IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13204
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 10 21:08:14 CEST 2018 on sn-devel-144
The current implementation of `rmdir` hopes to get the directory deleted
on closing last open handle when FILE_DELETE_ON_CLOSE is set on it. But
for non-empty directories Windows doesn't error out during an open call.
Following that we internally refuse to set initial delete_on_close while
opening a non-empty directory. This prevents us from trying to delete
the directory when last open handle is closed.
Instead of relying on FILE_DELETE_ON_CLOSE during an open we explicitly
set delete_on_close token on directory handle once it is available. This
ensures that NT_STATUS_DIRECTORY_NOT_EMPTY is returned for `rmdir` on
non-empty directories while closing open directory handle.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13204
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13563
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 10 02:43:33 CEST 2018 on sn-devel-144
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Aug 8 23:10:22 CEST 2018 on sn-devel-144
ndr_size_dom_sid returns a size_t, so that can't be <0. Also, the only
case that ndr_size_dom_sid returns 0 is a NULL sid
pointer. ndr_size_dom_sid can reasonably be assumed to not overflow, the
number of sub-auths is a uint8. That times 4 plus 8 always fits into a
size_t.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The eventlogadm binary needs write access to the registry which, by
default, is only possible as root.
https://bugzilla.samba.org/show_bug.cgi?id=13561
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 7 01:49:34 CEST 2018 on sn-devel-144
Usually you need to be root on a linux server to modify quotas. Even
with a linux server joined to a windows AD you could always log in as
local root with smbcquotas. However in recent builds this has changed.
This patch fixes this
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13553
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Jul 31 19:45:59 CEST 2018 on sn-devel-144
Currently it appears you need to be root to set quotas, for test purposes
this requirement needs to be relaxed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13553
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
calling SMB_VFS_STAT on the quota fake file fails and caused
FS_INFO/FileFsControlInfo request to error out early, in turn stopped a
Win8.1 client from proceeding with quota queries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13553
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Calling parse_user_quota_list with a NULL buffer can cause a panic, while
this shouldn't happen, I managed to trigger this with an early implementation
of SMB2 quota support in smbd which didn't pass back NT_STATUS_NO_MORE_ENTRIES
when handling a SMB2_0_INFO_QUOTA GETINFO message.
OTHOH the Windows client handled the same situation gracefully.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13553
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
'return req' should do the same as 'return true' for a bool function,
it's implicitly expanded as 'return (req!=NULL)?true:false.
There's no point in that as 'req' is always a valid pointer.
This was most likely just a copy and paste bug.
So we make this explicit now and avoid that Coverity reports this:
CID 1438158: Null pointer dereferences (REVERSE_INULL)
Null-checking "req" suggests that it may be null, but it has already
been dereferenced on all paths leading to the check.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Jul 31 14:20:49 CEST 2018 on sn-devel-144
lock_ref_count will always hold the old value prior to change. Thus it
would mean that if lock_ref_count is 0 the new value is already -1 which
is not expected here. Therefore it is better to make sure that it is
always greater than 0 rather than >= 0.
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 31 04:23:47 CEST 2018 on sn-devel-144
Add the ability to leave the domain with --keep-account argument to avoid
removal of the host machine account.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13498
Signed-off-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
This runs the smbtorture3 SMB2-BASIC and smb2.compound_find tests against shares
with "smbd:async dosmode" enabled.
On the vfs_aio_pthread_async_dosmode_force_sync* shares we
force a sync threadpool which ensures we test behaviour on systems that
don't support unshare(CLONE_FS) and also don't support
per-thread-credentials. This simulates the code path of non linux
systems. And makes sure that we don't regress there.
We also test with xattr_tdb and without.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Jul 27 16:04:02 CEST 2018 on sn-devel-144
Finally: use the new dos_mode_at_send() in the directory enumeration
loop. This means that fetching the DOS attributes for directory entries
is done asynchronously with regard to the enumeration loop.
As the DOS attribute is typically read from an extended attribute in the
filesytem, this avoids sequentially blocking on IO. If the IO subsystem
is slow servicing these request, enabling async processing can result in
performance improvements.
A parametric option
smbd:async dosmode = true | false (default: false)
can be used to enable the new async processing.
