IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
down to NEXT-> before initializing. This allows us to
do cleanup (by calling DISCONNECT) if initialization
fails. Also fix vfs_acl_xattr which was failing to
call the NEXT connect function.
Jeremy.
in the "user.DOSATTRIB" EA. From the docs:
In Samba 3.5.0 and above the "user.DOSATTRIB" extended attribute has been extended to store
the create time for a file as well as the DOS attributes. This is done in a backwards compatible
way so files created by Samba 3.5.0 and above can still have the DOS attribute read from this
extended attribute by earlier versions of Samba, but they will not be able to read the create
time stored there. Storing the create time separately from the normal filesystem meta-data
allows Samba to faithfully reproduce NTFS semantics on top of a POSIX filesystem.
Passes make test but will need more testing.
Jeremy.
setting nanosecond timestamps using utimensat() was first supported by Linux
kernel 2.6.22 and glibc 2.6. It's specified in POSIX.1-2008.
This effectively makes us use Windows' full 100ns timestamp resolution -
actually just an improvement from 10^-6 to 10^-7.
For now Linux CIFS vfs will also just be able to make use of 100ns resolution,
not 1ns.
When racing to the open and loosing we may get a share_mode violation.
In this case handle the 1-second delay via a defferred open properly.
This requires us to retrieve the share_mode_lock before deferring
open so we don't dereference a NULL pointer assuming we already had
the lck because we were the first opener.
Two openers can stat a file at the same time, see that it doesn't exist,
and then both race to open it first. The loser will enter
onefs_open_file_ntcreate believing that the file doesnt exist, and thus
skip any current state lookups for that file. This includes setting
the file_id, and having a valid stat buffer.
Normally on first create the file_id will be set during the open, but
the second opener in this scenario may fail the open (oplock/share mode)
and file_id will not be set, nor will the stat buffer be valid.
In the error paths of this patch, we now double check that the file_id
and the stat buffer are valid before doing other operations.
When we use the CATIA vfs module and don't have any mapping specified,
we return NULL for the mapped_name, thereby resulting in segfaults.
When we don't have catia mapping, we should just use the old name
instead of returning NULL for the mapped_name.
Signed-off-by: Tim Prouty <tprouty@samba.org>
Since the catia translation is implemented for open, it should not
also be done in createfile. By removing createfile from catia,
translation is now done correctly for the primary open path.
In order to support systems that have custom createfile
implementations that don't eventually call SMB_VFS_OPEN,
SMB_VFS_TRANSLATE_NAME has been expanded to take an additional
argument that specifies direction.
Signed-off-by: Tim Prouty <tprouty@samba.org>
This patch builds out catia to allow fully configurable mappings,
including mappings from single byte to multi-byte characters.
Additionally, a much more complete list of vfs operations are now
covered.
Signed-off-by: Tim Prouty <tprouty@samba.org>
This vop is designed to work in tandem with SMB_VFS_READDIR to allow
vfs modules to make modifications to arbitrary filenames before
they're consumed by callers. Subsequently the core directory
enumeration code in smbd is now changed to free the memory that may be
allocated in a module. This vop enables the new version of catia in
the following patch.
Signed-off-by: Tim Prouty <tprouty@samba.org>
Explictly pass the facility from both smbd and full_audit to syslog.
Really the only major change is to not call openlog() in full_audit if
WITH_SYSLOG is defined, which implies that smbd is already using
syslog. This allows full audit to piggy-back on the same ident as
smbd, while still differentiating the logging via the facility.
This adds a parameter "gpfs:refuse_dacl_protected" that defaults to false.
GPFS has no place to store the SEC_DESC_DACL_PROTECTED ACL bit. With this
parameter we give customers an option to either ignore this bit or refuse
setting an ACL with it.
GPFS sets inherits dir_inhert and file_inherit flags
to files, too, which confuses windows, and seems to
be wrong anyways.
So when mapping a nfs4 acl to a windows acl, we map these
flags away for files.
Michael
This fixes viewing the content of snapshots in the share root directory. We
have to treat the filename that *just* consists of "@GMT-YYYY.MM.DD-HH.MM.SS"
like the share root, which is the current working directory.
into acl_tdb and acl_xattr. Duplicates the code size, but keeps
the code in common so I don't have to do bug fixes in two places
(which is what I really cared about).
Jeremy.
the hash function selectable. Upgrade version.
Compiles but not fully tested yet (coming). Make
vfs_acl_tdb.c compile - this needs updating to
match acl_xattr (also coming soon).
Jeremy.
