1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

770 Commits

Author SHA1 Message Date
Holger Hetterich
2a643ef10c Introduce smb_traffic_analyzer protocol v2.
From Holger:
Make smb_traffic_analyzer differ the protocol versions to enable the development of version 2 of the protocol. To do this, a new parameter "protocol_version" has been introduced, which can be set to "V1", "V2", or nothing. If protocol_version is not set, V1 will be chosen automatically.

Created an enum for identifying VFS functions in the upcoming protocol v2. Converted the existing VFS functions to use the identifier, and set the read/write bool used in protocol v1 accordingly, also ignore any other VFS functions except read/write/pread/pwrite in v1. Added a first new VFS function for mkdir, which I use for testing and implementing both the sender and receiver for v2.
2010-03-16 09:52:08 -04:00
Jeremy Allison
c35c38075c Remove the bool admin_user from conn struct. We no longer look at this to make access decisions.
Jeremy.
2010-03-15 15:39:41 -07:00
Jeremy Allison
6b2358e15e Pass "connection_struct *conn" into functions that currently use "current_user.XXX"
Will allow me to replace them with accessor functions.

Jeremy.
2010-03-15 14:49:11 -07:00
Jeremy Allison
4b85a0ea7f Rever e80ceb1d73 "Remove more uses of "extern struct current_user current_user;"."
As requested by Volker, split this into smaller commits.

Jeremy.
2010-03-15 14:48:54 -07:00
Jeremy Allison
a2be29dfa3 Missed a couple more uses of conn->server_info->ptok that need to be get_current_nttok(conn)
Centralize the root check into smb1_file_se_access_check()
so this is used by modules/vfs_acl_common.c also.

Jeremy.
2010-03-12 14:31:47 -08:00
Jeremy Allison
e80ceb1d73 Remove more uses of "extern struct current_user current_user;".
Use accessor functions to get to this value. Tidies up much of
the user context code. Volker, please look at the changes in smbd/uid.c
to familiarize yourself with these changes as I think they make the
logic in there cleaner.

Cause smbd/posix_acls.c code to look at current user context, not
stored context on the conn struct - allows correct use of these
function calls under a become_root()/unbecome_root() pair.

Jeremy.
2010-03-12 13:56:51 -08:00
SATOH Fumiyasu
c1fb657afc vfs_netatalk: Segfault if hide files or veto files has no ".AppleDouble" 2010-03-10 16:11:26 -08:00
Björn Jacke
0769a1833a s3: add vfs_crossrename
this module adds optional server-side support for limited rename operations
beyond filesystem boundaries, which was the previously the default.
2010-03-08 17:17:58 +01:00
Björn Jacke
583de7b582 s3: remove cross-device rename support from vfs_default
cross-device rename support has some major limitations:

- on huge files clients will timeout or hang
- ACLs and EA information is not retained

Usually a client will have to handle this. A Windows Server with a reparse
point will also just return NT_STATUS_NOT_SAME_DEVICE. We will now by default
do the same.

I will add a vfs module which will restore the old cross-device renames.
2010-03-08 17:17:52 +01:00
Jeremy Allison
c61c9c3a4c Fix for bug #7189 - Open txt files with notepad on samba shares creates problem.
Ensure we don't use any of the create_options for Samba private
use. Add a new parameter to the VFS_CREATE call (private_flags)
which is only used internally. Renumber NTCREATEX_OPTIONS_PRIVATE_DENY_DOS
and NTCREATEX_OPTIONS_PRIVATE_DENY_FCB to match the S4 code).
Rev. the VFS interface to version 28.

Jeremy.
2010-03-05 15:13:37 -08:00
Björn Jacke
d18840830e s3:vfs_aixacl2: add missing semicolon
fixes #7197. Thanks to William Jojo for the correction.
2010-03-02 13:00:19 +01:00
Holger Hetterich
99fc004e40 s3: vfs_full_audit.c: implement negated vfs_ops in the success/failure list
Supports negated arguments in configuration like:
full_audit:success = all !readdir !telldir !closedir
Update the manpage accordingly.
Part of BSO#4025
2010-02-28 11:35:18 +01:00
Günther Deschner
6cf10cc102 s3-modules: fix get_acl_blob in the acl_tdb VFS module.
Shuttle-reviewed by jra :)

Guenther
2010-02-18 02:17:50 +01:00
Andrew Tridgell
95e26884a8 s3-vfs: use TYPESAFE_QSORT() in s3 VFS modules 2010-02-14 18:44:20 +11:00
Jeremy Allison
ed0e0a2005 Fix bad use when freeing linked list. Todd Stecher (Original author) please check !
Jeremy.
2010-02-10 16:23:33 -08:00
Andrew Tridgell
f592d42047 s3-perfcount: update to use new DLIST macros
(cherry picked from commit a13b507f2d8be7f90c8872094cd0732926a6fcbb)
2010-02-10 15:41:22 -08:00
Björn Jacke
d1c7d7d21a vfs_catia: fix return type warnings 2010-02-09 10:11:29 +01:00
Jeremy Allison
e425162933 Fix bug #6876 for acl_tdb module.
As pointed out by bj@sernet.de, the rmdir module initializer was
duplicated. Fix this properly.

