IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Disallow "." in can_set_delete_on_close().
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Oct 12 21:07:27 CEST 2011 on sn-devel-104
Also start new folder lib/dbwrap/ where dbwrap_open.c is stored and
make the fallbacke implementation functoins non-static and create a
dbwrap_private.h header file that contains their prototypes.
Reported by herb@samba.org. Remove the (premature) optimization
on file close.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Jul 16 02:32:02 CEST 2011 on sn-devel-104
My previous patches fixed up all direct TDB callers, but there are a
few utility functions and the db_context functions which are still
using the old -1 / 0 return codes.
It's clearer to fix up all the callers of these too, so everywhere is
consistent: non-zero means an error.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Pair-Programmed-With: Michael Adam <obnox@samba.org>
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Mar 18 13:00:51 CET 2011 on sn-devel-104
this value when searching for specific share mode entries.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Mar 17 19:59:51 CET 2011 on sn-devel-104
Do this by keeping a linked list of delete on close tokens, one for
each filename that identifies a path to the dev/inode. Use the
jenkins hash of the pathname to identify the correct token.
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.
This includes (along with other security headers) dom_sid.h and
security_token.h
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
TDB_CLEAR_IF_FIRST tdb's. For tdb's like gencache where we open
without CLEAR_IF_FIRST and then with CLEAR_IF_FIRST if corrupt
this is still safe to use as if opening an existing tdb the new
hash will be ignored - it's only used on creating a new tdb not
opening an old one.
Jeremy.
This shrinks include/includes.h.gch by the size of 7 MB and reduces build time
as follows:
ccache build w/o patch
real 4m21.529s
ccache build with patch
real 3m6.402s
pch build w/o patch
real 4m26.318s
pch build with patch
real 3m6.932s
Guenther
Use accessor functions to get to this value. Tidies up much of
the user context code. Volker, please look at the changes in smbd/uid.c
to familiarize yourself with these changes as I think they make the
logic in there cleaner.
Cause smbd/posix_acls.c code to look at current user context, not
stored context on the conn struct - allows correct use of these
function calls under a become_root()/unbecome_root() pair.
Jeremy.
When a samba server process dies hard, it has no chance to clean up its entries
in locking.tdb, brlock.tdb, connections.tdb and sessionid.tdb.
For locking.tdb and brlock.tdb Samba is robust by checking every time we read
an entry from the database if the corresponding process still exists. If it
does not exist anymore, the entry is deleted. This is not 100% failsafe though:
On systems with a limited PID space there is a non-zero chance that between the
smbd's death and the fresh access, the PID is recycled by another long-running
process. This renders all files that had been locked by the killed smbd
potentially unusable until the new process also dies.
This patch is supposed to fix the problem the following way: Every process ID
in every database is augmented by a random 64-bit number that is stored in a
serverid.tdb. Whenever we need to check if a process still exists we know its
PID and the 64-bit number. We look up the PID in serverid.tdb and compare the
64-bit number. If it's the same, the process still is a valid smbd holding the
lock. If it is different, a new smbd has taken over.
I believe this is safe against an smbd that has died hard and the PID has been
taken over by a non-samba process. This process would not have registered
itself with a fresh 64-bit number in serverid.tdb, so the old one still exists
in serverid.tdb. We protect against this case by the parent smbd taking care of
deregistering PIDs from serverid.tdb and the fact that serverid.tdb is
CLEAR_IF_FIRST.
CLEAR_IF_FIRST does not work in a cluster, so the automatic cleanup does not
work when all smbds are restarted. For this, "net serverid wipe" has to be run
before smbd starts up. As a convenience, "net serverid wipedbs" also cleans up
sessionid.tdb and connections.tdb.
While there, this also cleans up overloading connections.tdb with all the
process entries just for messaging_send_all().
Volker
Final fix for the vfs_acl_xattr and vfs_acl_tdb code.
Ensure we can delete a file even if the underlying POSIX
permissions don't allow it, if the Windows permissions do.
