IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Use accessor functions to get to this value. Tidies up much of
the user context code. Volker, please look at the changes in smbd/uid.c
to familiarize yourself with these changes as I think they make the
logic in there cleaner.
Cause smbd/posix_acls.c code to look at current user context, not
stored context on the conn struct - allows correct use of these
function calls under a become_root()/unbecome_root() pair.
Jeremy.
cross-device rename support has some major limitations:
- on huge files clients will timeout or hang
- ACLs and EA information is not retained
Usually a client will have to handle this. A Windows Server with a reparse
point will also just return NT_STATUS_NOT_SAME_DEVICE. We will now by default
do the same.
I will add a vfs module which will restore the old cross-device renames.
Ensure we don't use any of the create_options for Samba private
use. Add a new parameter to the VFS_CREATE call (private_flags)
which is only used internally. Renumber NTCREATEX_OPTIONS_PRIVATE_DENY_DOS
and NTCREATEX_OPTIONS_PRIVATE_DENY_FCB to match the S4 code).
Rev. the VFS interface to version 28.
Jeremy.
Supports negated arguments in configuration like:
full_audit:success = all !readdir !telldir !closedir
Update the manpage accordingly.
Part of BSO#4025
Final fix for the vfs_acl_xattr and vfs_acl_tdb code.
Ensure we can delete a file even if the underlying POSIX
permissions don't allow it, if the Windows permissions do.
Jeremy.
When setting an ACL without any of the user/group/other entries, ZFS
automatically creates them. This can at times confuse users a lot. This
parameter denies setting such an acl, users explicitly have to for example set
an ACE with everyone allowing nothing. Users need to be educated about this,
but this helps avoid a lot of confusion.
When returning an underlying ACL on a directory, normally on a
POSIX system it has no inheritable entries, which breaks the
Windows ACL when a user does a get/set of a Windows ACL on a
POSIX directory with no existing stored Windows ACL from
the Windows ACL editor. What happens is any new entry added
by the user gets set inheritable, but none of the others
entries are (as returned by default). So any new files then
only inherit the single new ACE entry (the one marked inheritable
by the ACL editor).
Fix this by faking up a default 3 element inheritable ACL that
represents what a user creating a POSIX file or directory will
get by default from the smbd code.
Jeremy.
Volker was right (dammit :-). It's much easier to catch
this case in the create_file() vfs call instead of trying
to do everything inside open() and mkdir(). Hook all these
functions to gain the desired effect.
Jeremy.
right. The previous bugs were due to the fact that get_nt_acl_internal()
could return an NTSTATUS error if there was no stored ACL blob, but
otherwise would return the underlying ACL from the filysystem. Fix
this so it always returns a valid acl if it can, and if it does not
its an error to be reported back to the client. This then changes
the inherit acl code. Previously we were trying to match Windows
by setting a minimal ACL on a new file that didn't inherit anything
from a parent directory. This is silly - the returned ACL wouldn't
match the underlying UNIX permissions. The current code will correctly
inherit from a parent if a parent has any inheritable ACE entries
that apply to the new object, but will return a mapping from the
underlying UNIX permissions if the parent has no inheritable entries.
This makes much more sense for new files/directories.
Jeremy.
posix_fallocate is more efficient than manual zero'ing the file. When
preallocation in kernel space is supported it's extremely fast. Support for
preallocation at fs layer via posix_fallocate and fallocate at kernel site
can be found in Linux kernel 2.6.23/glibc 2.10 with ext4, XFS and OCFS2. Other
systems that I know of which support fast preallocation in kernel space are
AIX 6.1 with JFS2 and recent Solaris versions with ZFS maybe UFS2, too.
People who have a system with preallocation in kernel space might want to set
"strict allocate = yes". This reduces file fragentation and it's also safer for
setups with quota being turned on.
As of today most systems still don't have preallocation in kernel space, and
that's why "strict allocate = no" will stay the default for now.
reads off the underlying filesystem. Ensure that vfs_acl_tdb.c
returns NT_STATUS_NOT_FOUND, not NT_STATUS_OBJECT_NAME_NOT_FOUND
when it can't find a blob matching the file.
Jeremy.
Fix ACL modules to test for permissions on open/mkdir/opendir.
Ensure that underlying ACLs are returned for directories/files with
no Windows xattr or tdb acls stored.
Jeremy.
down to NEXT-> before initializing. This allows us to
do cleanup (by calling DISCONNECT) if initialization
fails. Also fix vfs_acl_xattr which was failing to
call the NEXT connect function.
Jeremy.
in the "user.DOSATTRIB" EA. From the docs:
In Samba 3.5.0 and above the "user.DOSATTRIB" extended attribute has been extended to store
the create time for a file as well as the DOS attributes. This is done in a backwards compatible
way so files created by Samba 3.5.0 and above can still have the DOS attribute read from this
extended attribute by earlier versions of Samba, but they will not be able to read the create
time stored there. Storing the create time separately from the normal filesystem meta-data
allows Samba to faithfully reproduce NTFS semantics on top of a POSIX filesystem.
Passes make test but will need more testing.
Jeremy.
setting nanosecond timestamps using utimensat() was first supported by Linux
kernel 2.6.22 and glibc 2.6. It's specified in POSIX.1-2008.
This effectively makes us use Windows' full 100ns timestamp resolution -
actually just an improvement from 10^-6 to 10^-7.
For now Linux CIFS vfs will also just be able to make use of 100ns resolution,
not 1ns.
When racing to the open and loosing we may get a share_mode violation.
In this case handle the 1-second delay via a defferred open properly.
This requires us to retrieve the share_mode_lock before deferring
open so we don't dereference a NULL pointer assuming we already had
the lck because we were the first opener.
Two openers can stat a file at the same time, see that it doesn't exist,
and then both race to open it first. The loser will enter
onefs_open_file_ntcreate believing that the file doesnt exist, and thus
skip any current state lookups for that file. This includes setting
the file_id, and having a valid stat buffer.
Normally on first create the file_id will be set during the open, but
the second opener in this scenario may fail the open (oplock/share mode)
and file_id will not be set, nor will the stat buffer be valid.
In the error paths of this patch, we now double check that the file_id
and the stat buffer are valid before doing other operations.
When we use the CATIA vfs module and don't have any mapping specified,
we return NULL for the mapped_name, thereby resulting in segfaults.
When we don't have catia mapping, we should just use the old name
instead of returning NULL for the mapped_name.
Signed-off-by: Tim Prouty <tprouty@samba.org>
Since the catia translation is implemented for open, it should not
also be done in createfile. By removing createfile from catia,
translation is now done correctly for the primary open path.
In order to support systems that have custom createfile
implementations that don't eventually call SMB_VFS_OPEN,
SMB_VFS_TRANSLATE_NAME has been expanded to take an additional
argument that specifies direction.
Signed-off-by: Tim Prouty <tprouty@samba.org>
This patch builds out catia to allow fully configurable mappings,
including mappings from single byte to multi-byte characters.
Additionally, a much more complete list of vfs operations are now
covered.
Signed-off-by: Tim Prouty <tprouty@samba.org>