IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Aug 4 22:08:35 CEST 2016 on sn-devel-144
Memory was freed in most of the failure cases. It is always better
to free the memory at the end of the function so that all exit path
of the function will free the memory. Otherwise chances are that
you might miss some cleanup.
Signed-off-by: Rajesh Joseph <rjoseph@redhat.com>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Add test case for the newly addded option shadow:snapprefix
and shadow:delimiter
Signed-off-by: Rajesh Joseph <rjoseph@redhat.com>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
With growing number of snapshots file-systems need some mechanism
to differentiate one set of snapshots from other, e.g. monthly, weekly,
manual, special events, etc. Therefore these file-systems provide
different ways to tag snapshots, e.g. provide a configurable way to
name snapshots, which is not just based on time. With only shadow:format
it is very difficult to filter these snapshots.
As part of this change added two new options, shadow:snapprefix and
shadow:delimiter, in shadow_copy2 config. This option will accept regular
expression (BRE) as input. With this optional parameter, one can specify a
variable prefix component for names of the snapshot directories in the
file-system. If this parameter is set, together with the shadow:format and
shadow:delimiter parameters it determines the possible names of snapshot
directories in the file-system.
e.g.
shadow:snapprefix = [a-z]*[0-9]
When this option is provided then shadow:format option should always
start with <delimiter> string. This delimiter is configurable via a new option,
i.e. shadow:delimiter. Default value for this is "_GMT",
e.g. _GMT-%Y.%m.%d-%H.%M.%S
Signed-off-by: Rajesh Joseph <rjoseph@redhat.com>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Create a separate structure to store module specific information. Currently
only config values are saved. As of now there is no cleaner way to store run-time
information or other module specific information in shadow_copy2 module.
Therefore created a new structure to store all module specific information
including config.
Signed-off-by: Rajesh Joseph <rjoseph@redhat.com>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Added test cases which will filter snapshot names based
on shadow:format option in smb.conf
Signed-off-by: Rajesh Joseph <rjoseph@redhat.com>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
This function returns -1 on error but the return type is
size_t which is unsigned.
Signed-off-by: Rajesh Joseph <rjoseph@redhat.com>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Trying to trim down messages.c a bit: Sending to all processes that are
registered in serverid.tdb and filtering to me is not really logic of general
messaging but more of the serverid code.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Previously, without this patch, if notifyd died for whatever reason, it
would be restarted from smbd. However, if its initialization failed and
it exitted again, there would be no child entry in smbd for it and it
wouldn't be attempted to restart it again.
This patch adds async send/recv methods for starting cleanupd that will
reschedule restart attempt every second in case initilisation failed.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12022
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Instead of using messaging to send individual cleanup events, it works
this way:
o parent smbd stores cleanup events (ie exitted children) in
smbd_cleanup.tdb
o it sends cleanupd an empty MSG_SMB_NOTIFY_CLEANUP message
o cleanupd does a traverse on the smbd_cleanupd.tdb and collects all
childs in a list
o after the traverse cleanupd walks the list and does the real work
It would have been possible to optimize for the common case by passing
info about exitted childs with the message (as was done before this
patch), adding a new message type for triggering a db traverse that
would be used when cleanupd had to be restarted and cleanup events may
have been accumulated in cleanup.tdb.
But this could be subject to subtle race conditions and could loose
events if cleanupd dies randomly.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12022
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Previously, without this patch, if cleanupd died for whatever reason, it
would be restarted from smbd. However, if cleanupd initialization
failed and it exitted again, there would be no child entry in smbd for
it and it wouldn't be attempted to restart it again.
This patch adds async send/recv methods for starting cleanupd that will
reschedule restart attempt every second in case initilisation failed.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12022
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
This will be used between cleanupd and smbd for passing information
about exitted smbd childs.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12022
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Samba always tries to read the ACL of a file and checks it internally.
If the READ_ACL permission is missing in GPFS, then then reading the ACL
for Samba internal evaluation will be denied and opening the file or
directory fails. Change this by retrying reading the ACL with the DAC
capability if access was denied.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Mon Jul 25 10:30:02 CEST 2016 on sn-devel-144
Signed-off-by: Yan, Zheng <zyan@redhat.com>
Signed-off-by: Ira Cooper <ira@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ira Cooper <ira@samba.org>
Autobuild-Date(master): Sun Jul 24 04:08:23 CEST 2016 on sn-devel-144
Move posix acl related code in vfs_glusterfs.c to a seperate module.