Jeremy.
smbd just crashed on me: In a debug message I called a routine preparing a
string that itself used debug_ctx. The outer routine also used it after the
inner routine had returned. It was still referencing the talloc context
that the outer debug_ctx() had given us, which the inner DEBUG had already
freed.
To me "fill_share_mode_lock failed" is a "can't happen" alert. There is
however a perfectly valid case in get_file_infos() when the file is not open.
Change the corresponding debug message to level 10 and explain more.
This extends the file_id struct to add an additional generic uint64_t
field: extid. For backwards compatibility with dev/inodes stored in
xattr_tdbs and acl_tdbs, the ext id is ignored for these databases.
This patch should cause no functional change on systems that don't use
SMB_VFS_FILE_ID_CREATE to set the extid.
Existing code that uses the smb_share_mode library will need to be
updated to be compatibile with the new extid.
This patch adds 3 new VFS OPs for Windows byte range locking: BRL_LOCK_WINDOWS,
BRL_UNLOCK_WINDOWS and BRL_CANCEL_WINDOWS. Specifically:
* I renamed brl_lock_windows, brl_unlock_windows and brl_lock_cancel to
*_default as the default implementations of the VFS ops.
* The blocking_lock_record (BLR) is now passed into the brl_lock_windows and
brl_cancel_windows paths. The Onefs implementation uses it - future
implementations may find it useful too.
* Created brl_lock_cancel to do what brl_lock/brl_unlock do: set up a
lock_struct and call either the Posix or Windows lock function. These happen
to be the same for the default implementation.
* Added helper functions: increment_current_lock_count() and
decrement_current_lock_count().
* Minor spelling correction in brl_timeout_fn: brl -> blr.
* Changed blocking_lock_cancel() to return the BLR that it has cancelled. This
allows us to assert its the lock that we wanted to cancel. If this assert ever
fires, this path will need to take in the BLR to cancel, rather than choosing
on its own.
* Adds a small helper function: find_blocking_lock_record_by_id(). Used by the
OneFS implementation, but could be useful for others.
This replaces release_level2_oplocks_on_change with
contend_level2_oplock_begin/end in order to contend level2 oplocks
throughout an operation rather than just at the begining. This is
necessary for some kernel oplock implementations, and also lays the
groundwork for better correctness in Samba's standard level2 oplock
handling. The next step for non-kernel oplocks is to add additional
state to the share mode lock struct that prevents any new opens from
granting oplocks while a contending operation is in progress.
All operations that contend level 2 oplocks are now correctly spanned
except for aio and synchronous writes. The two write paths both have
non-trivial error paths that need extra care to get right.
RAW-OPLOCK and the rest of 'make test' are still passing with this
change.
Ok, here's the fix for the write times breakage
with the new tests in S4 smbtorture.
The key is keeping in the share mode struct
the "old_file_time" as the real write time,
set by all the write and allocation calls,
and the "changed_write_time" as the "sticky"
write time - set by the SET_FILE_TIME calls.
We can set them independently (although I
kept the optimization of not setting the
"old_file_time" is a "changed_write_time"
was already set, as we'll never see it.
This allows us to update the write time
immediately on the SMBwrite truncate case,
SET_END_OF_FILE and SET_ALLOCATION_SIZE calls,
whilst still have the 2 second delay on the
"normal" SMBwrite, SMBwriteX calls.
I think in a subsequent patch I'd like to
change the name of these from "old_file_time"
to "write_time" and "changed_write_time" to
"sticky_write_time" to make this clearer.
I think I also fixed a bug in Metze's original
code in that once a write timestamp had been
set from a "normal" SMBwriteX call the fsp->update_write_time_triggered
variable was set and then never reset - thus
meaning the write timestamp would never get
updated again on subsequent SMBwriteX's.
The new code checks the update_write_time_event
event instead, and doesn't update is there's
an event already scheduled.
Metze especially, please check this over for
your understanding.
Jeremy.
(This used to be commit 6f20585419)
being (correctly) used in the can_read/can_write checks for hide unreadable/unwritable
and this is more properly done using the functions in smbd/file_access.c.
