IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13125
The glfs.h header file has always resided under glusterfs/api/ in the
standard include directory. The glusterfs-api.pc file adds the unneeded
-I${includedir}/glusterfs compiler option. This option will be removed
from future versions of the pkg-config file.
This change can safely be backported to older versions if there is a
need to have them build against glusterfs-3.13 or newer.
URL: https://review.gluster.org/18576
CC: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Nov 9 22:37:30 CET 2017 on sn-devel-144
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
Autobuild-User(master): Jim McDonough <jmcd@samba.org>
Autobuild-Date(master): Thu Nov 9 01:49:06 CET 2017 on sn-devel-144
Add a NFS4 ACL backend that stores the ACL blob in an XDR encoded xattr,
by default in "security.nfs4acl_xdr".
This backend is enabled by setting "nfs4acl_xattr:encoding = xdr" in a
share definition.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This allows take-ownership to work if the user has SEC_STD_WRITE_OWNER.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The vfs_nfs4acl_xattr VFS module is supposed to work the same as
vfs_acl_xattr|tdb with "ignore system acls" set to true. That is,
filesystem permissions should never restrict access and the actual
access checks are done by smbd in userspace.
To better cope with POSIX mode changes via other protocols (eg NFS) or
local filesystem access, add the following tweaks:
o validate ACL blob: if POSIX mode is not 0777/0666 discard the ACL blob
from the xattr and synthesize a default ACL based on the POSIX mode
o when setting an ACL, check and reset POSIX mode to 0777/0666
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This ensures we can always fetch the ACL xattr blob when we wanted,
unrestricted of filesystem permissions or Linux xattr security namespace
restrictions.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Only tests with "nfs4:mode = simple" as mode special is supposed to be
broken anyway and simple is recommended.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This is the current default, just make it explicit. A subsequent commit
will bump the default to 4.1.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This is in preperation of modularizing the storage backend. Currently we
store the NFS4 ACL as an IDL/NDR encoded blob in a xattr.
Later commits will add a different backend storing the NFS4 ACL as an
XDR encoded blob in a xattr.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
We only open the underlying file if the open access mode contains
FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Refactor the code in preperation of factoring out ACL blob to smb4acl
and vice versa mapping functions.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
README.Coding adjustments, DEBUG macro modernisation, variable name
sanitizing. No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This changes the way ACL inheritance is achieved in this
module.
Previously the module recursed to the next parent directory until the
share root was reached or a directory with an ACL xattr. If the share
root didn't contain an ACL xattr either a default ACL would be used.
This commit removed this recursive scanning and replaces it with the
same mechanism used by vfs_acl_xattr: by setting "inherit acls = yes"
just let smbd do the heavy lefting and inheritance.
For any file without ACL xattr we still synthesize a default ACL,
leveraging the existing default ACL function used by vfs_acl_xattr.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
No change in behaviour, all option defaults are set to the original
behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Move interesting functions to the top of the vfs_fn_pointers struct, no
change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This synthesizes an ACL with a single ACE with full permissions for
everyone. Not used for now, this comes later.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This will be used by another VFS module in a subsequent commit.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This is in preperation of moving make_default_filesystem_acl() and
making it globally accessible. No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Both dptr_create() and can_delete_directory_fsp() are calling OpenDir_fsp()
to get a directory handle. This causes an issue when delete-on-close is
set after smb2_find because both directory handle instances share the same
underlying file descriptor. In addition the SMB_ASSERT() in destructor
smb_Dir_destructor() gets triggered.
To avoid this use OpenDir() instead of OpenDir_fsp().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13118
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Nov 3 19:05:05 CET 2017 on sn-devel-144
Bug: https://bugzilla.samba.org/show_bug.cgi?id=6133
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Nov 2 03:16:11 CET 2017 on sn-devel-144
The reality is a bit more complex than this comment indicates. We should never
suggest anywhere that we can connect to domains that we don't have a direct
trust account to. For the member case, it's "our" domain, and for the DC case,
it's the direct trusts. Everything else is pure luck.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Oct 28 00:31:58 CEST 2017 on sn-devel-144
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13101
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 27 04:54:22 CEST 2017 on sn-devel-144
Otherwise the magic member is not initialized.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13101
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Oct 26 17:31:40 CEST 2017 on sn-devel-144
Found by cppcheck.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13100
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 26 09:34:40 CEST 2017 on sn-devel-144
Samba always allowed this anyway, but it's a good place
to ensure we don't regress.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13093
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 24 23:32:58 CEST 2017 on sn-devel-144
This allows names containing .. components to be resolved on the client side
before being sent to the server. Relative names work in SMB1 but not in SMB2.
Fix both client.c and clitar.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13093
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Correctly canonicalizes a remote pathname removing '..'
elements before sending to a remote server. '..' elements
work in SMB1 pathnames, but not in SMB2.
Not yet used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13093
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
The comment was a bit confusing to me, it took a few seconds too many to figure
out *why* setting NULL is not required. Remove it :-)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Oct 21 18:08:46 CEST 2017 on sn-devel-144
Now that we have the nice smbd_smb2_create_after_exec() and
smbd_smb2_create_finish() functions, use early returns for the create
replay and durable handle reconnect case.
No change in behaviour, best viewed with
$ git show -w COMMIT
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
No change in behaviour, best viewed with:
$ git show --diff-algorithm=histogram COMMIT
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This allows factoring out smbd_smb2_create_after|before_exec() in the
next steps.
Moving all variable in one big fell swoop instead of one per commit,
because if I'd miss to adjust a variable access the commit wouldn't
compile.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
