1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

819 Commits

Author SHA1 Message Date
Jeremy Allison
c35c38075c Remove the bool admin_user from conn struct. We no longer look at this to make access decisions.
Jeremy.
2010-03-15 15:39:41 -07:00
Jeremy Allison
6b2358e15e Pass "connection_struct *conn" into functions that currently use "current_user.XXX"
Will allow me to replace them with accessor functions.

Jeremy.
2010-03-15 14:49:11 -07:00
Jeremy Allison
4b85a0ea7f Rever e80ceb1d73 "Remove more uses of "extern struct current_user current_user;"."
As requested by Volker, split this into smaller commits.

Jeremy.
2010-03-15 14:48:54 -07:00
Jeremy Allison
a2be29dfa3 Missed a couple more uses of conn->server_info->ptok that need to be get_current_nttok(conn)
Centralize the root check into smb1_file_se_access_check()
so this is used by modules/vfs_acl_common.c also.

Jeremy.
2010-03-12 14:31:47 -08:00
Jeremy Allison
e80ceb1d73 Remove more uses of "extern struct current_user current_user;".
Use accessor functions to get to this value. Tidies up much of
the user context code. Volker, please look at the changes in smbd/uid.c
to familiarize yourself with these changes as I think they make the
logic in there cleaner.

Cause smbd/posix_acls.c code to look at current user context, not
stored context on the conn struct - allows correct use of these
function calls under a become_root()/unbecome_root() pair.

Jeremy.
2010-03-12 13:56:51 -08:00
SATOH Fumiyasu
c1fb657afc vfs_netatalk: Segfault if hide files or veto files has no ".AppleDouble" 2010-03-10 16:11:26 -08:00
Björn Jacke
0769a1833a s3: add vfs_crossrename
this module adds optional server-side support for limited rename operations
beyond filesystem boundaries, which was the previously the default.
2010-03-08 17:17:58 +01:00
Björn Jacke
583de7b582 s3: remove cross-device rename support from vfs_default
cross-device rename support has some major limitations:

- on huge files clients will timeout or hang
- ACLs and EA information is not retained

Usually a client will have to handle this. A Windows Server with a reparse
point will also just return NT_STATUS_NOT_SAME_DEVICE. We will now by default
do the same.

I will add a vfs module which will restore the old cross-device renames.
2010-03-08 17:17:52 +01:00
Jeremy Allison
c61c9c3a4c Fix for bug #7189 - Open txt files with notepad on samba shares creates problem.
Ensure we don't use any of the create_options for Samba private
use. Add a new parameter to the VFS_CREATE call (private_flags)
which is only used internally. Renumber NTCREATEX_OPTIONS_PRIVATE_DENY_DOS
and NTCREATEX_OPTIONS_PRIVATE_DENY_FCB to match the S4 code).
Rev. the VFS interface to version 28.

Jeremy.
2010-03-05 15:13:37 -08:00
Björn Jacke
d18840830e s3:vfs_aixacl2: add missing semicolon
fixes #7197. Thanks to William Jojo for the correction.
2010-03-02 13:00:19 +01:00
Holger Hetterich
99fc004e40 s3: vfs_full_audit.c: implement negated vfs_ops in the success/failure list
Supports negated arguments in configuration like:
full_audit:success = all !readdir !telldir !closedir
Update the manpage accordingly.
Part of BSO#4025
2010-02-28 11:35:18 +01:00
Günther Deschner
6cf10cc102 s3-modules: fix get_acl_blob in the acl_tdb VFS module.
Shuttle-reviewed by jra :)

Guenther
2010-02-18 02:17:50 +01:00
Andrew Tridgell
95e26884a8 s3-vfs: use TYPESAFE_QSORT() in s3 VFS modules 2010-02-14 18:44:20 +11:00
Jeremy Allison
ed0e0a2005 Fix bad use when freeing linked list. Todd Stecher (Original author) please check !
Jeremy.
2010-02-10 16:23:33 -08:00
Andrew Tridgell
f592d42047 s3-perfcount: update to use new DLIST macros
(cherry picked from commit a13b507f2d8be7f90c8872094cd0732926a6fcbb)
2010-02-10 15:41:22 -08:00
Björn Jacke
d1c7d7d21a vfs_catia: fix return type warnings 2010-02-09 10:11:29 +01:00
Jeremy Allison
e425162933 Fix bug #6876 for acl_tdb module.
As pointed out by bj@sernet.de, the rmdir module initializer was
duplicated. Fix this properly.

