IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
In order to avoid the dependency on dos attribute for create_time we now
preserve the btime before parsing dos attribute which may update btime
from its value with an old one unless we explicitly reset dos attribute
with new create_time in SMB_VFS_FNTIMES implementation. Therefore have
an implementation for SMB_VFS_FGET_DOS_ATTRIBUTES to save and restore
updated create_time.
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Mon Apr 1 15:24:39 UTC 2024 on atb-devel-224
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Sat Jan 27 00:01:12 UTC 2024 on atb-devel-224
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Jan 26 16:56:59 UTC 2024 on atb-devel-224
This reverts commit 0e3836e396.
With capabilities preferred over become_root() we failed to achieve
the basic goal of storing NT ACLs in xattrs using vfs_acl_xattr. This
is due to the fact that apart from CAP_DAC_OVERRIDE it is manadatory
to have CAP_SYS_ADMIN for write access to xattrs from security
namespace[1]. Despite the option to configure the xattr name within
the module we should not anticipate and miss to consider xattrs from
security namespace which is far more protected even with our default
name "security.NTACL".
Theorotically we could make it work by adding another capability on
top of existing ones. But given the functions designed around this
area we may not be able to come up with a cleaner change which can
handle the fallback mechanism to become_root(). Any failure to set
the very first capability would put us in become_root() path where
further capabilities are mostly not required. Thus reverting to old
behaviour to always become_root() until we have a cleaner approach
to handle the fallback while modifying multiple capabilities at once.
[1] https://www.man7.org/linux/man-pages/man7/xattr.7.html
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This will be used in CI to have a gitlab runner without all modern Linux
features we make use of as part of path processing:
- O_PATH
- openat2() with RESOLVE_NO_SYMLINKS
- somehow safely reopen an O_PATH file handle
That gives what a classix UNIX like AIX or Solaris offers feature wise.
Other OSes support other combinations of those features, but we leave the
exersize of possibly adding more runners supporting those combinations to the
reader.
The following list shows which features are available and used by Samba on a few
OSes:
| O_PATH | RESOLVE_NO_SYMLINKS | Safe reopen | CI covered
--------|----------------|---------------------|----------------------------
| Supported Used | Supported Used | Supported Used |
============================================================================
Linux | + + | + + | + + | +
FreeBSD | + + | + [1] - | + [2] - | -
AIX | - - | - - | - - | +
[1] via open() flag O_RESOLVE_BENEATH
[2] via open() flag O_EMPTY_PATH
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15549
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
The synthetic_pathref() call in shadow_copy2_get_real_filename_at()
fails if shadow:snapdir is set outside of the share root, it creates
an absolute path and non_widelink_open() blocks that.
We don't need shadow_copy2_get_real_filename_at() anymore because the
dirfsp already points at the correct directory in the snapshot
directory. So get_real_filename_full_scan_at() just works fine.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15556
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 16 19:44:53 UTC 2024 on atb-devel-224
Doing the previous version access checks and semantics at the SMB
layer means we can simplify the shadow_copy2 and remove the kludge.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Jan 8 16:58:26 UTC 2024 on atb-devel-224
Replaces the direct access to fsp->access_mask with a call to
check_any_access_fsp() which allows doing additional checks if needed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
The additional check if fd underlying fd is valid and not -1 should not be done
at this place. I actually would prefer an write to fail with EBADF if this
happens, as it's likely easier to debug why this happened. These days we should
always have a valid fd.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
As of libcephfs version-10.0.3 the high-level API has few more '*at()'
calls. Prefer those newer hooks over path-based when having an
appropriate directory fd (namely: ceph_mkdirat, ceph_openat,
cepth_unlinkat, ceph_symlinkat, ceph_readlinkat).
Ceph commit: 3831aa12f3
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15516
Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Gunther Deschner <gd@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Jan 4 21:09:54 UTC 2024 on atb-devel-224
Align getxattr logic with the rest of xattr hooks: call ceph_fgetxattr
with appropriate io-fd when 'is_pathref' is false; otherwise, call
ceph_getxattr.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15440
Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Nov 30 12:32:29 UTC 2023 on atb-devel-224
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Fri Nov 17 18:04:43 UTC 2023 on atb-devel-224
adouble_path() inside fruit_unlink_rsrc_adouble() prepend "._" to a basename,
lenth of apple double filename will exceed NAME_MAX if length of basename
is equal to NAME_MAX (or NAME_MAX-1).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15504
Signed-off-by: MikeLiu <mikeliu@qnap.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Nov 17 11:07:01 UTC 2023 on atb-devel-224
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Autobuild-User(master): Björn Jacke <bjacke@samba.org>
Autobuild-Date(master): Wed Nov 15 19:55:07 UTC 2023 on atb-devel-224
All stat DAC_CAP_OVERRIDE code is being moved to nfs4_acls.c to allow
reuse. Move the vfs_gpfs_fstatat function and rename it to the more
generic name nfs4_acl_fstat.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
All stat CAP_DAC_OVERRIDE code is being moved to nf4_acls.c to allow
reuse. Move the vfs_gpfs_lstat function and rename to the more generic
name nfs4_acl_lstat.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
All stat DAC_CAP_OVERRIDE code is moving to nfs4_acls.c to allow reuse.
Move the vfs_gpfs_fstat function and rename to the more generic name
nfs4_acl_fstat.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
All stat DAC_CAP_OVERRIDE code is moving to nfs4_acls.c to allow reuse
by other file system modules. Also rename the function to the more
generic name nfs4_acl_stat.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
All stat CAP_DAC_OVERRIDE code is moving to nfs4_acls.c to allow reuse
by other filesystem modules. Also rename the function to the slightly
more precise name stat_with_cap_dac_overide.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
All stat DAC_CAP_OVERRIDE code is being moved to nfs4_acls.c to allow
reuse by other filesystem modules.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
AT_EMTPY_PATH does not exist on AIX. Address this by implementing an
override for fstat. Implement the new override function in nfs4_acls.c
since all stat functions with DAC_CAP_OVERRIDE will be moved there to
allow reuse by other filesystems.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