Jeremy.
2010-02-08 11:04:38 -08:00
Björn Jacke
328a6264a7 s3: fix build issue on Tru64
Thanks, Volker for the hint - acl_type is a macro on Tru64. Renamed it
to acltype. This fixes #7103.
2010-02-07 21:07:13 +01:00
Jeremy Allison
d899032636 Fix bug 7075 - bug in vfs_scannedonly rmdir implementation.
Check for NULL on opendir, correctly call next rmdir.

Jeremy.
2010-02-04 16:23:32 -08:00
Björn Jacke
ae95e8028c s3:vfs_scannedonly: fix build on HP-UX 2010-02-04 10:37:17 +01:00
Volker Lendecke
e00e6a2c96 s3: Simplify the code a bit: Catch (len==0) early 2010-02-03 12:34:25 -08:00
Jeremy Allison
de24209f0a Fix bug 7081 - vfs_expand_msdfs doesn't work correctly (with fix identified)
Fix inspired by idea from Eric Horst <erich@cac.washington.edu>.

Jeremy.
2010-02-02 16:43:41 -08:00
olivier
e95e3270d1 AIX doesn't have MSG_DONTWAIT 2010-01-29 15:26:36 +01:00
Ed Plese
a5ca70a867 Add localtime parameter to shadow_copy2. 2010-01-21 08:32:02 +01:00
Ed Plese
05cd30ba42 Add format parameter to shadow_copy2. 2010-01-21 08:30:01 +01:00
Ed Plese
bb6a917ece Add sort parameter to shadow_copy2. 2010-01-21 07:39:17 +01:00
Jeremy Allison
98a495f1e6 Modification of fix for bug 6876 - Delete of an object whose parent folder does not have delete rights fails even if the delete right is set on the object
Suggested by Volker. Reduce the surface area of the
become_root() unbecome_root() code to reduce the chance
of errors.

Jeremy.
2010-01-16 17:03:06 -08:00
Olivier Sessink
3c42e11ff3 Part 4 of bug #7028 - include scannedonly VFS module
Fix some issues with handling names ending in '/'.
2010-01-14 12:13:14 -08:00
SASAJIMA Toshihiro
ca84795205 Fix bug #7034 - vfs_cap causes signal 11 (SIGSEGV) 2010-01-12 21:43:23 -08:00
Jeremy Allison
ed457e07b9 Fix two uses of strncat -> strlcat. Ensure proper use of strncpy when setting socket name.
Jeremy.
2010-01-12 21:18:36 -08:00
Jeremy Allison
47c1d9b39f Fix bug #6876 - Delete of an object whose parent folder does not have delete rights fails even if the delete right is set on the object.
Final fix for the vfs_acl_xattr and vfs_acl_tdb code.
Ensure we can delete a file even if the underlying POSIX
permissions don't allow it, if the Windows permissions do.

Jeremy.
2010-01-12 16:04:44 -08:00
Volker Lendecke
2d4dda0688 s3: Lift the version of the scannedonly VFS module 2010-01-12 22:58:51 +01:00
Olivier Sessink
31e142854b s3: Add the "scannedonly" vfs virus scanner interface module 2010-01-12 22:57:18 +01:00
Volker Lendecke
0ad83813ee s3: Add a zfsacl:denymissingspecial parameter
When setting an ACL without any of the user/group/other entries, ZFS
automatically creates them. This can at times confuse users a lot. This
parameter denies setting such an acl, users explicitly have to for example set
an ACE with everyone allowing nothing. Users need to be educated about this,
but this helps avoid a lot of confusion.
2010-01-11 12:14:37 +01:00
Björn Jacke
350db0bf25 vfs_commit: print warning when no fsync support is there
this one was part of an old patch from jpeach.
2010-01-06 18:28:16 +01:00
Jeremy Allison
6dcbb84d48 Attempt to fix one of the last two bugs with the full Windows ACL support.
When returning an underlying ACL on a directory, normally on a
POSIX system it has no inheritable entries, which breaks the
Windows ACL when a user does a get/set of a Windows ACL on a
POSIX directory with no existing stored Windows ACL from
the Windows ACL editor. What happens is any new entry added
by the user gets set inheritable, but none of the others
entries are (as returned by default). So any new files then
only inherit the single new ACE entry (the one marked inheritable
by the ACL editor).