Jeremy.
2010-02-08 11:04:38 -08:00
Björn Jacke
328a6264a7 s3: fix build issue on Tru64
Thanks, Volker for the hint - acl_type is a macro on Tru64. Renamed it
to acltype. This fixes #7103.
2010-02-07 21:07:13 +01:00
Jeremy Allison
d899032636 Fix bug 7075 - bug in vfs_scannedonly rmdir implementation.
Check for NULL on opendir, correctly call next rmdir.

Jeremy.
2010-02-04 16:23:32 -08:00
Björn Jacke
ae95e8028c s3:vfs_scannedonly: fix build on HP-UX 2010-02-04 10:37:17 +01:00
Volker Lendecke
e00e6a2c96 s3: Simplify the code a bit: Catch (len==0) early 2010-02-03 12:34:25 -08:00
Jeremy Allison
de24209f0a Fix bug 7081 - vfs_expand_msdfs doesn't work correctly (with fix identified)
Fix inspired by idea from Eric Horst <erich@cac.washington.edu>.

Jeremy.
2010-02-02 16:43:41 -08:00
olivier
e95e3270d1 AIX doesn't have MSG_DONTWAIT 2010-01-29 15:26:36 +01:00
Ed Plese
a5ca70a867 Add localtime parameter to shadow_copy2. 2010-01-21 08:32:02 +01:00
Ed Plese
05cd30ba42 Add format parameter to shadow_copy2. 2010-01-21 08:30:01 +01:00
Ed Plese
bb6a917ece Add sort parameter to shadow_copy2. 2010-01-21 07:39:17 +01:00
Jeremy Allison
98a495f1e6 Modification of fix for bug 6876 - Delete of an object whose parent folder does not have delete rights fails even if the delete right is set on the object
Suggested by Volker. Reduce the surface area of the
become_root() unbecome_root() code to reduce the chance
of errors.

Jeremy.
2010-01-16 17:03:06 -08:00
Olivier Sessink
3c42e11ff3 Part 4 of bug #7028 - include scannedonly VFS module
Fix some issues with handling names ending in '/'.
2010-01-14 12:13:14 -08:00
SASAJIMA Toshihiro
ca84795205 Fix bug #7034 - vfs_cap causes signal 11 (SIGSEGV) 2010-01-12 21:43:23 -08:00
Jeremy Allison
ed457e07b9 Fix two uses of strncat -> strlcat. Ensure proper use of strncpy when setting socket name.
Jeremy.
2010-01-12 21:18:36 -08:00
Jeremy Allison
47c1d9b39f Fix bug #6876 - Delete of an object whose parent folder does not have delete rights fails even if the delete right is set on the object.
Final fix for the vfs_acl_xattr and vfs_acl_tdb code.
Ensure we can delete a file even if the underlying POSIX
permissions don't allow it, if the Windows permissions do.

Jeremy.
2010-01-12 16:04:44 -08:00
Volker Lendecke
2d4dda0688 s3: Lift the version of the scannedonly VFS module 2010-01-12 22:58:51 +01:00
Olivier Sessink
31e142854b s3: Add the "scannedonly" vfs virus scanner interface module 2010-01-12 22:57:18 +01:00
Volker Lendecke
0ad83813ee s3: Add a zfsacl:denymissingspecial parameter
When setting an ACL without any of the user/group/other entries, ZFS
automatically creates them. This can at times confuse users a lot. This
parameter denies setting such an acl, users explicitly have to for example set
an ACE with everyone allowing nothing. Users need to be educated about this,
but this helps avoid a lot of confusion.
2010-01-11 12:14:37 +01:00
Björn Jacke
350db0bf25 vfs_commit: print warning when no fsync support is there
this one was part of an old patch from jpeach.
2010-01-06 18:28:16 +01:00
Jeremy Allison
6dcbb84d48 Attempt to fix one of the last two bugs with the full Windows ACL support.
When returning an underlying ACL on a directory, normally on a
POSIX system it has no inheritable entries, which breaks the
Windows ACL when a user does a get/set of a Windows ACL on a
POSIX directory with no existing stored Windows ACL from
the Windows ACL editor. What happens is any new entry added
by the user gets set inheritable, but none of the others
entries are (as returned by default). So any new files then
only inherit the single new ACE entry (the one marked inheritable
by the ACL editor).