This often times means explicitly denying certain operations on a stream
as they are not supported or don't make sense at a particular level. At
some point in the future these can be enabled, but for now it's better to
remove ambiguity
as GPFS does not support the ACE4_FLAG_NO_PROPAGATE NFSv4 flag (which would be the mapping for the DESC_DACL_PROTECTED flag), the status of this flag is currently silently ignored by Samba. That means that if you deselect the "Allow inheritable permissions..." checkbox in Windows' ACL dialog and then apply the ACL, the flag will be back immediately.
To make sure that automatic migration with e.g. robocopy does not lead to ACLs silently (and unintentionally) changed, this patch adds an explicit check for this flag and if set, it will return NT_STATUS_NOT_SUPPORTED so errors are shown up on the Windows side and the Administrator is aware of the ACLs not being settable like intended
Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
an underlying POSIX ACL is changed out from under us.
Passes RAW-ACL test up to "invalid owner" problem when
trying to create a file owned by Everyone. Now needs
porting to modules/vfs_acl_tdb.c
Jeremy.
SMB_VFS_CHFLAGS isn't actually getting the smb_filename struct for now
since it only operates on the basefile. This is the strategy for all
path-based operations that will never actually operate on a stream.
By clarifying the meaning of path based operations that don't take an
smb_filename struct, modules that implement streams such as vfs_onefs
no longer need to implement SMB_VFS_CHFLAGS to ensure it's only called
on the base_name.
user:10000036:rwxc:allow:FileInherit:DirInherit:InheritOnly
(X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED
(X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED
group:10000005:rwxc:allow
(X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED
(X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED
group:10000005:rwxc:allow:FileInherit:DirInherit:InheritOnly
(X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED
(X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED
would be merged to
user:10000036:rwxc:allow:FileInherit:DirInherit:InheritOnly
(X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED
(X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED
group:10000005:rwxc:allow:FileInherit:DirInherit:InheritOnly
(X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED
(X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED
so the explicit right for the user on the parent directory will be gone (the InheritOnly flag only accounts to subdirectories)
thus leaving the user without access to the directory itself
Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
This patch introduces two new temporary helper functions
vfs_stat_smb_fname and vfs_lstat_smb_fname. They basically allowed me
to call the new smb_filename version of stat, while avoiding plumbing
it through callers that are still too inconvenient. As the conversion
moves along, I will be able to remove callers of this, with the goal
being to remove all callers.
There was also a bug in create_synthetic_smb_fname_split (also a
temporary utility function) that caused it to incorrectly handle
filenames with ':'s in them when in posix mode. This is now fixed.
This was a little messy because of all of the vfs modules I had to
touch. Most of them were pretty straight forward, but the streams
modules required a little attention to handle smb_filename. Since the
use of smb_filename enables the vfs modules to access the raw,
over-the-wire stream, a little bit of the handling that was being done
by split_ntfs_stream_name has now been shifted into the individual
stream modules. It may be a little more code, but overall it gives
more flexibility to the streams modules, while also allowing correct
stream handling.
I used the smb_filename struct everywhere that was feasible for the
first pass. There are still some places in this path that need to be
changed to use smb_filename, but this is a good start.
I also:
- Removed fname/path arguments from a few functions that weren't
really using them.
- Added a utility function for detecting whether an smb_filename is a
stream.
This is required for the shadow_copy2 module and "wide links = no". The file
system snapshots by nature are typically outside of share directory. So the
REALPATH result fails the wide links = no test.
This patch introduces
struct stat_ex {
dev_t st_ex_dev;
ino_t st_ex_ino;
mode_t st_ex_mode;
nlink_t st_ex_nlink;
uid_t st_ex_uid;
gid_t st_ex_gid;
dev_t st_ex_rdev;
off_t st_ex_size;
struct timespec st_ex_atime;
struct timespec st_ex_mtime;
struct timespec st_ex_ctime;
struct timespec st_ex_btime; /* birthtime */
blksize_t st_ex_blksize;
blkcnt_t st_ex_blocks;
};
typedef struct stat_ex SMB_STRUCT_STAT;
It is really large because due to the friendly libc headers playing macro
tricks with fields like st_ino, so I renamed them to st_ex_xxx.
Why this change? To support birthtime, we already have quite a few #ifdef's at
places where it does not really belong. With a stat struct that we control, we
can consolidate the nanosecond timestamps and the birthtime deep in the VFS
stat calls.
At this moment it is triggered by a request to support the birthtime field for
GPFS. GPFS does not extend the system level struct stat, but instead has a
separate call that gets us the additional information beyond posix. Without
being able to do that within the VFS stat calls, that support would have to be
scattered around the main smbd code.
It will very likely break all the onefs modules, but I think the changes will
be reasonably easy to do.
This is the first of a series of patches that change path based
operations to operate on a struct smb_filename instead of a char *.