Simulating slow IO with usleep(5000) in the synchronous and asynchronous
versions of SMB_VFS_GET_DOS_ATTRIBUTES(), the results of enumerating a
directory with 10,000 files are:
smbd:async dosmode = no:
$ time bin/smbclient -U slow%x //localhost/test -c "ls dir\*" > /dev/null
real 0m59.597s
user 0m0.024s
sys 0m0.012s
smbd:async dosmode = yes:
$ time bin/smbclient -U slow%x //localhost/test -c "ls dir\*" > /dev/null
real 0m0.698s
user 0m0.038s
sys 0m0.025s
Performance gains in real world workloads depends on whether the actual
IO requests can be merged and parallelized by the kernel. Without such
wins at the IO layer, the async processing may even be slower then the
sync processing due to the additional overhead.
The following parameters can be used to adapt async processing behaviour
for specific workloads and systems:
aio max threads = X (default: 100)
smbd:max async dosmode = Y (default: "aio max threads" * 2)
By default we have at most twice the number of async requests in flight
as threads provided by the underlying threadpool. This ensures a worker
thread that finishes a job can directly pick up a new one without going
to sleep.
It may be advisable to reduce the number of threads to avoid scheduling
overhead while also increasing "smbd:max async dosmode".
Note that we disable async processing for certain VFS modules in the VFS
connect function to avoid the overhead of triggering the sync fallback
in dos_mode_at_send(). This is done for VFS modules that implement the
sync SMB_VFS_GET_DOS_ATTRIBUTES(), but not the async version (gpfs), and
for VFS modules that don't share a real filesystem where fchdir() can be
used (ceph, gluster). It is disabled for catia, because we realized that
the catia name translation macros used on
fsps (CATIA_FETCH_FSP_[PRE|POST]_NEXT) have a bug (#13547).
We use threadpool = smb_vfs_ev_glue_tp_chdir_safe() and then
pthreadpool_tevent_max_threads(threadpool) to get the number of maximum
worker threads which matches the pool used by the low level
SMB_VFS_GETXATTRAT_[SEND|RECV] implementation in vfs_default.
This is a terrible abstraction leak that should be removed in the future
by maybe making it possible to ask a VFS function which threadpool it
uses, internally suporting chaining so VFS function FOO that internally
uses BAR can forward the question to BAR.
On a hyphotetical system that had a getxattrat(dirfd, path, ...)
syscall and at the same time doesn't support per-thread current working
directories (eg FreeBSD doesn't have the latter) but has support for
per-thread-credentials, pthreadpool_tevent_max_threads() on the
tp_chdir_safe threadpool returns 1.
So when hooking the hyphotetical getxattrat() into the async
SMB_VFS_GETXATTRAT_[SEND|RECV] implementation in an VFS module, the
implementation could use the tp_path_safe threadpool, but the SMB2
layer would use the wrong threadpool in the call to
pthreadpool_tevent_max_threads(), resulting in no parallelism.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This paves the way for adding async functions into the enumeration loop.
Best viewed with: git show -w
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
The next commit will add code that must be run if status is NT_STATUS_OK
or STATUS_MORE_ENTRIES.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This finally uses "get_dosmode" as passed in from the SMB2 layer, but
all callers still pass true, so no change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
We apply some post processing to the dosmode returned from the VFS
function. Move this to a seperate function which will be reused in the
next commit in the async dos_mode_send/recv post processing.
Best viewed with: git show --histogram
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
In preperation of adding an async version of get_ea_dos_attribute() that
will then call parse_dos_attribute_blob() too.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
smbstatus was the only user, and this could be solved by adapting
share_entry_forall.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jul 27 01:42:31 CEST 2018 on sn-devel-144
Quite a bit of the contents have been passed explicitly anyway.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
exit_server_common() can be called also in smbd processes without a
smbXsrv_client structure, e.g. the parent or some background tasks.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jul 26 01:29:38 CEST 2018 on sn-devel-144
This provides helper functions, which can be used by other modules,
if they don't implement a specific function.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Or the root glue in case we're already root.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
This will be used to in order to pass down the
impersonation magic from the SMB layer through
the SMB_VFS layer.
This includes the following options:
smbd:force sync user path safe threadpool
smbd:force sync user chdir safe threadpool
smbd:force sync root path safe threadpool
smbd:force sync root chdir safe threadpool
They can be used in order to test the non linux code
path on linux, once we get code that makes full use
of the new infrastructure.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
This adds VFS helper functions and that work on a struct smb_vfs_ev_glue
object which bundles two event contexts and a few threadpools.
