IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Not caught by make test as it's an extreme edge case for strange
incoming ACLs. I only found this as I'm making raw.acls and smb2.acls
pass against 3.6.x and 4.0.0 with acl_xattr mapped onto a POSIX backend.
An incoming inheritable ACE entry containing only one permission,
WRITE_DATA maps into a POSIX owner perm of "-w-", which violates
the principle that the owner of a file/directory can always read.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Nov 15 19:52:52 CET 2012 on sn-devel-104
Reviewed by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 14 02:19:46 CET 2012 on sn-devel-104
NT4 is long dead, and we should not change which ACL we return based
on what we think the client is. The reason we should not do this, is
that if we are using vfs_acl_xattr then the hash will break if we do.
Additionally, it would require that the python VFS interface set the
global remote_arch to fake up being a modern client.
This instead seems cleaner and removes untested code (the tests are
updated to then handle the results of the modern codepath).
The supporting 'acl compatability' parameter is also removed.
Andrew Bartlett
Reviewed by: Jeremy Allison <jra@samba.org>
Internally change the implementation to use SMB_VFS_GET_NT_ACL()
instead of SMB_VFS_FGET_NT_ACL() with a faked-up file struct.
Andrew Bartlett
Reviewed by: Jeremy Allison <jra@samba.org>
Change set_nt_acl_no_snum() to correctly set up the fsp.
This does a stat on a real fsp in set_nt_acl_no_snum.
Reviewed by: Jeremy Allison <jra@samba.org>
Reviewed by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Nov 10 20:25:48 CET 2012 on sn-devel-104
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Nov 7 17:18:06 CET 2012 on sn-devel-104
Otherwise smbstatus reports the wrong time for tree connects.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Mon Nov 5 20:43:23 CET 2012 on sn-devel-104
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Nov 2 10:09:36 CET 2012 on sn-devel-104
Reported-by: Sebastien LAVEZE <sebastien.laveze@mindspeed.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Tested-by: Sebastien LAVEZE <sebastien.laveze@mindspeed.com>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Oct 30 16:49:26 CET 2012 on sn-devel-104
This has been done.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Oct 29 20:12:18 CET 2012 on sn-devel-104
When we do a become_root()/unbecome_root() pair to temporarily
raise privilege, this NULLs out the NT token. If we're within
a become_root()/unbecome_root() pair then return the previous
token on the stack as our NT token. This is what we should be
using to check against NT ACLs in the file server. This copes
with security context changing when removing a file on close
under the context of another user (when 2 users have a file
open, one sets delete on close and then the other user has
to actually do the delete).
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Oct 29 16:26:20 CET 2012 on sn-devel-104
This makes vfs_default_durable_reconnect() simpler to read
and it reduces code duplication in the failure case handling.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 25 23:03:13 CEST 2012 on sn-devel-104
At durable reconnect, we check the stat info stored in the cookie against the
current stat data from the file we just opened. If any detail differs, we deny
the durable reconnect, because in that case it is very likely that someone
opened the file while the handle was disconnected, which has to be interpreted
as an oplock break.
Pair-programmed-with: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Oct 19 18:56:19 CEST 2012 on sn-devel-104
Pair-programmed-with: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Oct 19 17:12:29 CEST 2012 on sn-devel-104
If we close the low level FD, we should better update the write_time
if needed.
It's not unlikely that the client doesn't reclaim the durable handle,
in that case we may not close the after the durable timeout.
In such a case we should make sure that we at least update the write time
on disconnect, this makes sure backup applications notice that
the file was changed.
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
We need to call the pending write time update handler immediately.
Which means we don't wait exactly 2 seconds before updating the write time
after the first write.
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
This was used to maintain the connections.tdb database which is being removed.
We use info from the smbXsrv_tcon instead.
Signed-off-by: Michael Adam <obnox@samba.org>
retrieve the server connection from the smbXsrv_session argument instead.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
This removes one of the last callers of connetions_forall.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
1. This was broken since Samba 3.2. when ipv6 support was
added, it only worked for ipv6 addresses.
2. userspace tools only display the hostname field.
3. This is not really portable
metze
Signed-off-by: Michael Adam <obnox@samba.org>
Also update the info in the new smbXsrv structure.