Fix this by faking up a default 3 element inheritable ACL that
represents what a user creating a POSIX file or directory will
get by default from the smbd code.

Jeremy.
2009-12-23 17:19:22 -08:00
Björn Jacke
fd5855608f s3: keep subsecond times on cross-filesystem moves and don't follow links 2009-12-09 02:58:40 +01:00
Björn Jacke
0d53ce7e07 s3: make sys_posix_fallocate more generic
this is in preparation for other preallocation methods to be introduced.
2009-12-08 21:16:31 +01:00
Björn Jacke
c8615b6a0c s3: allocate only "new" space, not "old" sparse space in the posix_fallocate path
this makes the posix_fallocate path work analogous to the manual allocate path.
2009-12-08 10:33:26 +01:00
Jeremy Allison
a24631007e parent_sd can never be null in this function, so don't
check for it.

Jeremy.
2009-12-07 14:41:09 -08:00
Jeremy Allison
12bac42a93 Hopefullt final fix for 6802 - acl_xattr.c module: A created folder does not properly inherit permissions from parent and 6938 - No hook exists to check creation rights when using acl_xattr module
Volker was right (dammit :-). It's much easier to catch
this case in the create_file() vfs call instead of trying
to do everything inside open() and mkdir(). Hook all these
functions to gain the desired effect.
Jeremy.
2009-12-07 14:36:12 -08:00
Jeremy Allison
3fe7dfd1d9 Remove smb_fname duplicates that just keep the same information as in fsp->fsp_name.
Moving towards making VFS_OPEN/VFS_MKDIR/VFS_RMDIR
handle based...
Jeremy.
2009-12-03 16:45:35 -08:00
Jeremy Allison
dfcc4115dd Remove unneeded argument from can_set_delete_on_close(). Ensure
can_set_delete_on_close() is correctly called before any setting
of the disposition bit (clean up the do_unlink() call).
Jeremy.
2009-12-02 18:06:40 -08:00
Björn Jacke
7c938d16a9 ѕ3: remove superfluous option check
this function is only called when strict alloc is set, no reason to check that twice.
2009-12-03 02:36:19 +01:00
Jeremy Allison
365c6b4ce0 Restructure the ACL code some more, get the internal semantics
right. The previous bugs were due to the fact that get_nt_acl_internal()
could return an NTSTATUS error if there was no stored ACL blob, but
otherwise would return the underlying ACL from the filysystem. Fix
this so it always returns a valid acl if it can, and if it does not
its an error to be reported back to the client. This then changes
the inherit acl code. Previously we were trying to match Windows
by setting a minimal ACL on a new file that didn't inherit anything
from a parent directory. This is silly - the returned ACL wouldn't
match the underlying UNIX permissions. The current code will correctly
inherit from a parent if a parent has any inheritable ACE entries
that apply to the new object, but will return a mapping from the
underlying UNIX permissions if the parent has no inheritable entries.
This makes much more sense for new files/directories.
Jeremy.
2009-12-02 15:02:28 -08:00
Jeremy Allison
148e79d156 Ensure check_parent_acl_common() only looks at stored
blobs - returns NT_STATUS_OK if there aren't any.
Jeremy.
2009-12-02 12:29:16 -08:00
Björn Jacke
95c1862610 s3: prefer posix_fallocate for doing "strict allocate"
posix_fallocate is more efficient than manual zero'ing the file. When
preallocation in kernel space is supported it's extremely fast. Support for
preallocation at fs layer via posix_fallocate and fallocate at kernel site
can be found in Linux kernel 2.6.23/glibc 2.10 with ext4, XFS and OCFS2. Other
systems that I know of which support fast preallocation in kernel space are
AIX 6.1 with JFS2 and recent Solaris versions with ZFS maybe UFS2, too.

People who have a system with preallocation in kernel space might want to set
"strict allocate = yes". This reduces file fragentation and it's also safer for
setups with quota being turned on.