Preparing to do NT access checks on all file access.
Jeremy.
(This used to be commit 6bfb06ad95)
Now that it is inside the vfs layer, this function should
not alter the fsp (i.e. set fsp->fh->fd = -1) anymore.
That belongs above the vfs layer.
Michael
(This used to be commit df264bf3e0)
This hides the pending close fds from the outside. Call order
of SMB_VFS_CLOSE is reversed. Originally, it was:
fd_close -> fd_close_posix -> SMB_VFS_CLOSE -> close
And now it is:
fd_close -> SMB_VFS_CLOSE -> fd_close_posix -> close
This is in preparation of removing the fd parameter
from the SMB_VFS_CLOSE function. But it is also the right
place for the pending close calls anyways.
Michael
(This used to be commit 3cf56b124a)
This is needed to implement the strange write time update
logic later. We need to store 2 time timestamps to
distinguish between the time the file system had before
the first client opened the file and a forced timestamp update.
metze
(This used to be commit 6aaa2ce0ee)
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3c)
- when cleaning up invalid locks make sure we mark the lck
struct as modified so it'll get saved back correctly (that
was the original intent).
Jeremy.
(This used to be commit cbf0829abc)
branch, please check if it fulfils your needs.
Two changes: The validation is not done inside the brlock.c traverse_fn,
it's done as a separate routine.
Secondly, this patch does not call the checker routines in smbcontrol
directly but depends on a running smbd.
(This used to be commit 7e39d77c1f)
This replaces the internal explicit dev/ino file id representation by a
"struct file_id". This is necessary as cluster file systems and NFS
don't necessarily assign the same device number to the shared file
system. With this structure in place we can now easily add different
schemes to map a file to a unique 64-bit device node.
Jeremy, you might note that I did not change the external interface of
smb_share_modes.c.
Volker
(This used to be commit 9b10dbbd5d)
lock we know nothing about that we retry the lock every
10 seconds instead of waiting for the standard select
timeout. This is how we used to (and are supposed to)
work.
Jeremy.
(This used to be commit fa18fc25a5)
locking/locking.c we have to send retry messages to timed lock holders.
The majority of this patch passes a "struct messaging_context" down
there. No functional change, survives make test.
(This used to be commit bbb5084146)
This changes "struct process_id" to "struct server_id", keeping both is
just too much hassle. No functional change (I hope ;-))
Volker
(This used to be commit 0ad4b1226c)
Windows Vista RC1 and RC2 can't delete directory on Samba share
based on work by Joe Meadows <jmeadows@webopolis.com>.
Jeremy.
(This used to be commit 2dab892876)
Move more error code returns to NTSTATUS.
Client test code to follow... See if this
passes the build-farm before I add it into
3.0.25.
Jeremy.
(This used to be commit 83dbbdff34)
works - even with the strange "initial delete on close"
semantics. The "initial delete on close" flag isn't
committed to the share mode db until the handle is
closed, and is discarded if any real "delete on close"
was set. This allows me to remove the "initial_delete_on_close"
flag from the share db, and move it into a BOOL in files_struct.
Warning ! You must do a make clean after this. Cope with
the wrinkle in directory delete on close which is done
differently from files. We now pass all Samba4 smbtortute
BASE-DELETE tests except for the one checking that files
can't be created in a directory which has the delete on
close set (possibly expensive to fix).
Jeremy.
(This used to be commit f2df77a149)
Allow us to correctly refuse to set delete on close on a
non-empty directory. There are still some delete-on-close
wrinkles to be fixed, but I understand how to do that better
now. I'll fix this tomorrow.
Jeremy.
(This used to be commit 0296358858)
a POSIX lock (applying a read-lock) and we overlap
pending read locks then send them an unlock message,
we may have allowed them to proceed.
Jeremy.
(This used to be commit a7a0b6ba50)
fix the messaging code to call the efficient calls :
save_re_uid()
set_effective_uid(0);
messaging_op
restore_re_uid();
instead of using heavyweight become_root()/unbecome_root()
pairs around all messaging code. Fixup the messaging
code to ensure sec_init() is called (only once) so that non-root
processes still work when sending messages.