Signed-off-by: Yan, Zheng <zyan@redhat.com>
Signed-off-by: Ira Cooper <ira@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
With modern messaging this doesn't do anything (it's an
empty destructor). Clean up so we can add a proper destructor
in future.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
E.g. we try lanman, ntlmv1 and ntlmv2 authentication.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We already have 'as anon', having an indication for each case makes it
easier to mark some as knownfail.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
notifyd_send() is called as part of smbd initialization both in normal daemon
mode after a fork, but also in interactive mode. In interactive mode, notifyd
should not modify the global signal state with BlockSignals(). This patch moves
the signal blocking to the place where we know that notifyd is a child daemon.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul 20 09:04:00 CEST 2016 on sn-devel-144
When notifyd is restarted, the parent will broadcast that fact to all workers.
They will then re-register their notify requests.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
When notifyd crashes, it will be restarted. We need to restore the filters with
notifyd
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
So far, we haven't TALLOC_FREE'ed the notify context. This will change.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
We have all information that was kept in "notify_list" in other parts of smbd
as well. The only possible downside of this patch is that we possibly have a
lot more fsp's than fsp's with notifies, so notify_callback() might be a bit
slower in this situation. If this turns out to be a problem, I'd rather put
some more smarts into the notifyd protocol to enable a better indexed
notify_callback(). For now, this avoids data to be kept in two places.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This protection right now lives in notify_msg.c with the notify_list, but that
will go.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
We do not have different callbacks per notify, put the callback function into
the notify context
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Okay, this is similar to full_path_tos, but with variable arrays now and much
simpler :-)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Before this patch, failure of notify_init was ignored. Also, no proper error
handling of a messaging_register failure was done. Fix those, also adding some
debug messages.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
If a stream is open, refuse the unlink. Ensure UNIX unlink
request can remove a file containing streams.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12021
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Jul 20 05:20:29 CEST 2016 on sn-devel-144
When using UNIX extensions to delete a file containing streams,
the open for delete and close operations need to enumerate the
contained streams and do CREATE and UNLINK operations on the
stream names. These must always be done as Windows operations
(remove the SMB_FILENAME_POSIX_PATH flag) as the stream names
are Windows paths.
Without this the create operation under the unlink will
recurse and cause the client to time out (or a server crash).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12021
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
We must not list any services that we skip building, as otherwise all RPC services fail to start.
We now build without the source4 spoolss server in non-developer builds
This fixes commit 0b4c741b9c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12025
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Even with "ignore system acls" set to "yes", for objects without NT ACL
xattr we use the underlying filesystem permissions to construct an NT
ACL. This can result in *very* unexpected permissions, eg:
- a directory with the following ACL:
$ ./bin/smbcacls -Uslow%pass //localhost/normal ""
REVISION:1
CONTROL:SR|DP
OWNER:SLOW\slow
GROUP:Unix Group\root
ACL:SLOW\slow:ALLOWED/0x0/FULL
So only one non-inheritable(!) ACE.
- creating a subdirectory:
$ ./bin/smbclient -Uslow%pass //localhost/normal -c "mkdir dir1"
- checking whether there's an ACL xattr:
$ getfattr -m "" /Volumes/normal/dir1
getfattr: Removing leading '/' from absolute path names
system.posix_acl_access
system.posix_acl_default
user.DOSATTRIB
So there isn't an ACL xattr, because there where no inheritable ACEs on
the parent folder.
- reading the new subdirectories ACL:
$ ./bin/smbcacls -Uslow%pass //localhost/normal "dir1"
REVISION:1
CONTROL:SR|DP
OWNER:SLOW\slow
GROUP:Unix Group\slow
ACL:SLOW\slow:ALLOWED/0x0/FULL
ACL:Unix Group\slow:ALLOWED/0x0/READ
ACL:Everyone:ALLOWED/0x0/READ
ACL:NT Authority\SYSTEM:ALLOWED/0x0/FULL
The ACES for "SLOW\slow", "Unix Group\slow" and "Everyone" are coming
from the underlying filesystem. This is the problem.