Fix this by faking up a default 3 element inheritable ACL that
represents what a user creating a POSIX file or directory will
get by default from the smbd code.

Jeremy.
2009-12-23 17:19:22 -08:00
Björn Jacke
fd5855608f s3: keep subsecond times on cross-filesystem moves and don't follow links 2009-12-09 02:58:40 +01:00
Björn Jacke
0d53ce7e07 s3: make sys_posix_fallocate more generic
this is in preparation for other preallocation methods to be introduced.
2009-12-08 21:16:31 +01:00
Björn Jacke
c8615b6a0c s3: allocate only "new" space, not "old" sparse space in the posix_fallocate path
this makes the posix_fallocate path work analogous to the manual allocate path.
2009-12-08 10:33:26 +01:00
Jeremy Allison
a24631007e parent_sd can never be null in this function, so don't
check for it.

Jeremy.
2009-12-07 14:41:09 -08:00
Jeremy Allison
12bac42a93 Hopefullt final fix for 6802 - acl_xattr.c module: A created folder does not properly inherit permissions from parent and 6938 - No hook exists to check creation rights when using acl_xattr module
Volker was right (dammit :-). It's much easier to catch
this case in the create_file() vfs call instead of trying
to do everything inside open() and mkdir(). Hook all these
functions to gain the desired effect.
Jeremy.
2009-12-07 14:36:12 -08:00
Jeremy Allison
3fe7dfd1d9 Remove smb_fname duplicates that just keep the same information as in fsp->fsp_name.
Moving towards making VFS_OPEN/VFS_MKDIR/VFS_RMDIR
handle based...
Jeremy.
2009-12-03 16:45:35 -08:00
Jeremy Allison
dfcc4115dd Remove unneeded argument from can_set_delete_on_close(). Ensure
can_set_delete_on_close() is correctly called before any setting
of the disposition bit (clean up the do_unlink() call).
Jeremy.
2009-12-02 18:06:40 -08:00
Björn Jacke
7c938d16a9 ѕ3: remove superfluous option check
this function is only called when strict alloc is set, no reason to check that twice.
2009-12-03 02:36:19 +01:00
Jeremy Allison
365c6b4ce0 Restructure the ACL code some more, get the internal semantics
right. The previous bugs were due to the fact that get_nt_acl_internal()
could return an NTSTATUS error if there was no stored ACL blob, but
otherwise would return the underlying ACL from the filysystem. Fix
this so it always returns a valid acl if it can, and if it does not
its an error to be reported back to the client. This then changes
the inherit acl code. Previously we were trying to match Windows
by setting a minimal ACL on a new file that didn't inherit anything
from a parent directory. This is silly - the returned ACL wouldn't
match the underlying UNIX permissions. The current code will correctly
inherit from a parent if a parent has any inheritable ACE entries
that apply to the new object, but will return a mapping from the
underlying UNIX permissions if the parent has no inheritable entries.
This makes much more sense for new files/directories.
Jeremy.
2009-12-02 15:02:28 -08:00
Jeremy Allison
148e79d156 Ensure check_parent_acl_common() only looks at stored
blobs - returns NT_STATUS_OK if there aren't any.
Jeremy.
2009-12-02 12:29:16 -08:00
Björn Jacke
95c1862610 s3: prefer posix_fallocate for doing "strict allocate"
posix_fallocate is more efficient than manual zero'ing the file. When
preallocation in kernel space is supported it's extremely fast. Support for
preallocation at fs layer via posix_fallocate and fallocate at kernel site
can be found in Linux kernel 2.6.23/glibc 2.10 with ext4, XFS and OCFS2. Other
systems that I know of which support fast preallocation in kernel space are
AIX 6.1 with JFS2 and recent Solaris versions with ZFS maybe UFS2, too.

People who have a system with preallocation in kernel space might want to set
"strict allocate = yes". This reduces file fragentation and it's also safer for
setups with quota being turned on.

As of today most systems still don't have preallocation in kernel space, and
that's why "strict allocate = no" will stay the default for now.
2009-12-02 21:21:43 +01:00
Jeremy Allison
486c8d57ec Ensure get_nt_acl_internal() only looks at the ACL blobs, not
reads off the underlying filesystem. Ensure that vfs_acl_tdb.c
returns NT_STATUS_NOT_FOUND, not NT_STATUS_OBJECT_NAME_NOT_FOUND
when it can't find a blob matching the file.
Jeremy.
2009-12-02 12:09:48 -08:00
Jeremy Allison
48f40793ae Fix DEBUG 0 -> DEBUG 10 (left over code).
Fix opendir status return if access denied.
Jeremy.
2009-11-30 16:56:35 -08:00