a 31 bit number. The reverse mapping from the
high order 11 bits to the originat8ing sdomain SID is stored in
a has table initialized at start up.
* Includes support for "idmap_hash:name_map = <filename>" for the
name aliasing layer. The name map file consist of entries in
the form "alias = DOMAIN\name"
cifs.upcall links to libraries that live under /usr, so installing it
in /sbin doesn't seem appropriate. Move it to EPREFIX/sbin instead
(i.e. /usr/sbin).
Signed-off-by: Jeff Layton <jlayton@redhat.com>
(This used to be commit 5c9a1b2c98)
This starts the seplitting of libdir in to libdir and modulesdir.
Our shared libs should go into libdir, the internal shared modules,
codepages, and other stuff that was originally in libdir, should
go into modulesdir.
The idea behind this is, that in a typical installation,
the shared (and static) libraries (as libtalloc, libsmbclient,
libwbclient and others) should be put into /usr/lib, while
the e.g. the vfs modules should reside in /usr/lib/samba.
This is meant to ease the work of packagers and reduce
the needs for manual interaction and workarounds.
Michael
(This used to be commit b17d1ff646)
The symlink liballoc.so -> libtalloc.so.1 would have been
created unconditionally, independent of the existence of
libtalloc.so.1.
Michael
(This used to be commit 04974818bd)
This reverts commit fc9b30bed2.
Sorry, this got pushed by accident:
"This can not go upstream yet because it uses the non-GPL libgpfs."
Michael
(This used to be commit 26a3cf0be9)
This can not go upstream yet because it uses the non-GPL libgpfs. So it will
not be compiled by default and will not be included in the SOFS RPMs. But upon
Sven's request, we include it in the git tree and the source RPMs, so that it
can be built for in-house tests.
(This used to be commit fc9b30bed2)
This needs create_builtin_administrators() and create_builtin_users()
from token_utils now. Did not pop up because the only users of the
shared lib currently are the examples in lib/netapi/examples/
which are not automatically built.
Michael
(This used to be commit 8dca23a559)
The FreeBSD sed command doesn't understand \? without passing -E to turn
on extended regexps. This patch changes the DSO_EXPORTS_CMD regexp to a
POSIX compliant RE by switching the \+ to a \{1,\} bound and the \? to a
\{0,1\} bound.
(This used to be commit 0acc888ca9)
This adds an --enable-picky-developer option that will halt compilation
on warnings. Yes, this could be handled by a direct Makefile change, but
people should be encourage to do it!
(This used to be commit 10a2ab4077)
binary. The biggest change is that it renames it from cifs.spnego
to cifs.upcall since the cifs.spnego name really isn't applicable
anymore.
It also fixes a segfault when the program is run without any args
and adds a manpage. Comments and/or suggestions appreciated.
This set should apply cleanly to the 3.3 test branch.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeremy.
(This used to be commit c633f10d9e)
LIBSMBCLIENT_OBJ0 contains only the libsmb/libsmb_*.o files. We need the
more inclusive set of object files defined by LIBSMBCLIENT_OBJ1.
Derrell
(This used to be commit 6c33c62007)
This should fix some more picky makes when not building @LIBWBCLINET_SHARED@
Moreover, we want to link against -lwbclient, not against bin/libwbclient.so
anyways.
Michael
(This used to be commit 73582e4c51)
