IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
ported from the v3-4-ctdb branch to master
This used to be commit 1f138cc9f4a
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Oct 13 13:34:25 UTC 2010 on sn-devel-104
convert the onclose option of the vfs_syncops module from a
global option to a service-specific one
as preparation for further flags, use a struct to store in the VFS handle
instead of just the onclose flag
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.
This includes (along with other security headers) dom_sid.h and
security_token.h
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
the "protected" inheritance problem (bleeding up from the POSIX
layer).
Jeremy
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Oct 12 00:57:41 UTC 2010 on sn-devel-104
This breaks the perfcol_onefs() build.
Tim, Steve, this use of smbd_server_fd is replacable by calls into
substitute.c. I don't have a onefs environment around to build a fix, so I've
decided to insert an #error, making it not compile. The fix should be pretty
obvious, you can get the socket data via "%I" and "%i" substitutions.
With the hide unreadable option set, snapshots are be displayed
as empty with shadow_copy2 and a NFSv4 ACL module.
To prevent multiple conversions of the paths when the acl call
does a VFS_STAT (as the nfs4acl code does), a check was added
to convert_shadow2_name() so it will not touch paths any more
that look like they have already been converted.
Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
On normal or shutdown close, ensure we wait for any pending IO to
complete before returning. Implement a blocking aio_suspend inside
vfs_aio_fork.c. These changes pass make test when the aio_fork module
is used by default on the test shares.
Jeremy.
This matches the structure that new code is being written to,
and removes one more of the old-style named structures, and
the need to know that is is just an alias for struct dom_sid.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
Metze, you'll probably be happier with this work as it
doesn't abuse tevent in the way you dislike. This is a
first cut at the code, which will need lots of testing
but I'm hoping this will give people an idea of where I'm
going with this.
Jeremy.
Makes SMB2Create call re-entrant internally.
Now this infrastructure is in place, oplocks will follow shortly.
Tested with Win7 client and with W2K8R2.
Jeremy.
Rename functions to be internally consistent. Next step is
to cope queueing single (non-compounded) SMB2 requests to
put some code inside the stubs.
Jeremy.
This patch should remove all warnings coming up when compiling
traffic analyzer with configure.developer.
Re-activate the smb_traffic_analyzer_rmdir function by adding it's
vfs_fn_pointer to vfs_smb_traffic_analyzer_fns.
Copy the mode_t used in smb_traffic_analyzer_open to the corresponding
data structure.
Collect all data that is needed, and use only one talloc_asprintf
operation to create the string of common data. This simplifies
the code a bit and is most probably faster than the old method.
Also, #define SMBTA_COMMON_DATA_COUNT as a complete string,
speeding things up because we know the value at compile time.
static char *smb_traffic_analyzer_anonymize
This takes a lot of code out of the main functions,
and makes it a bit simpler. Do the anonymization in a function.
Since we already anonymized the username we don't need to do
this a second time in the v2 marshalling function.
smb_traffic_analyzer_encrypt - doing the encryption of a data block,
smb_traffic_analyzer_create_header - create the protocol header,
smb_traffic_analyzer_write_data - actually write the data to the
socket.
Always send the number of common data blocks first. This way, we
can make the protocol backwards compatible. A receiver running with
an older subprotocol can just ignore if a newer sender sends more
common data.
Add a few remarks to the marshalling function. Add two #define lines
defining the protocol subrelease number and the number of common
data blocks to the header file.
This program allows the administrator to enable or disable AES
encryption when using vfs_smb_traffic_analyzer. It also generates new
keys, stores them to a file, so that the file can be reused on another
client or server.
First try. This runs on 16 bytes long AES block size, and enlarges the
data block with 16 bytes, to make sure all bytes are in. The added
bytes are filled with '.'. It then creates a header featuring the new
length to be send, and finally sends the data block, then returns.
This code is untested, as creating the receiver will be my next step.
To simplify traffic_analyzer's code, this code should run as a function.
It's on the do-to-list.
Since we need to care for the SID too, do the anonymization in the
marshalling function and anonymize both the username and the SID.
Remove the 'A' status flag from the header definition. A listener
could see from the unencrypted header if the module is anonymizing
or not, which is certainly not wanted.
Since the header block of the protocol contains the number of bytes to
come, we always send the header itself unmodified.
If we compress or crypt the data we are about to send, the length of the
data to send may change. Therefore, we no longer create the header in
smb_traffic_analyzer_create_string, but shortly before we send the data.
For both cases, encryption and normal, we create our own header, and
send it before the actual data.
In case of protocol v1, we don't need to create an extra header.
Just send the data, and return from the function.
Change a debug message to say that the header for crypted data has
been created.
Add a status flags consisting of 6 bytes to the header. Their function
will be descriped in one of the next patches, which is descriping
the header in a longer comment.
When anonymization and/or encryption is used, set the flags accordingly.
