1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Commit Graph

85183 Commits

Author SHA1 Message Date
Jeremy Allison
c1c9b99054 Fix missing TALLOC_FREE of stackframes.
Signed-off-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:21 +02:00
Jeremy Allison
fb1847f41c Tidy up old bool usage. False -> false, True -> true.
Signed-off-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:21 +02:00
Andrew Bartlett
00cb6354cf vfs: Allow CREATOR GROUP to be used with vfs_zfsacl
The solaris acl() code requires that both ACE_GROUP|ACE_IDENTIFIER_GROUP be
set to indicate the @group permissions.

Otherwise, it would return Invalid Paramter to clients.

Andrew Bartlett
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:21 +02:00
Alexander Werth
6fa3f7d0f4 s4-smbtorture: Run tests for nfs4:modes simple and special.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:21 +02:00
Alexander Werth
381812e9f6 s3: Update vfs_gpfs man page with new nfs4:mode help text.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:21 +02:00
Alexander Werth
dae5f1943e s3: Update README.nfs4acls.txt
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:21 +02:00
Alexander Werth
a9f75bd3b7 s3: Use mode bits in some cases in mode simple.
Non inheriting ACL entries will show mode bits.
With this an file owner change does affect the effective ACL because
the special owner acl will now refer to the new owner.
This could be fixed by updating the ACL on a file owner change.

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:21 +02:00
Alexander Werth
ec138b2f82 s3: Add changes that keep nfs4:mode special behavior.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:21 +02:00
Alexander Werth
877f833af4 s3: Mapping of cifs creator owner to nfs owner@ ace.
This is ignored in nfs4mode special for compatibility.
Also ensure that we drop non inheriting creator owner
aces since these don't contribute to who can access
a file.

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:21 +02:00
Alexander Werth
83774a8bc2 s3: Mapping of special entries to creator owner in mode simple.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:21 +02:00
Alexander Werth
4a3bf4dd9b s3: Add params parameter to smbacl4_nfs42win function.
Reviewed-By: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:21 +02:00
Alexander Werth
7978fe2584 s3: Change smbacl4_get_vfs_params to use connection_struct instead of fsp.
Reviewed-By: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:21 +02:00
Alexander Werth
be0e269246 s3: Move up declaration of params struct and related function.
We need the parameters earlier in the code so we move up
    the declaration of the params struct. Since reading the
    parameters is closely related the definition of the function
    smbacl4_get_vfs_params has also been moved up.

Reviewed-By: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:21 +02:00
Alexander Werth
9018aa82c7 s4-smbtorture: Set result message when failing the inheritance test.
Reviewed-By: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:21 +02:00
Alexander Werth
97eb8f73e5 vfs: Add inheritance emulation to vfs_nfs4acl_xattr.
Recursively inherit ACL from parent directory if no acl xattr is
found on the current file.
Use a default ACL if a non-inheriting ACL is encountered.
With this the nfs4acl_xattr.dynamic test passes.
But the nfs4acl_xattr.inheritance test results in an error because
of warnings that cause the test to pass a failed result.

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:21 +02:00
Andrew Bartlett
fe8a1fcda7 selftest: Run raw.acls test against the nfs4acl_xattr module
This is the first time we have tested the NFSv4 ACL mapping code.
Sadly most tests fail but these can be fixed from here.

This at least shows that the code does not segfault.

Andrew Bartlett
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:21 +02:00
Andrew Bartlett
7874a43154 librpc: Add special owner/group/other constants to nfs4acl.idl
As per nfs4acl-0.9/lib/nfs4acl.c (the package where this structure is originally defined)

Andrew Bartlett
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:21 +02:00
Andrew Bartlett
a0d1685039 build: Add vfs_nfs4acl to the autoconf build
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:21 +02:00
Andrew Bartlett
76969abba0 vfs: Add new VFS module vfs_nfs4acl_xattr to use nfs4acl.idl
This uses the xattr format used by the patches at http://users.suse.com/~agruen/nfs4acl/

Andrew Bartlett
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:20 +02:00
Andrew Bartlett
5d517f4166 vfs: Remove unused security_info argument in vfz_zfsacl.c
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:20 +02:00
Alexander Werth
188d0f0975 vfs: Fix compile of vfs_gpfs.c.
Since the smb4acl is now correctly allocated on mem_ctx and not
the talloc stack frame we can free the stack frame correctly.
And the chmod emulation code now needs the vfs handle since
that is now required by the callback function to set the smb4acl.