As of today most systems still don't have preallocation in kernel space, and
that's why "strict allocate = no" will stay the default for now.
2009-12-02 21:21:43 +01:00
Jeremy Allison
486c8d57ec Ensure get_nt_acl_internal() only looks at the ACL blobs, not
reads off the underlying filesystem. Ensure that vfs_acl_tdb.c
returns NT_STATUS_NOT_FOUND, not NT_STATUS_OBJECT_NAME_NOT_FOUND
when it can't find a blob matching the file.
Jeremy.
2009-12-02 12:09:48 -08:00
Jeremy Allison
48f40793ae Fix DEBUG 0 -> DEBUG 10 (left over code).
Fix opendir status return if access denied.
Jeremy.
2009-11-30 16:56:35 -08:00
Jeremy Allison
bdc8c9d37c Fix bug 6938 : No hook exists to check creation rights when using acl_xattr module
Fix ACL modules to test for permissions on open/mkdir/opendir.
Ensure that underlying ACLs are returned for directories/files with
no Windows xattr or tdb acls stored.
Jeremy.
2009-11-30 16:50:34 -08:00
Jeremy Allison
8303bc49a4 Restructure the connect function code to always call
down to NEXT-> before initializing. This allows us to
do cleanup (by calling DISCONNECT) if initialization
fails. Also fix vfs_acl_xattr which was failing to
call the NEXT connect function.
Jeremy.
2009-11-30 15:53:04 -08:00
Volker Lendecke
69a68208bd s3: Restore "fake directory create times" as a share parameter 2009-11-29 11:22:05 +01:00
Volker Lendecke
e71c17b2b0 s3: "copy_reg" only looks at mode, uid, gid, atime and mtime (no birthtime) 2009-11-29 11:22:05 +01:00
Volker Lendecke
224691aa53 s3: Pass up fake_dir_create_times from atalk_build_paths
The callers only look at the mode
2009-11-29 11:22:04 +01:00
Volker Lendecke
44ce5603dd s3: Pass the "fake dir create times" parameter to sys_*stat
Step 0 to restore it as a per-share paramter
2009-11-29 11:22:01 +01:00
Jeremy Allison
7ed6f9f096 Fix bug 6892 - When a chown operation is issued via Windows Explorer, all ACLS are wiped out.
Merges existing DACLs when a ACL set operation comes in with only owner or group values set.
Jeremy.
2009-11-25 10:20:38 -08:00
Volker Lendecke
5c4885a26b Revert "s3: Make the implicit reference to Protocol in is_in_path() explicit"
This reverts commit f7b4151a64.
2009-11-23 16:35:00 +01:00
Volker Lendecke
0f8e2a6ebb Revert "s3: Move the global variable Protocol to struct smbd_server_connection"
This reverts commit c85a4c9ba4.
2009-11-23 16:34:59 +01:00
Volker Lendecke
c85a4c9ba4 s3: Move the global variable Protocol to struct smbd_server_connection 2009-11-21 20:49:17 +01:00
Volker Lendecke
f7b4151a64 s3: Make the implicit reference to Protocol in is_in_path() explicit 2009-11-21 20:49:17 +01:00
Volker Lendecke
d1c34d4054 s3: Replace some create_synthetic_smb_fname() calls
In very hot codepaths like the statcache copy_smb_filename and the subsequent
recursive talloc_free is noticable in the CPU load.
2009-11-18 23:16:13 +01:00
Volker Lendecke
f6650f5d19 s3: Do not talloc in readdir
This is a hot codepath (called from the stat cache)
2009-11-18 23:16:13 +01:00
Jeremy Allison
a770caed0f Remove "store create time" code, cause create time to be stored
in the "user.DOSATTRIB" EA. From the docs:
In Samba 3.5.0 and above the "user.DOSATTRIB" extended attribute has been extended to store
the create time for a file as well as the DOS attributes. This is done in a backwards compatible
way so files created by Samba 3.5.0 and above can still have the DOS attribute read from this
extended attribute by earlier versions of Samba, but they will not be able to read the create
time stored there. Storing the create time separately from the normal filesystem meta-data
allows Samba to faithfully reproduce NTFS semantics on top of a POSIX filesystem.
Passes make test but will need more testing.
Jeremy.
2009-11-17 14:55:02 -08:00
Jeremy Allison
a8769e6675 Second part of bugfix for 6865 - acl_xattr module: Has dependency that inherit acls = yes or xattrs are removed.
We also need dos filemode = true set as well.
Jeremy.
2009-11-11 18:35:18 -08:00
Michael Adam
73860163e7 s3:vfs_fs_capabilities: fix a debug message
Michael
2009-11-11 14:50:17 +01:00
Jeremy Allison
bd2ffb1c7a Fix bug 6865 - acl_xattr module: Has dependency that inherit acls = yes or xattrs are removed.
Jeremy.
2009-11-06 21:53:07 -08:00
Björn Jacke
51cb96271b s3: add support for full windows timestamps resolution on files
setting nanosecond timestamps using utimensat() was first supported by Linux
kernel 2.6.22 and glibc 2.6. It's specified in POSIX.1-2008.

