IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This interface actually needs to match the get_nt_acl interface in
that the system ACL implmenetation may not be posix ACLs, and the blob
is not meant to be enforced to be of a particular system ACL
structure.
Andrew Bartlett
This makes it clear which context the returned SD is allocated on, as
a number of callers do not want it on talloc_tos().
As the ACL transformation allocates and then no longer needs a great
deal of memory, a talloc_stackframe() call is used to contain the
memory that is not returned further up the stack.
Andrew Bartlett
This changes from allocation on NULL to allocation on the supplied
memory context.
Currently that supplied context is talloc_tos() at the the final consumer of
the ACL.
Andrew Bartlett
This will allow us to hash this, rather than the NT ACL it maps to.
This will in turn allow us to know if the NT ACL is valid even if we
have to change the mapping code.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Sep 12 07:06:01 CEST 2012 on sn-devel-104
We no longer do struct smb_acl_t manipuations via the VFS layer,
which is now reduced to handling the get/set functions.
The only backend that implemented these functions (aside from audit)
was the vfs_default module calling the sys_acl code. The various ACL
implementation modules either worked on the fully initilaised
smb_acl_t object or on NT ACLs.
This not only makes the operation of the posix ACL code more efficient
(as allocation and free is not put via the VFS), it makes it easier to
test and removes the fantasy that a module could safely redefine this
structure or the behaviour here.
The smb_acls.idl now defines the structure, and it is now allocated
with talloc.
These operations were originally added to the VFS in commit
3bb219161a.
Andrew Bartlett
- Supersedes previous patch.
- Added various fixes for fake mtime functionality.
- Now requires lp_cache_locked_write_times patch (bug 8912).
- Removed various xattr functions to comply with recent VFS changes.
- Changed SMB_STRUCT_DIR to DIR and SMB_STRUCT_DIRENT to struct dirent to comply with recent VFS changes.
- Added manpage.
- Added sample trigger_avid_update.py script.
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Tue Aug 7 15:16:39 CEST 2012 on sn-devel-104
These patches are in bind9 now, and we do not recomment using them any more
as the improved version in bind 9.8 is much less prone to failure.
Andrew Bartlett
remove outdated netscape ds 5 schema file and put a README there pointing to
the FDS schema file instead. This fixes bug #8869
Autobuild-User: Björn Jacke <bj@sernet.de>
Autobuild-Date: Thu Apr 19 15:54:56 CEST 2012 on sn-devel-104
Now that we always require a 64 bit off_t, we no longer need SMB_OFF_T.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Apr 6 01:47:43 CEST 2012 on sn-devel-104
This removes a dependency on "struct notify_entry" and makes the nature of the
API more explicit. We depend upon the VFS module to mask out elements from
e->filter and e->subdir_filter that it took over to handle.
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Mon Mar 26 17:45:44 CEST 2012 on sn-devel-104
Here we do not make any use of libreplace and hence it would be overkill
to include the right headers for Solaris.
This fixes bug: https://bugzilla.samba.org/show_bug.cgi?id=8767
Signed-off-by: Andrew Tridgell <tridge@samba.org>
There are now many better ways to access a remote SMB filesystem,
which do not rely on LD_PRELOAD and the associated dangers. FUSE,
gvfs and the CIFS VFS are all much better options which do not require
knowing every possible libc entry point that can deal with a file
descriptor.
As an example of the maintainence that would be required to keep this
going, recent changes to deal with thread races and close-on-exec have
resulted in dup3(), but this isn't currently mapped. While this would
not be hard to add, it illistrates why it is better to move to an
interface designed for this task.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Feb 9 01:58:24 CET 2012 on sn-devel-104
As far as I am aware, we do not actually build on any platforms that
require this. The last Stratos VOS release on
ftp://ftp.stratus.com/vos/samba/samba.html was 3.0.5
Andrew Bartlett
This fixes compilation issues on freebsd where system popt is installed
under /usr/local.
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Fri Jan 27 08:33:52 CET 2012 on sn-devel-104
With other builds in the include path, examples get the includes.h wrong
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Dec 13 23:40:37 CET 2011 on sn-devel-104
The host "samba-amd64" on the build farm running openbsd 4.8 broke.
Taking over the additional spellings of autoconf and autoheader from
the source3/autogen.sh script should fix it.
This should finally fix the AIX build and allow to remove AIX specific ifdefs.