Reviewed-By: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:20 +02:00
Andrew Bartlett
a65568750b vfs: Allocate SMB4ACL_T on an explict memory context
This ensures the caller knows exactly what the memory lifetime of this
returned object is.  This makes the NFSv4 ACL code consistent with the
POSIX and NT ACL code, to avoid supprising developers who have worked
on those other parts of the ACL code.

Most of this patch is adding a memory context to the callers and passing it in.

Andrew Bartlett
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:20 +02:00
Andrew Bartlett
67bb7d93ba vfs: Add vfs_handle_struct argument to smb_set_nt_acl_nfs4 and the callback
This allows the callback to call xattr based storage functions that need this argument.

Andrew Bartlett

Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:20 +02:00
Andrew Bartlett
d87b81fa30 build: Move nfs4acl to the top level
This is to create IDL-stored NFSv4 ACLs, just as we use for posix ACLs
to permit better testing.

Andrew Bartlett

Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:20 +02:00
Stefan Metzmacher
41f1c3969a pidl:NDR/Parser: correctly set $ndr->[relative_highest_]offset for relative_short pointers
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May  8 20:49:55 CEST 2013 on sn-devel-104
2013-05-08 20:49:55 +02:00
Stefan Metzmacher
5732c68403 Revert "Remove a bunch of "unused variable _relative_save_offset" warnings."
This reverts commit fa5898b6de.

This is the wrong fix for the warnings, the correct fix will follow.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2013-05-08 09:36:49 -07:00
Jeremy Allison
fa5898b6de Remove a bunch of "unused variable _relative_save_offset" warnings.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>

Autobuild-User(master): Richard Sharpe <sharpe@samba.org>
Autobuild-Date(master): Wed May  8 07:47:45 CEST 2013 on sn-devel-104
2013-05-08 07:47:45 +02:00
Richard Sharpe
76bffc27a3 Tests processing an oplock break within a compound SMB2 request.
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Richard Sharpe <sharpe@samba.org>
Autobuild-Date(master): Tue May  7 19:45:36 CEST 2013 on sn-devel-104
2013-05-07 19:45:36 +02:00
Jeremy Allison
cbff488550 Remove the compound_related_in_progress state from the smb2 global state.
And also remove the restriction that we can't read a new
request whilst we're in this state.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@samba.org>
2013-05-07 17:58:45 +02:00
Jeremy Allison
10cbcfd167 The core of the fix to allow opens to go async inside a compound request.
This is only allowed for opens that cause an oplock break, otherwise it
is not allowed. See [MS-SMB2].pdf note <194> on Section 3.3.5.2.7.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2013-05-07 17:58:45 +02:00
Jeremy Allison
1102e73832 Move a variable into the area of code where it's used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2013-05-07 17:58:45 +02:00
Jeremy Allison
a026fc6b69 Ensure we don't try and cancel anything that is in a compound-related request.
Too hard to deal with splitting off the replies.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2013-05-07 17:58:45 +02:00
Jeremy Allison
4111fcfd4f Only do the 1 second delay for sharing violations for SMB1, not SMB2.
Match Windows behavior.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2013-05-07 17:58:45 +02:00
Volker Lendecke
637887c079 Makefile: Fix bug 9868 - Don't know how to make LIBNDR_PREG_OBJ.
Thanks to Lucs for finding the issue

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue May  7 17:57:57 CEST 2013 on sn-devel-104
2013-05-07 17:57:57 +02:00
Volker Lendecke
8c1283a89f winbind: Fix bug 9854 -- NULL pointer dereference
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue May  7 14:49:07 CEST 2013 on sn-devel-104
2013-05-07 14:49:07 +02:00
Jeremy Allison
8ca4b7597d Fix up the man pages to explain that "store dos attributes" overrides them.
Signed-off-by: Jeremy Allison <jra@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May  7 01:24:54 CEST 2013 on sn-devel-104
2013-05-07 01:24:53 +02:00
Jeremy Allison
d25ba3f5a6 Allow "store dos attributes" to override the other "map XXX" parameters.
Makes us consistent with what is described in the man pages.