This will be used to streamline the use of impersonating wrappers
in the SMB_VFS.
Notice the verbose comments in source3/smbd/vfs.c.
This will allow us to introduce path based async operations
to the SMB_VFS layer.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
This just simulates a threadpool, but executes the
job functions inline (blocking) in the main thread.
This will be used to work arround some OS limitations,
e.g. if per thread credentials or per thread working directory
are not supported.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This should in future not be used directly, we'll provide
wrapper pools, which will provide impersonation for
path based async calls.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
For multi channel connections we should increment the disconnect count
also if we're not closing the last channel.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This means the pending requests are destroyed before tevent_context
impersonation wrapper are destroyed.
Otherwise, with a pending struct tevent_req that is a child of
client->xconn like this in exit_server_common():
conn[ipv4:127.0.0.11:40745] reason[NT_STATUS_CONNECTION_RESET] at ../source3/smbd/smb2_server.c:4015
full talloc report on 'struct smbXsrv_connection' (total 6085 bytes in 43 blocks)
struct smbd_smb2_request contains 648 bytes in 1 blocks (ref 0) 0x55ed41634740
struct smbd_smb2_request contains 3438 bytes in 32 blocks (ref 0) 0x55ed416331e0
struct tevent_req contains 1824 bytes in 20 blocks (ref 0) 0x55ed41635860
struct smb_filename contains 206 bytes in 2 blocks (ref 0) 0x55ed41635560
lease_v2_complex2.dat contains 22 bytes in 1 blocks (ref 0) 0x55ed4161b950
struct smbd_smb2_create_state contains 1386 bytes in 16 blocks (ref 0) 0x55ed41635a10
struct deferred_open_record contains 804 bytes in 12 blocks (ref 0) 0x55ed41633090
struct defer_open_state contains 764 bytes in 11 blocks (ref 0) 0x55ed41634f10
struct tevent_req contains 748 bytes in 10 blocks (ref 0) 0x55ed41636390
struct tevent_timer contains 96 bytes in 1 blocks (ref 0) 0x55ed41636ad0
struct dbwrap_watched_watch_state contains 420 bytes in 7 blocks (ref 0) 0x55ed41636540
struct tevent_req contains 296 bytes in 5 blocks (ref 0) 0x55ed41636700
struct messaging_filtered_read_state contains 64 bytes in 3 blocks (ref 0) 0x55ed416368b0
struct messaging_dgm_fde contains 8 bytes in 2 blocks (ref 0) 0x55ed41636950
reference to: struct messaging_dgm_fde_ev
we crash when freeing the xconn as the the tevent_req child has a
cleanup function that tries to access a (wrapped) tevent context that
was already destroyed via smb1srv_tcon_disconnect_all() for SMB1 or
smbXsrv_session_logoff_all() for SMB2 a few lines above.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul 25 03:23:44 CEST 2018 on sn-devel-144
If there's no record in the xattr.tdb, dbwrap_fetch() will return
NT_STATUS_NOT_FOUND. That should not result in an error in callers of
xattr_tdb_load_attrs().
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Many callers use "-1" as the "len" argument. That's what ssize_t is for.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Calling set_thread_credentials() with the same values,
skips syscalls the 2nd time.
We only do this if '__thread' is supported to provide
thread local storage.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Jul 24 20:35:17 CEST 2018 on sn-devel-144
The define reflects the results of a feature test, not a configure
option.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Note we still need some kind of runtime detection as
it can fail in some constraint container setups, which
reject the whole unshare() syscall instead of just the
once used for container features.