This same concept already exists in source4.
My goals for this series of patches are to eventually:
1) Solve the stream vs. posix filename that contains a colon ambiguity
that currently exists.
2) Make unix_convert the only function that parses the stream name.
3) Clean up the unix_convert API.
4) Change all path based vfs operation to take a struct smb_filename.
5) Make is_ntfs_stream_name() a constant operation that can simply
check the state of struct smb_filename rather than re-parse the
filename.
6) Eliminate the need for split_ntfs_stream_name() to exist.
My strategy is to start from the inside at unix_convert() and work my
way out through the vfs layer, call by call. This first patch does
just that, by changing unix_convert and all of its callers to operate
on struct smb_filename. Since this is such a large change, I plan on
pushing the patches in phases, where each phase keeps full
compatibility and passes make test.
The API of unix_convert has been simplified from:
NTSTATUS unix_convert(TALLOC_CTX *ctx,
connection_struct *conn,
const char *orig_path,
bool allow_wcard_last_component,
char **pp_conv_path,
char **pp_saved_last_component,
SMB_STRUCT_STAT *pst)
to:
NTSTATUS unix_convert(TALLOC_CTX *ctx,
connection_struct *conn,
const char *orig_path,
struct smb_filename *smb_fname,
uint32_t ucf_flags)
Currently the smb_filename struct looks like:
struct smb_filename {
char *base_name;
char *stream_name;
char *original_lcomp;
SMB_STRUCT_STAT st;
};
One key point here is the decision to break up the base_name and
stream_name. I have introduced a helper function called
get_full_smb_filename() that takes an smb_filename struct and
allocates the full_name. I changed the callers of unix_convert() to
subsequently call get_full_smb_filename() for the time being, but I
plan to eventually eliminate get_full_smb_filename().
The aio_fork module does not need this, as it does not communicate via signals
but with pipes. Watching a strace log with those become_root() calls in aio.c
is absolutely awful, and it does affect performance.
Often times before creating a file, a client will first query to see
if it already exists. Since some systems have a case-insensitive stat
that is called from unix_convert, we can definitively return
STATUS_NO_SUCH_FILE to the client without scanning the whole
directory.
This code path is taken from trans2querypathinfo, but trans2findfirst
still does a full directory scan even though the get_real_filename
(the case-insensitive stat vfs call) can prevent this.
This patch adds the get_real_filename call to the trans2find* path,
and also changes the vfs_default behavior for
SMB_VFS_GET_REAL_FILENAME. Previously, in the absence of a
get_real_filename implementation, we would fallback to the full
directory scan. The default behavior now returns -1 and sets errno to
EOPNOTSUPP. This allows SMB_VFS_GET_REALFILENAME to be called from
trans2* and unix_convert.
This bug prompted several, fairly large changes to the of OneFS's
readdirplus() within Samba.
One fundamental problem is that we kept our cache cursor pointed at the
next entry to be returned from onefs_readdir(), while the resume cookie
needed to refill the cache such that our cursor would be on this entry,
was located in the previous cache entry. This meant that to correctly handle
seekdir() cases which could be found within the existing cache, and cases
where a cache reload was needed, required that the cache always hold
at least two entries: the entry we wished to return, and the previous entry
which held the resume cookie. Since the readdirplus() syscall gives us no
guarantee that it will always return these two direntries, there was a
fundamental problem with this design.
To fix this problem, I have rearchitected the onefs_readdir() path to keep
its pointer on the entry which contains the resume_cookie, not the entry
which will be returned next. Essentially, I changed onefs_readdir() from a
"return an entry then increment the cursor" model to "increment the cursor
then return an entry". By doing this, we only require that a single entry
be within the cache: the entry containing the resume cookie.
Second, there have been numerous off-by-one bugs in my implementation of
onefs_seekdir() which did a mapping between the 64-bit resume cookie
returned by readdirplus() and its own monotonically increasing "location"
offset. Furthermore, this design caused a somewhat frequent waste of
cycles, as in some cases we'd need to re-enumerate the entire directory to
recover the current "location" from an old resume cookie. As this code was
somewhat difficult to understand, prone to bugs, and innefficient in some
cases I decided it was better to wholesale replace it now, rather than later.
It is possible to algorithmically map the 64-bit resume cookies from
readdirplus() into 32-bit offset values which SMB requires. The onefs.so
module now calls into a system library to do this conversion. This greatly
simplifies both the seekdir() and telldir() paths and is more efficient.
Not being able to open the shadow copy directory is the same as having no
shadow copy support at all. The VFS module should in this case not log with
debug level 0 and set ENOSYS to indicate "no shadow copies used" to the higher
levels.