IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Test if the server blocks whilst waiting on a kernel lease held by
a non-smbd process.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13121
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Nov 11 20:12:26 CET 2017 on sn-devel-144
If a O_NONBLOCK open fails with EWOULDBLOCK, this code changes smbd to
do a retry open every second, until either the timeout or we get a successful
open. If we're opening a file that has a kernel lease set by a non-smbd
process, this is the best we can do.
Prior to this, smbd would block on the second open on such a leased file
(not using O_NONBLOCK) which freezes active clients.
Regression test to follow.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13121
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
It does this if we send a session ID of zero. The server still replied.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13007
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Nov 11 08:44:37 CET 2017 on sn-devel-144
init_search_op is about to be removed from the VFS in
a following commit. In the meantime, removing it poses
no issue because he underlying impementation is a no-op.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This VFS function is about to be removed in a following commit.
In the meantime, not handling it by vfs_media_harmony poses no
issue because the underlying implenentation is a no-op.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This VFS function is about to be removed. It can be
removed by a separate commit because both the glusterfs
and the default implementations are no-ops.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
dptr_init_search_op() invokes VFS operations which are no-op in all
in-tree VFS modules. Furthermore, it's not being called by the SMB2
search code, so probably it's not being used by any out-of-tree VFS
module either.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
dptr_init_search_op() invokes a VFS operation which is
a no-op in all in-tree VFS modules. Furthermore,
dptr_init_search_op() is not being called from SMB2 search
code, which hints that no out-of-tree VFS module needs it.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Triggered by https://bugzilla.samba.org/show_bug.cgi?id=13128 I think
this module should go. Once Linux aio will do what Samba needs, this
might be worth another look.
What we should instead do soon is support Linux preadv2 and the
RWF_NOWAIT flag to avoid the thread context switch whenever possible.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
We can't rely on tctx to exist after we unlocked the mutex. It took a
while, but this does lead to data corruption. If *tctx is replaced with
something where tctx->wakeup_fd points to a real, existing file
descriptor, we're screwed. And by screwed, this means file corruption
on disk.
Again. I am not tall enough for this business.
http://bholley.net/blog/2015/must-be-this-tall-to-write-multi-threaded-code.html
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13130
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Nov 11 03:20:09 CET 2017 on sn-devel-144
It implements the following test case:
1. client of smbd-1 opens the file and sets the oplock.
2. client of smbd-2 tries to open the file. open() fails(EAGAIN) and open is deferred.
3. client of smbd-1 sends oplock break request to the client.
4. client of smbd-1 closes the file.
5. client of smbd-1 opens the file and sets the oplock.
6. client of smbd-2 calls defer_open_done(), sees that the file lease was not changed
and does not reschedule open.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13058
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
This reverts commit b35a296a27.
This was the cause of
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13058
1. client of smbd-1 opens the file and sets the oplock.
2. client of smbd-2 tries to open the file. open() fails(EAGAIN) and open is deferred.
3. client of smbd-1 sends oplock break request to the client.
4. client of smbd-1 closes the file.
5. client of smbd-1 opens the file and sets the oplock.
6. client of smbd-2 calls defer_open_done(), sees that the file lease was not changed
and does not reschedule open.
and is no longer needed now vfs_streams_xattr.c no longer opens
the base file internally.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13125
The glfs.h header file has always resided under glusterfs/api/ in the
standard include directory. The glusterfs-api.pc file adds the unneeded
-I${includedir}/glusterfs compiler option. This option will be removed
from future versions of the pkg-config file.
This change can safely be backported to older versions if there is a
need to have them build against glusterfs-3.13 or newer.