In case unshare(CLONE_FS) works, we can have a per thread
current working directory and use [f]chdir() safely in
worker threads.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
For SMB2 the socket is set non-blocking. Ensure sendfile()
calls complete if they return EAGAIN by saving the socket state,
setting it blocking, doing the sendfile until completion and then
restoring the socket state.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13537
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jul 20 15:14:24 CEST 2018 on sn-devel-144
For SMB2 the socket is set non-blocking. Ensure sendfile()
calls complete if they return EAGAIN by saving the socket state,
setting it blocking, doing the sendfile until completion and then
restoring the socket state.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13537
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
For SMB2 the socket is set non-blocking. Ensure sendfile()
calls complete if they return EAGAIN by saving the socket state,
setting it blocking, doing the sendfile until completion and then
restoring the socket state.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13537
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
For SMB2 the socket is set non-blocking. Ensure sendfile()
calls complete if they return EAGAIN by saving the socket state,
setting it blocking, doing the sendfile until completion and then
restoring the socket state.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13537
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
For SMB2 the socket is set non-blocking. Ensure sendfile()
calls complete if they return EAGAIN by saving the socket state,
setting it blocking, doing the sendfile until completion and then
restoring the socket state.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13537
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Currently determined twice in the clear-if-first codepath and once in
the ctdb code path. Do it once at the top of the function.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Jul 16 21:11:30 CEST 2018 on sn-devel-144
Guenther
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13529
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Jul 14 03:09:00 CEST 2018 on sn-devel-144
The test writes 20M and then splices just over 1M (13M is intended,
but there's a 1024*0124 typo). Fix the type and reduce the size of the
dataset to make it run faster - cli_splice works with 1M chunks
(SPLICE_BLOCK_SIZE), and the reproducer only requires that the splice
size is not chunk-aligned.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jul 14 00:14:13 CEST 2018 on sn-devel-144
We were always asking for SPLICE_BLOCK_SIZE even when the
remaining bytes we wanted were smaller than that. This works
when using cli_splice() on a complete file, as the cli_read()
terminated the read at the right place. We always have the
space to read SPLICE_BLOCK_SIZE bytes so this isn't an overflow.
Found by Bailey Berro <baileyberro@google.com>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13527
Signed-off-by: Bailey Berro <baileyberro@google.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Fri Jul 13 14:57:14 CEST 2018 on sn-devel-144
Currently 0 also means unlimited, but that will change soon,
to force no thread and strict sync processing.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This is handled by using the root_ev_ctx in order to register
the timer event.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This is handled by using the root_ev_ctx in order to register
the signal event.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This makes sure we're doing the correct impersonation for async
requests, which is a requirement to start adding path based
async SMB_VFS calls.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
For now they just add debugging, but that will change shortly.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
As a start these are just wrappers arround
smbd_impersonate_debug_create(), without any real impersonation.
But this will change shortly.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This will be used to implement no-op impersonation
for the create_conn_struct_as_root() case were we
don't really have other unrelated events in the loop
and only need a valid tevent wrapper context to avoid
double free on the raw event context on teardown.
This also adds useful debugging instead of being
a full no-op wrapper.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
If session info was passed down from upstream, then try to use it to get
security token, other then creating token every time.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13521
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
When a session_info passed down to here, the unix_info could be NULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13521
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Add session_info arg as optional and pass it down to get_conn_tos.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13521
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Add session_info arg, so caller can pass it in to reuse authentication info
later. This will improve performance a lot while doing ntacl operations
on large amount of files, e.g.: sysvolreset.
Modification for upstream caller will come in following patches.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13521
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Add parameter dns_zone_scavenging to control dns zone scavenging.
Scavenging is disabled by default, as due to
https://bugzilla.samba.org/show_bug.cgi?id=12451 the ageing properties of
existing DNS entries are incorrect.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
As it gets 'messaging_context' as argument, we're sure a messaging context
with a raw tevent context already exist.
It means we can allow a wrapper tevent context that wrapps the main tevent
context of the messaging context.
The use of tevent_req_defer_callback() makes sure that the callers
callback function calls messaging_filtered_read_recv() from the
correct "wrapped" environment.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This is only allowed if the raw tevent context is already registered.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This is only allowed if the raw tevent context is already registered.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This makes a lot of assumtion easier to understand and the introduction
of wrapper tevent contexts will not change the existing behaviour.