Guenther
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Apr 21 02:01:20 CEST 2011 on sn-devel-104
This reverts commit 90b0f86d81.
this isn't that outdated at all. Got confused by the splitted oc/at files
Autobuild-User: Björn Jacke <bj@sernet.de>
Autobuild-Date: Tue Mar 1 23:43:51 CET 2011 on sn-devel-104
It can be irritating to create users named group00001, group00002, ... :-)
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Thu Dec 30 17:22:57 CET 2010 on sn-devel-104
It turns out we need the fallocate operations to be able to both
allocate and extend filesize, and to allocate and not extend
filesize, and posix_fallocate can only do the former. So by defining
the vfs op as posix_fallocate we lose the opportunity to use any
underlying syscalls (like Linux fallocate) that can do the latter
as well.
We don't currently use the non-extending filesize call, but now
I've changed the vfs op definition we can in the future. For the
moment simply map the fallocate op onto posix_fallocate for the
VFS_FALLOCATE_EXTEND_SIZE case and return ENOSYS for the
VFS_FALLOCATE_KEEP_SIZE case.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Dec 18 08:59:27 CET 2010 on sn-devel-104
module, change the signature of VFS_REALPATH to always return a
malloc'ed string.
Needed to make some privileges work I plan on doing shortly
easier to code.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Nov 20 02:15:50 CET 2010 on sn-devel-104
This matches the structure that new code is being written to,
and removes one more of the old-style named structures, and
the need to know that is is just an alias for struct dom_sid.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
Ensure we don't use any of the create_options for Samba private
use. Add a new parameter to the VFS_CREATE call (private_flags)
which is only used internally. Renumber NTCREATEX_OPTIONS_PRIVATE_DENY_DOS
and NTCREATEX_OPTIONS_PRIVATE_DENY_FCB to match the S4 code).
Rev. the VFS interface to version 28.
Jeremy.
this increases the sambapasswordhistory field length to 64 and
fixes a warning about a wrong booleanmatch setting
Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
This patch introduces two new temporary helper functions
vfs_stat_smb_fname and vfs_lstat_smb_fname. They basically allowed me
to call the new smb_filename version of stat, while avoiding plumbing
it through callers that are still too inconvenient. As the conversion
moves along, I will be able to remove callers of this, with the goal
being to remove all callers.
There was also a bug in create_synthetic_smb_fname_split (also a
temporary utility function) that caused it to incorrectly handle
filenames with ':'s in them when in posix mode. This is now fixed.
This corrects the issues reaised in bug #6129, and some others that were not
originally identified. It also accounts for some code that was in the original
bug report but appears to have since been made common between S3 and S4.
Thanks to Erik Hovland <erik@hovland.org> for the original bug report.
This was a little messy because of all of the vfs modules I had to
touch. Most of them were pretty straight forward, but the streams
modules required a little attention to handle smb_filename. Since the
use of smb_filename enables the vfs modules to access the raw,
over-the-wire stream, a little bit of the handling that was being done
by split_ntfs_stream_name has now been shifted into the individual
stream modules. It may be a little more code, but overall it gives
more flexibility to the streams modules, while also allowing correct
stream handling.
objectclasses are case insensitive. we used to convert only LDAP objects with
the typical UpperLower case for sambaAccount and sambaGroupMapping and ignored
any other case writings
The statvfs struct isn't guaranteed to be portable across operating
systems. Since libsmbclient isn't actually calling statvfs and just
using the statvfs struct to store similar information, this patch adds
a new portable smbc_statvfs struct. This fixes a few of the failures
in the build farm introduced by:
ae259575c4
Derrell, please check.
1) Add in smb_file_time struct to clarify code and make room for createtime.
2) Get and set create time from SMB messages.
3) Fixup existing VFS modules + examples Some OS'es allow for the
setting of the birthtime through kernel interfaces. This value is
generically used for Windows createtime, but is not settable in the
code today.
There were some function mismatches in the various GET_NT_ACL modules (some places the fsp parameter has not been removed).
Jeremy.
(This used to be commit 221cc5e21e)
Here is a patch to allow many subsystems to be re-initialized. The only
functional change I made was to remove the null context tracking, as the memory
allocated here is designed to be left for the complete lifetime of the program.
Freeing this early (when all smb contexts are destroyed) could crash other
users of talloc.
Jeremy.
(This used to be commit 8c630efd25)
Signed-off-by: Andreas Schneider <anschneider@suse.de>
Signed-off-by: Derrell Lipman <derrell.lipman@unwireduniverse.com>
(This used to be commit 84b1ea39a4)
smbsh.c is located in the examples directory. It does not make sense
to install a man page without installing the tool itself.
This fixes bug #4724.
Karolin
(This used to be commit 797ed744b1)
this can only be done via fset_nt_acl() using an open
file/directory handle. I'd like to do the same with
get_nt_acl() but am concerned about efficiency
problems with "hide unreadable/hide unwritable" when
doing a directory listing (this would mean opening
every file in the dir on list).