This is a lighter weight solution to become_root()/unbecome_root()
(which swaps all the supplemental groups) and should be more
efficient. I will migrate all server code over to using this
(a similar technique should be used in the passdb backend
where needed).
Jeremy.
(This used to be commit 4ace291278)
of the lock array in order to delete them individually
it's also important to make a copy of the *size* of
this array. Otherwise the unlock decrements the termination
index of your for loop :-). Doh ! Big thanks to Volker
for showing me how to set up the build farm to track
this one down. This is not a 3.0.23a issue.
Jeremy.
(This used to be commit 2c82a159ae)
region between detecting a pending lock was needed
and when we added the blocking lock record. Make
sure that we hold the lock over all this period.
Removed the old code for doing blocking locks on
SMB requests that never block (the old SMBlock
and friends).
Discovered something interesting about the strange
NT_STATUS_FILE_LOCK_CONFLICT return. If we asked
for a lock with zero timeout, and we got an error
of NT_STATUS_FILE_LOCK_CONFLICT, treat it as though
it was a blocking lock with a timeout of 150 - 300ms.
This only happens when timeout is sent as zero and
can be seen quite clearly in ethereal. This is the
real replacement for old do_lock_spin() code.
Re-worked the blocking lock select timeout to correctly
use milliseconds instead of the old second level
resolution (far too coarse for this work).
Jeremy.
(This used to be commit b81d6d1ae9)
test. Phew - that was painful :-). But what it means
is that we now implement lock cancels and I can add
lock cancels into POSIX lock handling which will fix
the fast/slow system call issue with cifsfs !
Jeremy.
(This used to be commit f1a9cf075b)
requests. Maybe the Linux kernel OOM killer will
be kinder to smbd now :-). Back to tdbtorture
tests on cifsfs.
Jeremy.
(This used to be commit 1201383e7a)
We shouldn't allow this on the same smbd, but the cifsfs
client negotiates POSIX locks then sends Windows ones.
Doh ! Can't fix shipped client code....
Jeremy.
(This used to be commit 2f8cabe98d)
share_mode struct. Allows us to know the unix
uid of the opener of the file/directory. Needed
for info level queries on open files.
Jeremy.
(This used to be commit d929323d6f)
fsp pointers. Ensure we cope with this to pass Samba4
DENY tests (we used to pass these, there must have been
a regression with newer code). We now pass them.
Jeremy
(This used to be commit fd6fa1d4ea)
db. Make this db self-cleaning on first read of entry after
open, and also on smbstatus -b call. Needs more testing when
I get back from Boston but passes valgrind at first look.
Jeremy.
(This used to be commit c665310963)
case it's in a performace critical path and it *hurts* us.
Go back to plain malloc/free with an explicit destructor
call.
Jeremy.
(This used to be commit 1c99aed563)
into 3.0. Also merge the new POSIX lock code - this
is not enabled unless -DDEVELOPER is defined.
This doesn't yet map onto underlying system POSIX
locks. Updates vfs to allow lock queries.
Jeremy.
(This used to be commit 08e52ead03)
this allows us to experiment with ensuring the tdb hash
size for our open files and locking db are appropriately
sized. Make the hash size larger by default (10007 instead
of 1049) and make the locking db hash size the same as the
open file db hash size.
Jeremy.
(This used to be commit e7225f7e81)
realloc can return NULL in one of two cases - (1) the realloc failed,
(2) realloc succeeded but the new size requested was zero, in which
case this is identical to a free() call.
The error paths dealing with these two cases should be different,
but mostly weren't. Secondly the standard idiom for dealing with
realloc when you know the new size is non-zero is the following :
tmp = realloc(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
However, there were *many* *many* places in Samba where we were
using the old (broken) idiom of :
p = realloc(p, size)
if (!p) {
return error;
}
which will leak the memory pointed to by p on realloc fail.