We'll relax this a bit in the next commits.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Having a central tevent_req per winbind child request is prerequisite
for request profiling
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
nss_info does not use libads. Removing this include
fixes a compile error when trying to compile with a
system provided heimdal library:
[2188/3043] Compiling source3/winbindd/nss_info.c
In file included from ../source3/libads/kerberos_proto.h:33:0,
from ../source3/include/ads.h:154,
from ../source3/winbindd/nss_info.c:24:
../lib/replace/system/kerberos.h:33:10: fatal error: krb5.h: No such file or directory
#include <krb5.h>
^~~~~~~~
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Wed Jul 11 22:39:36 CEST 2018 on sn-devel-144
Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Wed Jul 11 08:44:10 CEST 2018 on sn-devel-144
Signed-off-by: Pooja Mahadik <pooja.mahadik@veritas.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Jul 11 02:22:18 CEST 2018 on sn-devel-144
Fix path escaping in Spotlight so paths with spaces or special
characters can be properly matched to tracker paths.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12688
Based-on-a-patch-from: Mike M Pestorich <mmpestorich@gmail.com>
(similar to github.com/netatalk/netatalk/commit/90aa43d)
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 10 23:17:20 CEST 2018 on sn-devel-144
The interaction between msg_dgm_ref_recv() and msg_dgm_ref_destructor()
doesn't allow two references from messaging_dgm_ref() to be free'd
during the loop in msg_dgm_ref_recv().
In addition to the global 'refs' list, we also need to
have a global 'next_ref' pointer, which can be adjusted in
msg_dgm_ref_destructor().
As AD DC we hit this when using irpc in auth_winbind,
which uses imessaging_client_init().
In addition to the main messaging_dgm_ref() in smbd,
source3/auth/auth_samba4.c: prepare_gensec() and
make_auth4_context_s4() also generate a temporary
imessaging_context for auth_context->msg_ctx from within
auth_generic_prepare().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13514
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This reverts commit c53646bccd.
As mentioned by Andrew, we shouldn't break environments where
"force group" has been configured to use substituted variables.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 10 00:12:19 CEST 2018 on sn-devel-144
This reverts commit c58194e3d2.
As mentioned by Andrew, we shouldn't break environments where
"force user" has been configured to use substituted variables.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
On a cluster filesystem the device numbers may differ on the cluster
nodes. We already verify the file_id in vfs_default_durable_reconnect(),
so we can safely remove the dev/inode checks.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13318
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
As the comment above the if condition says:
/*
* If we are in case insentive mode, we don't need to
* store names that need no translation - else, it
* would be a waste.
*/
Ie if stat_cache_add() is called as
stat_cache_add("foo/bar", "foo/bar", false)
There's no need to cache the path, as a simple stat() on the client
supplied name (full_orig_name) matches the name used in the
filesystem (passed to stat_cache_add() as translated_path).
So fix the if condition to match the comment.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Instead, match vfs_gluster behaviour and require that users explicitly
disable "kernel share modes".
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13506
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
set_conn_force_user_group() and change_to_user_internal() leak onto
the callers' talloc stackframe. Drop the unnecessary heap allocations.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The majority of these lp_servicename(talloc_tos(), ...) callers leak
onto the talloc stackframe. Drop the unnecessary heap allocations.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The majority of these lp_servicename(talloc_tos(), ...) callers leak
onto the talloc stackframe. Drop the unnecessary heap allocations.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13436
Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13503
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Jul 4 23:55:56 CEST 2018 on sn-devel-144
On a Windows client, you designate machine/user
apply with a 'target' parameter. This change
makes gpupdate work more like that command.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul 4 13:23:09 CEST 2018 on sn-devel-144
On a Windows client, this command is called 'gpupdate'
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Probably a copy/paste mistake. Detected by a failing autobuild on
sn-devel and a local make test:
Build failed: default/examples/libsmbclient/testbrowse2: Symbol
tevent_req_is_unix_error linked in multiple libraries
['samba-cluster-support', 'tevent-util']
UNEXPECTED(failure): wafsamba.duplicate_symbols.duplicate_symbols(none)
Wonder why this didn't fail before in autobuild.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Jul 4 01:19:50 CEST 2018 on sn-devel-144
Add create_file function to smbd API.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Extract initialization code from set_nt_acl_conn for reuse.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Add mkdir for smbd API.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13485
Signed-off-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Björn Baumbach <bb@sernet.de>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jun 26 20:29:19 CEST 2018 on sn-devel-144
Add quiet command-line argument to allow suppressing the help log
message printed automatically after establishing a smbclient connection
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13485
Signed-off-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Björn Baumbach <bb@sernet.de>
This is not a general purpose profiling solution, but these JSON logs are already being
generated and stored, so this is worth adding.
Some administrators are very keen to know how long authentication
takes, particularly due to long replication transactions in other
processes.