Moving closer to rationalizing the ACL model and
maybe moving the POSIX calls into a posix_acl VFS
module rather than having them as first class citizens
of the VFS.
Jeremy.
(This used to be commit f487f742cb)
- James suggested using gcc's "deprecated" attribute to mark the context
structure fields to generate warnings. This creates a scenario with the
best of all worlds. I'm able to move to an organization that more easily
allows future enhancements, while avoiding any mandatory changes by
applications. Thanks, James!
- Updated WHATSNEW.txt so that it accurately reflects the current state of
affairs.
Derrell
(This used to be commit a67f96fbe9)
- Ensured that all public functions have documentation in libsmbclient.h
- Reformatted for "proper" indentation
- Re-added temporarily-disabled alternate authentication function capability
Derrell
(This used to be commit 64b7150d92)
The libsmbclient interface has suffered from difficulty of improvement and
feature enrichment without causing ABI breakage. Although there were a number
of issues, the primary ones were:
(a) the user of the library would manually manipulate the context structure
members, meaning that nothing in the context structure could change other
than adding stuff at the end;
(b) there were three methods of setting options: setting bits in a flags field
within the context structure, setting explicit options variables within an
options structure in the context structure, and by calling the
smbc_option_set() function;
(c) the authentication callback did not traditionally provide enough
information to the callee which required adding an option for a callback
with a different signature, and now there are requests for even more
information at the callback, requiring yet a third signature and option to
set it (if we implement that feature).
This commit provides a reorganization of the code which fixes (a) and (b).
The context structure is now entirely opaque, and there are setter and getter
functions for manipulating it. This makes maintaining ABI consistency much,
much easier.
Additionally, the options setting/getting has been unified into a single
mechanism using smbc_option_set() and smbc_option_get().
Yet to be completed is a refactoring of the authentication callback (c).
The test programs in examples/libsmbclient have been modified (if necessary;
some applications require no changes at all) for the new API and a few have
been minimally tested.
Derrell
(This used to be commit d4b4bae8de)
testwrite: create or truncate a file and write to it.
teststat3: compare the results from smbc_stat() and smbc_fstat()
Derrell
(This used to be commit 5a4a7aec76)
As discussed with Volker, it is better to calculate FS capabilities at
connection time. We already do this with help of VFS statvfs() call
which allows to fill-in system-specific attributes including FS
capabilities. So just re-use it if you want to represent additional
capabilities in your modules. The only caution is that you need to
call underlying statvfs() call to actually get system-specific
capabilities (and other fields) added. Then add module-specific ones.
(This used to be commit e342ca0d93)
This makes sense as upper levels are only taking returned result of 0
(no error) into consideration when deciding whether to mark file
offline/online as returned from is_offline.
That means that we simply can move the decision down to VFS module and
clean up upper levels so that they always see only file status. If there
is an error when trying to identify file status, then VFS module could
decide what to return (offline or online) by itself -- after all, it
ought to have system-specific knowledge anyway.
(This used to be commit 75cc086614)
There's been a problem seen where open/read/close a number of times causes
open failures eventually. This program has been modified to create the
context once and then loop requesting file names to open/read/close.
This program also demonstrates the current error in cli_read() where it
returns an error instead of length 0 upon end of file.
Derrell
(This used to be commit 9d75ea577b)
When the capability of using full names for DOS attributes was added, a bug
was introduced which caused the wrong number of bytes to be returned. This
patch to smbc_listxattr_ctx() fixes the problem.
Thanks to Jack Schmidt for this patch.
Derrell
(This used to be commit 913c335d21)
to lists of groups (or aliases). Useful for creating large test
scenarios.
Michael
(cherry picked from commit b3e5082e10)
(This used to be commit 78a2344fe7)
This is done via rpc client. The main purpose is to
be able to fill a domain controller with a large number
of users / groups easily. A the object names are
built as <prefix><num> where number ranges from a given
start number counting up until a given number of objects
has been created.
In a next step, I will submit scripts to add (many) users to
a group and to add a user to (many) groups.
Michael
(cherry picked from commit 8b81fbb7d9)
(This used to be commit 79414f8bfa)
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3c)
This script is useful for migrating OpenLDAP schema files to FDS/RHDS
lidf schema files.
License kindly updated to GPLv3+ at our request.
Simo.
(This used to be commit ab7770b34b)
have the current and possibly the previous trust password
stored as clear text passwords. (Previous use of NTPassword
was a mistake - this is a hash value.)
Michael
(This used to be commit 0beae52ff4)
incremented too far in some circumstances. In these cases, only the first
of multiple concatenated strings would be seen.