This way we can log the remote name in status outputs.
metze
Signed-off-by: Michael Adam <obnox@samba.org>
according to coding guidelines
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct 17 14:37:58 CEST 2012 on sn-devel-104
non-existing quota support needs to be signaled by NT_STATUS_NOT_SUPPORTED,
not NT_STATUS_INVALID_PARAMETER
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Fri Oct 12 13:37:37 CEST 2012 on sn-devel-104
This simply linearlises the SMB_ACL_T (default and access acl for
directories) and the file owner, group and mode into a blob.
It will be useful for an improved vfs_acl_common.c that uses this sets
that, rather than the hash of the NT ACL, in the xattr
This will in turn insulate the stored hash from changes in the ACL
mapping.
Andrew Bartlett
This interface actually needs to match the get_nt_acl interface in
that the system ACL implmenetation may not be posix ACLs, and the blob
is not meant to be enforced to be of a particular system ACL
structure.
Andrew Bartlett
This makes it clear which context the returned SD is allocated on, as
a number of callers do not want it on talloc_tos().
As the ACL transformation allocates and then no longer needs a great
deal of memory, a talloc_stackframe() call is used to contain the
memory that is not returned further up the stack.
Andrew Bartlett
This changes from allocation on NULL to allocation on the supplied
memory context.
Currently that supplied context is talloc_tos() at the the final consumer of
the ACL.
Andrew Bartlett
they are different so should go through a mapping function. Ensure this is so.
Practically this does not matter, as for user permissions the mapping
function is an identity, and the extra bits we may add are ignored
anyway, but this makes the intent clear.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Oct 6 03:04:14 CEST 2012 on sn-devel-104
This reverts commit c251a6b044.
Remove this as we're planning to remove the security mask,
directory security mask parameters and only use create mask/directory mask.
This reverts commit dfd3c31a3f.
As Metze pointed out:
From MS-SMB2 section 2.2.4:
SMB2_NEGOTIATE_SIGNING_ENABLED
When set, indicates that security signatures are enabled
on the server. The server MUST set this bit, and the client MUST return
STATUS_INVALID_NETWORK_RESPONSE if the flag is missing.
I'll submit a documentation bug to fix#9222 that way.
Still sign if client request is signed, just don't negotiate it in
negprot or sessionsetup.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct 3 00:59:42 CEST 2012 on sn-devel-104
Currently we call FSET_NT_ACL to inherit any ACLs on create. However
FSET_NT_ACL uses the security mask/directory security mask parameters
instead of the create mask/directory mask parameters.
Swap them temporarily when creating to ensure the correct masks
are applied.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 2 22:27:17 CEST 2012 on sn-devel-104
With the prior code we assumed that we do not have kernel oplocks around
when we open a file because we handled samba-internal oplock breaks
before the open attempt.
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sat Sep 29 19:29:36 CEST 2012 on sn-devel-104
This is a significant behaviour change: We do not open the file under
the share mode lock anymore. This might lead to more open calls in case
of oplock breaks or sharing violations, but those are slow error paths
and as such might be not too performance sensitive. The benefit of this
patch is a significant reduction of complexity of open_file_ntcreate()
With the new behaviour, we call fcb_or_dos_open after open_file(). It
is open_file() that sets up the fsp so that fcb_or_dos_open can find it
in the list of fsps. Avoid finding the fsp we are just setting up.
This is a 1:1 copy&paste of the oplock/sharemode code that we do before
an existing file is opened. It is a prerequiste for a patch that removes
all of that handling before we open the file.
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Sep 27 02:51:42 CEST 2012 on sn-devel-104
The "else" is not necessary. In the if-branch we just returned.
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Sep 26 18:08:03 CEST 2012 on sn-devel-104
We always set state->te = NULL of TALLOC_FREE(state->te),
before calling smbd_smb2_request_dispatch(), so
open_was_deferred_smb2() always returned false, while dispatching
it again.
But it's remove_deferred_open_message_smb2_internal() which
should reset this state.
In developer mode validate_my_share_entries() did call smb_panic()
before.
metze
The "access_bits" clause is redundant. is_stat_open says that exactly
at least one of the stat_open_bits must be set and none else.