This complements a similar patch set to log the transaction duration.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
../source3/utils/smbget.c: In function ‘smb_download_file’:
../source3/utils/smbget.c:97:27: error: ‘b’ directive output may be truncated writing 1 byte into a region of size between 0 and 19 [-Werror=format-truncation=]
snprintf(buffer, l, "%jdb", (intmax_t)s);
^
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
../source3/registry/reg_perfcount.c: In function ‘reg_perfcount_get_hkpd’:
../source3/registry/reg_perfcount.c:337:29: error: ‘snprintf’ output may be truncated before the last format character [-Werror=format-truncation=]
snprintf(buf, buflen,"%d%s", key_part1, key_part2);
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
In case of a failing call to copy_netr_SamInfo3, the allocated memory
for "validation" needs to be free'd before returning.
Signed-off-by: Swen Schillig <swen@vnet.ibm.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 20 21:05:40 CEST 2018 on sn-devel-144
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jun 19 11:43:16 CEST 2018 on sn-devel-144
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Jun 18 11:46:36 CEST 2018 on sn-devel-144
In future this will an impersonation wrapper tevent_context based on the
user session.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This will be filled with an impersonation wrapper in the next commits.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
They already call change_to_root_user(), which can be removed
later.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This already calls change_to_root_user(), which can be removed
later.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
For now these are just the same as smbd_server_connection->ev_ctx,
but this will change in future and we'll use impersonation wrappers.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This will replace smbd_server_connection->ev_ctx in the next commits.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
smbd_smb2_request_dispatch() will redo the impersonation anyway,
so we don't use req->ev_ctx.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
There's no need to use req->ev_ctx here just to do some network io.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This is the same pointer and we don't have a lot of callers,
so we can just use one pointer.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This is the same pointer and we don't have a lot of callers,
so we can just use one pointer.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
That makes it clearer that no tevent_context wrapper is used here
and the related code should really run without any (active) impersonation
as before.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
These get filled with impersonation wrappers in the following commits.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
We can use become_user_by_fsp()/unbecome_user() as it spans only parts of
the btrfs_offload_write_send() function and never goes async in between.
This may matter if at least one share uses "force user".
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This can be used if a request operates on two fsp's,
e.g. the offload_write_send/recv code.
This is important if (at least) one of
the shares uses "force user".
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This can be a local variable as used in most of our tevent_req based
code.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This matches our naming conventions used for tevent_req based functions.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
These are the two opcodes with DO_CHDIR, we don't want the
set_current_case_sensitive() logic for them,
so we don't need the full set_current_service() anymore.
The AS_USER case is already handled before, set_current_case_sensitive()
is called directly before change_to_user(), which already
calls chdir_current_service().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
change_to_user() should be the one and only function for the whole
impersonation processing. So we also need to stack the
chdir_current_service() behaviour for become_user/unbecome_user,
so we may need to call vfs_ChDir(ctx_p->conn, ctx_p->conn->cwd_fname);
in pop_conn_ctx().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
The change_to_user() above already called chdir_current_service().
And for smb2 we don't have per packet conn->case_sensitive anyway.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
The change_to_user() above already called chdir_current_service().
And for smb2 we don't have per packet conn->case_sensitive anyway.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
There's no need to worry about conn->case_sensitive here.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This avoids using set_current_service(), which will be removed shortly.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
We should only TALLOC_FREE(old_cwd) at the successful end.
This also avoids calling cp_smb_filename() on the old value.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
change_to_user() will soon call chdir_current_service() and we should
make sure conn->case_sensitive is prepared before calling vfs_ChDir().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
change_to_user() should be the one and only function for the whole
impersonation processing. So we also need to stack the
set_current_user_info() information for become_user/unbecome_user.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Note that (current_user.vuid == vuid) also works with
UID_FIELD_INVALID.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
We should finish manipulating ent->session_info before filling
conn->session_info. And conn->session_info should be not be changed.
Use git show -U15.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
I guess we better setup conn->case_sensitive before doing the
vfs_ChDir() calls, so we have a consistent result everytime.
Otherwise vfs_Chdir() would get conn->case_sensitive from
last request.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
We'll soon use them independend from set_current_service().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Currently we do that in the caller, but we use global
cache anyway, so we can simplify the callers.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>