This commit (hopefully) fixes all these cases by moving to
a standard idiom of :
p = SMB_REALLOC(p, size)
if (!p) {
return error;
}
Where if the realloc returns null due to the realloc failing
or size == 0 we *guarentee* that the storage pointed to by p
has been freed. This allows me to remove a lot of code that
was dealing with the standard (more verbose) method that required
a tmp pointer. This is almost always what you want. When a
realloc fails you never usually want the old memory, you
want to free it and get into your error processing asap.
For the 11 remaining cases where we really do need to keep the
old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR,
which can be used as follows :
tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the
pointer p, even on size == 0 or realloc fail. All this is
done by a hidden extra argument to Realloc(), BOOL free_old_on_error
which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR
macros (and their array counterparts).
It remains to be seen what this will do to our Coverity bug count :-).
Jeremy.
(This used to be commit 1d710d06a2)
correct system size. Fixed a bug that was accidentally introduced
by use of uint32 - uid was stored twice, not uid and gid.
Jeremy.
(This used to be commit 89db006997)
by saving the UNIX token used to set a delete on close flag,
and using it when doing the delete. libsmbsharemodes.so still
needs updating to cope with this change.
Samba4 torture tests to follow.
Jeremy.
(This used to be commit 23f16cbc2e)
always linearize into little-endian. Should fix all
Solaris issues with this, plus provide a cleaner base
moving forward for cluster-aware Samba where smbd's
can communicate across different compilers/architectures
(eventually these message will have to go cross-machine).
Jeremy.
(This used to be commit d01824b785)
that have open file handles to allow them to correctly
implement delete on close. There is a further correctness
fix I'm intending to add to this to cope with different share
paths, but not right now...
Jeremy.
(This used to be commit 932e337db8)
revving the minor version number for libsmbsharemodes (we
now have a new _ex interface that takes the share path
as well as the filename). Needed for #3303. Some code written
by SATOH Fumiyasu <fumiya@samba.gr.jp> included in the changes
to locking/locking.c. The smbstatus output is a bit of a mess
and needs overhauling...
Jeremy.
(This used to be commit 9d93af713f)
to be set in local.h. Change from the default (131) to
another prime (1049). Should this be an smb.conf tunable parameter
based on the number of open file descriptors available ?
If so what scaling factor ? More tests to follow.
Jeremy.
(This used to be commit 6a902ec49f)
can treat them similarly to file opens (delete on
close, share mode violations etc.). This fixes bug
#3216 I will up the default hash size on the locking
db in a later commit as this means more entries.
Jeremy.
(This used to be commit 1134abbbb3)
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d7)
tests on this as it's very late NY time (just wanted to get this work
into the tree). I'll test this over the weekend....
Jerry - in looking at the difference between the two trees there
seem to be some printing/ntprinting.c and registry changes we might
want to examine to try keep in sync.
Jeremy.
(This used to be commit c7fe18761e)
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f)
case when I was developing the deferred open case and made it
too tight. It will fire (incorrectly) and panic when a client
does a second open for a file with a different mid (multiplex-id)
request. Doh ! This is a perfectly valid thing for a client to
do (have two pending opens with different mids outstanding on
the same file) and currently when the first pending open expires
with a share violation the paranoia code will panic smbd.
It's a rare condition, but obvious now I've looked at the
code.
Fix for bug #1743.
Jeremy.
(This used to be commit e1bf108ae9)
* remove corrupt tdb and shutdown (only for printing tdbs, connections,
sessionid & locking)
* decrement smbd counter in connections.tdb in smb_panic()
* various Makefile hack to get things to link
'max smbd processes' looks like it might be broken. The counter KEY is not
being set. Will look into that tomorrow.
(This used to be commit 6e22c5da92)
queue if the posix lock failed with EACCES or EAGAIN (this means another
lock conflicts). Else return an error and don't queue the request.
Jeremy.
(This used to be commit 43fbc18fdc)
displaying pid_t, uid_t and gid_t values. This removes a whole lot of warnings
on some of the 64-bit build farm machines as well as help us out when 64-bit
uid/gid/pid values come along.
(This used to be commit f93528ba00)