This effectively makes us use Windows' full 100ns timestamp resolution -
actually just an improvement from 10^-6 to 10^-7.

For now Linux CIFS vfs will also just be able to make use of 100ns resolution,
not 1ns.
2009-11-04 15:54:51 +01:00
Jeremy Allison
921aa99b37 Start fixing the RAW-STREAMS test - ensure that the xattr
used to store the stream info in streams_depot.so is not
seen in when enumerating EAs.
Jeremy.
2009-10-29 16:14:12 -07:00
Barry Sabsevitz
3054fe46d9 Fix bug 6802 - A created folder does not properly inherit permissions from parent. 2009-10-23 11:50:29 -07:00
Jeremy Allison
f1d9960284 Add comment explaining about symlink following & posix.
Jeremy.
2009-10-16 18:13:06 -07:00
Jeremy Allison
ea3c077236 Last 2 VFS_STAT -> LSTAT fixes I can see in the modules code.
Jeremy.
2009-10-16 17:20:40 -07:00
Jeremy Allison
010dfbf1fd Fix one missing STAT -> LSTAT with POSIX pathnames in vfs_xattr_tdb.c. Caught by the torture tester. I love unit tests :-). Jeremy. 2009-10-16 16:38:59 -07:00
Andrew Tridgell
6e48aad3be s3: Fix vfs_shadow_copy2 to allow in-path @GMT-xxx 2009-10-13 20:34:24 +02:00
Abhidnya P Chirmule
ac774c4969 s3: Add access_mask to the flock VFS call 2009-10-06 18:52:06 +02:00
Jeremy Allison
6f22cd10ad Remove lots of duplicate code and move it into one
function vfs_stat_fsp(). Stops code looking at fsp->posix_open
except for exceptional circumstances.
Jeremy.
2009-10-02 13:45:38 -07:00
Jeremy Allison
1e322cf6a9 Fix more use of VFS_STAT when posix pathnames selected.
Jeremy.
2009-10-02 11:05:03 -07:00
Jeremy Allison
ce791d6645 Fix bug #6769 - symlink unlink does nothing.
Always use LSTAT for POSIX pathnames.
Jeremy.
2009-10-01 16:54:06 -07:00
Christian Ambach
de0f3b657d changed debuglevel for two messages in the GPFS module from 0 to 10 they spammed the logs on a test machine and they are just debug messages, so let's move them to the level of the other debug messages in the file
Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
2009-09-28 16:37:28 +02:00
Matthias Dieter Wallnöfer
506b0b6435 s3:vfs_default - correct function parameters 2009-09-24 23:49:41 +02:00
Steven Danneman
60433b154d s3 onefs: Fix 1 second share mode delay handling
When racing to the open and loosing we may get a share_mode violation.
In this case handle the 1-second delay via a defferred open properly.

This requires us to retrieve the share_mode_lock before deferring
open so we don't dereference a NULL pointer assuming we already had
the lck because we were the first opener.
2009-09-24 11:31:35 -07:00
Steven Danneman
74c0a7a1d3 s3 onefs: Fix a race condition exists in onefs_open.c between multiple opens to the same file.
Two openers can stat a file at the same time, see that it doesn't exist,
and then both race to open it first.  The loser will enter
onefs_open_file_ntcreate believing that the file doesnt exist, and thus
skip any current state lookups for that file.  This includes setting
the file_id, and having a valid stat buffer.