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Sep 25 20:05:06 CEST 2012 on sn-devel-104
To me this makes open_file_ntcreate a little easier to understand
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Sep 25 10:08:15 CEST 2012 on sn-devel-104
no point in calling this if printing was disabled and no spoolss service was started
this hurts CTDB clusters as the smbds on the cluster nodes will fight for the single record in the TDB
This fixes Bug 9197 - Disabling printing still makes smbd create and access printer_list.tdb
Because we should not call smbd_smb2_request_error() on an
request that is still running.
If the subreq implementes a cancel function, this should
take care of triggering smbd_smb2_request_error.
metze
Signed-off-by: Michael Adam <obnox@samba.org>
removes unnneccary checks/assignments for compound_related and next_status
and duplicate setting of error status.
And remove (now) unused next_status from struct smbd_smb2_request.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
If we can find a valid session or tcon we'll set it after the lookup,
but it need to make sure to reset it if we don't find the session.
This fixes a problem where a compound unrelated request between
related requests doesn't reset the session.
If we have 3 requests in a compound chain, request 3 should never
use the id's cached from request 1. It should only every inherit
handles from request 2.
metze
Replaces blanket root allow if set. Set to 'false' for
all current callers.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Sep 15 00:37:49 CEST 2012 on sn-devel-104
Sorry for the mistake, but the LastDir singleton cache in vfs_ChDir()
actually plays an important role. When we're processing a stream of
SMB1/SMB2/SMB3 requests we don't want to add a chdir()/getcwd()
system call pair on every request if they're all on the same connection
and dealing with the same base path.
I did some testing with a program that times 1,000,000 chdir()
requests vs. 1,000,000 strcmp requests and it's a penalty of 10x
doing the system calls.
Just because it's old code, doesn't mean it's bad :-(.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Sep 13 21:31:42 CEST 2012 on sn-devel-104
This will allow us to hash this, rather than the NT ACL it maps to.
This will in turn allow us to know if the NT ACL is valid even if we
have to change the mapping code.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Sep 12 07:06:01 CEST 2012 on sn-devel-104
Ensure we know after the destructor fires we're never going to
look at this again.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 12 03:00:21 CEST 2012 on sn-devel-104
The only difference between batch and exclusive oplocks is the time of
the check: Batch is checked before the share mode check, exclusive after.
Signed-off-by: Jeremy Allison <jra@samba.org>
We only grant durable handles for CIFS/SMB2 only access,
that means "kernel oplocks", "kernel share modes" and "posix locking"
need to be set to "no".
For now we also don't grant durable handles if delete on close
is active on the handle.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Pair-Programmed-With: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Sep 8 13:05:05 CEST 2012 on sn-devel-104
This does not yet cover persistent handle support which is also
negotiated through these create request blobs.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
When a client disconnects while we have aio open, there is no close
request that cleans up. We can't send out the replies anymore, so
just drop the aio requests that are pending.
Found using the new python lib writing multiple files simultaneously
TODO: check tdis and logoff
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Sep 8 01:27:34 CEST 2012 on sn-devel-104
Signed-off-by: Björn Jacke <bj@sernet.de>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Thu Sep 6 10:47:18 CEST 2012 on sn-devel-104
This should be essentially dead code, as while it is possible to disable sysquotas, the sysquotas has since 2003 supported the 4A varient used on IRIX.
Andrew Bartlett
Signed-off-by: Björn Jacke <bj@sernet.de>
This should be essentially dead code, as while it is possible to disable sysquotas, the sysquotas has since 2003 supported the 4A varient used on HPUX.
Andrew Bartlett
Signed-off-by: Björn Jacke <bj@sernet.de>
This is essentially dead code, as while it is possible to disable
sysquotas, the default for BSD is now to use sysquotas with the
addition of 4B support via the recent Darwin patch by James Peach.
NFS support has been in sysquotas for quite some time now.
Andrew Bartlett
Signed-off-by: Björn Jacke <bj@sernet.de>
This is essentially dead code, as while it is possible to disable sysquotas, the default
for Linux has been to use sysquotas for quite some time now.
Andrew Bartlett
Signed-off-by: Björn Jacke <bj@sernet.de>
Unicos machines are long gone now (Cray now make Linux compute nodes),
so remove the quota support.
Andrew Bartlett
Signed-off-by: Björn Jacke <bj@sernet.de>
Replace an if-statement by a direct assignment
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 5 01:56:46 CEST 2012 on sn-devel-104