- Working on bug 4649 pertaining to delete an ACL, this fixes the reported
crash. It appears to have been an incomplete switchover from malloc to
talloc, as the memory was still being freed with SAFE_FREE.
Deleting ACLs still doesn't work. Although a valid request is sent to the
server and a SUCCESS response is returned, the method that's used in
libsmbclient for deleting ACLs seems to be incorrect. In looking at the
samba4 torture tests, it appears that we should be turning on the INHERIT
flag if we want to delete the ACL. (I could use some assistance on the
proper flags to send, from anyone familiar with this stuff.)
- Apply patch from SATOH Fumiyasu to fix bug 4750. smbc_telldir_ctx() was not
returning a value useful to smbc_lseekdir_ctx().
Derrell
(This used to be commit 2ac502e29b)
This script allows for adding lists of users (or other objects)
to lists of groups (or aliases). Useful for creating large test
scenarios.
Michael
(This used to be commit b3e5082e10)
This is done via rpc client. The main purpose is to
be able to fill a domain controller with a large number
of users / groups easily. A the object names are
built as <prefix><num> where number ranges from a given
start number counting up until a given number of objects
has been created.
In a next step, I will submit scripts to add (many) users to
a group and to add a user to (many) groups.
Michael
(This used to be commit 8b81fbb7d9)
This is a slightly modified version to set warn_pwd_expire to the
default value if 0, no, or a broken value is set.
This version also has one if statement less in get_config_item_int().
Thanks a lot to Andreas 'GlaDiaC' Schneider for this feature!
(This used to be commit d26914c978)
return to correctly return NT_STATUS_INVALID_OWNER if it
should be disallowed. Matches better what W2K3R3 does.
NFSv4 ACL module owners, please examine these changes.
Jeremy.
(This used to be commit fc6899a550)
attempts to set attributes to fail.
- I also noticed that missing attributes were setting an invalid return string
by getxattr(), e.g. if there was not group, the return string had "GROUP:;"
instead of excluding the GROUP attribute entirely as it should. The big
problem with the way it was, is that the string could not then be passed to
setxattr() and parsed.
(This used to be commit 7213b5ebec)
for utimes - change the call to ntimes. This preserves
nsec timestamps we get from stat (if the system supports
it) and only maps back down to usec or sec resolution
on time set. Looks bigger than it is as I had to move
lots of internal code from using time_t and struct utimebuf
to struct timespec.
Jeremy.
(This used to be commit 8f3d530c5a)
* chase referrals
* use paged search control
when using the LDAP change notify control for monitoring changes.
Guenther
(This used to be commit d6849a83c0)
NetApp filers expect paths in Open AndX Request to have a leading slash.
Windows clients send the leading slash, so we should too.
(This used to be commit fc5b6e4bd8)
Jeremy: requires your eyes...
If the remote connection timed out while cli_list() was retrieving its list of
files, the error was not returned to the user, e.g. via smbc_opendir(), so the
user didn't have a way to know to set the timeout longer and try again. This
problem would occur when a very large directory is being read with a too-small
timeout on the cli.
Jeremy, although there were a couple of areas that needed to be handled, I
needed to make one change that you should bless, in libsmb/clientgen.c. It
was setting
cli->smb_rw_error = smb_read_error;
but smb_read_error is zero, so this had no effect. I'm now doing
cli->smb_rw_error = READ_TIMEOUT;
instead, and according to the OP, these (cumulative) changes (in a slightly
different form) solve the problem.
Please confirm this smb_rw_error change will have no other adverse effects
that you can see.
Derrell
(This used to be commit fa664b24b8)
This completes the work Jeremy began last week, disambiguating the meaning of
c_time. (In POSIX terminology, c_time means "status Change time", not "create
time".) All uses of c_time, a_time and m_time have now been replaced with
change_time, access_time, and write_time, and when creation time is intended,
create_time is used.
Additionally, the capability of setting and retrieving the create time have
been added to the smbc_setxattr() and smbc_getxattr() functions. An example
of setting all four times can be seen with the program
examples/libsmbclient/testacl
with the following command line similar to:
testacl -f -S "system.*:CREATE_TIME:1000000000,ACCESS_TIME:1000000060,WRITE_TIME:1000000120,CHANGE_TIME:1000000180" 'smb://server/share/testfile.txt'
The -f option turns on the new mode which uses full time names in the
attribute specification (e.g. ACCESS_TIME vs A_TIME).
(This used to be commit 8e119b64f1)
code is wrong or bad or anything, just that it
needs to be discussed & reviewed on the samba-technical
list before we add a platform-specific NFSv4 mapping.
That way lies a lot of future pain :-).
Jeremy.
(This used to be commit 330899ec30)