Normally on first create the file_id will be set during the open, but
the second opener in this scenario may fail the open (oplock/share mode)
and file_id will not be set, nor will the stat buffer be valid.

In the error paths of this patch, we now double check that the file_id
and the stat buffer are valid before doing other operations.
2009-09-24 11:31:21 -07:00
Zack Kirsch
5e9aade516 s3 onefs: Add some debugging/asserts to give more info when there is bad deferred open state.
Signed-off-by: Tim Prouty <tprouty@samba.org>
2009-09-24 11:19:00 -07:00
Tim Prouty
86b1a4cb86 s3: Add more helpful debugging to some of the streams code 2009-09-24 10:59:33 -07:00
Aravind Srinivasan
32ee976708 vfs catia: Fix a NULL dereference when CATIA is loaded with no mappings specified.
When we use the CATIA vfs module and don't have any mapping specified,
we return NULL for the mapped_name, thereby resulting in segfaults.
When we don't have catia mapping, we should just use the old name
instead of returning NULL for the mapped_name.

Signed-off-by: Tim Prouty <tprouty@samba.org>
2009-09-24 10:59:33 -07:00
Aravind Srinivasan
637901c242 vfs catia: Fix the double translation that was happening with createfile and open.
Since the catia translation is implemented for open, it should not
also be done in createfile.  By removing createfile from catia,
translation is now done correctly for the primary open path.

In order to support systems that have custom createfile
implementations that don't eventually call SMB_VFS_OPEN,
SMB_VFS_TRANSLATE_NAME has been expanded to take an additional
argument that specifies direction.

Signed-off-by: Tim Prouty <tprouty@samba.org>
2009-09-24 10:59:33 -07:00
Aravind Srinivasan
c870043b27 vfs catia: Fix a possible NULL dereference
Also free some unfreed memory.

Signed-off-by: Tim Prouty <tprouty@samba.org>
2009-09-24 10:59:33 -07:00
Volker Lendecke
50f248a06c s3: Forgot to check in one build failure for vfs_gpfs.c 2009-09-24 13:11:46 +02:00
Volker Lendecke
69447de175 s3: Remove an unused variable 2009-09-24 13:11:46 +02:00
Volker Lendecke
568f818a0f s3: Make the vfs_gpfs compile at least
Not sure whether it works in this state :-)
2009-09-24 12:55:14 +02:00
Volker Lendecke
44674efc81 s3:smbd: Attempt to fix the build on HP/UX 2009-09-18 03:42:45 +02:00
Abhidnya Chirmule
277597de85 To set file create/birth time in GPFS. Signed-off-by: Abhidnya Chirmule <achirmul@in.ibm.com> 2009-09-17 02:24:13 +02:00
Volker Lendecke
919559573c s3:vfs: Fix the build of vfs_tsmsm after the VFS rewrite 2009-09-17 02:07:11 +02:00
Volker Lendecke
444a05c28d s3: Fix reading beyond the end of a named stream in xattr_streams
This was found thanks to a test by Sivani from Microsoft against Samba at the
SDC plugfest
2009-09-16 03:42:36 +02:00
Volker Lendecke
00d7aad85a s3: Add some debugs to streams_xattr 2009-09-16 03:42:36 +02:00
Volker Lendecke
e94361e1e2 s3:vfs_catia: Make some fns static 2009-09-14 22:48:45 +02:00
Volker Lendecke
d3a6914e3b s3:vfs_catia: Use talloc_zero for simplification 2009-09-14 22:48:45 +02:00
Volker Lendecke
9dae2501f1 s3:vfs_modules: Fix Coverity ID 946: OVERRUN_STATIC
Tim, please check!
2009-09-14 22:48:45 +02:00
Volker Lendecke
0f65d33502 s3: Test short reads in the build farm 2009-09-14 07:13:22 +02:00
Jeremy Allison
f20c2e0fd4 Fix compile in a usually non-selected define.
Jeremy.
2009-09-09 13:54:47 -07:00
Aravind Srinivasan
ad88284038 s3: Major revamp for catia vfs module
This patch builds out catia to allow fully configurable mappings,
including mappings from single byte to multi-byte characters.
Additionally, a much more complete list of vfs operations are now
covered.

Signed-off-by: Tim Prouty <tprouty@samba.org>
2009-08-28 16:38:57 -07:00