URL: https://review.gluster.org/18576
CC: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Nov 9 22:37:30 CET 2017 on sn-devel-144
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
Autobuild-User(master): Jim McDonough <jmcd@samba.org>
Autobuild-Date(master): Thu Nov 9 01:49:06 CET 2017 on sn-devel-144
Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Nov 8 21:54:59 CET 2017 on sn-devel-144
CID 1420632: Resource leaks (RESOURCE LEAK)
CID 1420631: Security best practices violations (TOCTOU)
CID 1417432: Resource leaks (RESOURCE LEAK)
CID 1417429: Security best practices violations (TOCTOU)
CID 1417427: Resource leaks (RESOURCE LEAK)
These are all in test code and constrained to the test environment, so
can't result in privilege escape. No backport necessary. However, we
might as well get them off the list.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Nov 8 11:28:40 CET 2017 on sn-devel-144
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 8 04:27:28 CET 2017 on sn-devel-144
Add a NFS4 ACL backend that stores the ACL blob in an XDR encoded xattr,
by default in "security.nfs4acl_xdr".
This backend is enabled by setting "nfs4acl_xattr:encoding = xdr" in a
share definition.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This allows take-ownership to work if the user has SEC_STD_WRITE_OWNER.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The vfs_nfs4acl_xattr VFS module is supposed to work the same as
vfs_acl_xattr|tdb with "ignore system acls" set to true. That is,
filesystem permissions should never restrict access and the actual
access checks are done by smbd in userspace.
To better cope with POSIX mode changes via other protocols (eg NFS) or
local filesystem access, add the following tweaks:
o validate ACL blob: if POSIX mode is not 0777/0666 discard the ACL blob
from the xattr and synthesize a default ACL based on the POSIX mode
o when setting an ACL, check and reset POSIX mode to 0777/0666
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This ensures we can always fetch the ACL xattr blob when we wanted,
unrestricted of filesystem permissions or Linux xattr security namespace
restrictions.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Only tests with "nfs4:mode = simple" as mode special is supposed to be
broken anyway and simple is recommended.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This is the current default, just make it explicit. A subsequent commit
will bump the default to 4.1.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This is in preperation of modularizing the storage backend. Currently we
store the NFS4 ACL as an IDL/NDR encoded blob in a xattr.
Later commits will add a different backend storing the NFS4 ACL as an
XDR encoded blob in a xattr.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
We only open the underlying file if the open access mode contains
FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Refactor the code in preperation of factoring out ACL blob to smb4acl
and vice versa mapping functions.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
README.Coding adjustments, DEBUG macro modernisation, variable name
sanitizing. No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This changes the way ACL inheritance is achieved in this
module.
Previously the module recursed to the next parent directory until the
share root was reached or a directory with an ACL xattr. If the share
root didn't contain an ACL xattr either a default ACL would be used.
This commit removed this recursive scanning and replaces it with the
same mechanism used by vfs_acl_xattr: by setting "inherit acls = yes"
just let smbd do the heavy lefting and inheritance.
For any file without ACL xattr we still synthesize a default ACL,
leveraging the existing default ACL function used by vfs_acl_xattr.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
No change in behaviour, all option defaults are set to the original
behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The "system" xattr namespace is reserved for the kernel. Any attempt to
use xattrs in that namesspace will fail with EOPNOTSUPP, regardless of
priveleges. In autobuild we're using the xattr_tdb VFS module, so it
works there.
Using the "security" namespace instead makes this module generally
usable with Linux filesystem xattrs as storage backend.
Additionally prefix the xattr name with "_ndr". This is in preperation
of later commits that add a ACL blob marshalling format based on XDR. To
avoid xattr name collision, both format will use distinct xattr names by
default.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Move interesting functions to the top of the vfs_fn_pointers struct, no
change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This synthesizes an ACL with a single ACE with full permissions for
everyone. Not used for now, this comes later.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This will be used by another VFS module in a subsequent commit.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This is in preperation of moving make_default_filesystem_acl() and
making it globally accessible. No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
All the other subtests in samba3.raw.acls.create_file|dir pass with
nfs4acl_xattr, it's just the subtest that tries to set the owner which
fails with everything else then acl_xattr.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