Signed-off-by: Jeremy Allison <jra@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-05-06 23:37:20 +02:00
Michael Adam
9f36d0c447 build: default --with-regedit to "auto" instead of "yes"
This means we don't build regedit when there is no ncurses
and this is not an error for the overall build.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Kai Blin <kai@samba.org>

Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Mon May  6 20:11:09 CEST 2013 on sn-devel-104
2013-05-06 20:11:09 +02:00
Michael Adam
431eeef931 build: fix --with-regedit to properly honour the yes/no/auto scheme
I.e. fail configure when ncurses support is not found but
regedit build was requested.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Kai Blin <kai@samba.org>
2013-05-06 18:24:58 +02:00
Michael Adam
356b825838 build: simplify ncurses checks: --with-regedit does not take a path list
--with-regedit is defined using SAMBA3_ADD_OPTION(), and can hence
take the values "yes", "no", and "auto". So it is not possible to
hand in paths to look for ncurses-config via this option.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Kai Blin <kai@samba.org>
2013-05-06 18:24:58 +02:00
Michael Adam
8d34f2fe1e docs: update the description of the formulas in the idmap_autorid manpage
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>

Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Mon May  6 18:23:56 CEST 2013 on sn-devel-104
2013-05-06 18:23:56 +02:00
Michael Adam
7bc9563c96 s3:idmap:autorid: add a comment block explaining the calculations
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-06 16:33:40 +02:00
Michael Adam
9c6594dadb s3:idmap:autorid: simplify the id->sid calculation
To make it more intutive.

rid = reduced_rid + domain_range_index * range_size

where

reduced_rid = (id - id_low) % range_size

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-06 16:33:40 +02:00
Michael Adam
7b9a567b89 s3:idmap:autorid: calculate the range's low_id in idmap_autorid_get_domainrange()
This way, the calculation needs to be don only in one central place and
the formulas get simpler.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-06 16:33:39 +02:00
Michael Adam
30a27ba428 s3:idmap:autorid: make calculation in idmap_autorid_sid_to_id much more obvious
This is my attempt to make the sid->unix-id calculation much more obvious.
Especially with the introduction of the multi-range support an the originally
named "multiplier", the calculation

id = low_id + range_size * domain_number + rid - range_size * multiplier

was rather opaque to me.

What really happens here is this:
The rid is split into a reduced_rid part that is < rangesize and
a multiple of rangesize. This is given by the formula

rid = rid % range_size + (rid / range_size) * range_size

We define
 reduced_rid := rid % range_size
and
 domain_range_index := rid / range_size ( == the original multiplier)

and the original formula is equivalent to:

id = reduced_rid + low_id + range_number * range_size;

and reads

id = reduced_rid + range_minvalue

if we set range_minvalue := low_id + range_number * range_size.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-06 16:33:39 +02:00
Michael Adam
a0ea6c2536 s3:idmap:autorid: rename range.multiplier to domain_range_index
The name multiplier is very confusing (at least for me).
This is an index that is used to reference the various
per-domain ranges.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-06 16:33:39 +02:00
Michael Adam
196aa1dea7 s3:idmap:autorid: rename autorid_range_config.sid to domsid, along with instances
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-06 16:33:39 +02:00
Michael Adam
2a258747b6 s3:idmap:autorid: rename autorid_domain_config --> autorid_range_config and instances to "range"
This describes it better with the new support for multiple ranges for domains.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-06 16:33:39 +02:00
Michael Adam
11b9b7d051 s3:idmap:autorid: rename domainnum to rangenum
Now ranges don't correspond to domains any more, but
multiple ranges are associated to a domain. So the name
is misleading.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-06 16:33:39 +02:00
Abhidnya Joshi
5190e4da2b docs-xml: manpage update for autorid multirange support
Signed-off-by: Abhidnya Joshi <achirmul@in.ibm.com>
Reviewed-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-05-06 16:33:39 +02:00