- Windows assigns the following ACL in this situation:
$ ./bin/smbcacls -UAdministrator%Passw0rd //10.10.10.14/data "dir"
REVISION:1
CONTROL:SR|PD|DI|DP
OWNER:VORDEFINIERT\Administratoren
GROUP:WIN2008R2\Domänen-Benutzer
ACL:WIN2008R2\Administrator:ALLOWED/0x0/FULL
$ ./bin/smbclient -UAdministrator%Passw0rd //10.10.10.14/data -c "mkdir dir\dir1"
$ ./bin/smbcacls -UAdministrator%Passw0rd //10.10.10.14/data "dir\dir1"
REVISION:1
CONTROL:SR|DI|DP
OWNER:VORDEFINIERT\Administratoren
GROUP:WIN2008R2\Domänen-Benutzer
ACL:VORDEFINIERT\Administratoren:ALLOWED/0x0/FULL
ACL:NT-AUTORITÄT\SYSTEM:ALLOWED/0x0/FULL
By changing make_default_filesystem_acl() to only adds user and system
ACE to the ACL of objects that lack an ACL xattr, we match Windows
behaviour:
$ ./bin/smbclient -Uslow%pass //localhost/normal -c "mkdir dir2"
$ ./bin/smbcacls -Uslow%pass //localhost/normal "dir2"
REVISION:1
CONTROL:SR|DP
OWNER:SLOW\slow
GROUP:Unix Group\slow
ACL:SLOW\slow:ALLOWED/0x0/FULL
ACL:NT Authority\SYSTEM:ALLOWED/0x0/FULL
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12028
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Jul 19 10:22:05 CEST 2016 on sn-devel-144
This function is only used in vfs_acl_common.c and will be modified in
the next commit.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12028
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Instead of reporting that an inotify event triggered all possible filter
masks, map the inotify event back to the filter mask. This is slightly
more accurate, although there can still be mismatches due to the
mapping.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jul 18 18:50:55 CEST 2016 on sn-devel-144
This only adds a parameter to the callback without any functional
change.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jul 16 00:17:03 CEST 2016 on sn-devel-144
This has never been watched, so it's an unnecessary overhead on
dbwrap_record_store().
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jul 15 20:32:19 CEST 2016 on sn-devel-144
The existing one with a separate dbwrap_watchers.tdb turns out to
create a performance penalty in a clustered environment. Non-clustered,
dbwrap_parse_record on non-existent records is very cheap, but in a
cluster environment this is very noticable.
This implementation puts the watcher information into the records itself. For
large records, this might be another performance penalty, because we have to
assemble the final record together with talloc and memcpy, but this might be
fixed later with a tdb_storev call.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
It's highly unlinkely that this will ever kick in, because our current tdb keys
are rather small, but offset calculations without overflow checks are bad.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Typicall, when we watch a record, we wait for a process to give up some
resource. Be it an oplock, a share mode or the g_lock. If everything goes well,
the blocker sends us a message. If the blocker dies hard, we want to also be
informed immediately.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This is a brute force variant, trying twice a second. We'll have better
variants with tmsgd in the future.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
... something I've wanted to do for ages :-)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Jul 14 20:50:15 CEST 2016 on sn-devel-144
for completeness for later pop.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Jul 14 02:02:33 CEST 2016 on sn-devel-144
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
When doing spnego sasl bind:
1. Try working without kinit only if a password is not
provided
2. When using kinit, ensure the KRB5CCNAME env var is set
to a private memory ccache, so that the bind is on behalf
of the requested user.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12007
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jul 12 03:23:33 CEST 2016 on sn-devel-144
When doing gssapi sasl bind:
1. Try working without kinit only if a password is not
provided
2. When using kinit, ensure the KRB5CCNAME env var is set
to a private memory ccache, so that the bind is on behalf
of the requested user.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12007
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
This is the last step to fix a regression introduced by
3fe3226daa and
3fe3226daa8488e0fa787c40359c3401b6f05fc0^
where we pass the ctdb-messaging object conn to db_open() and add a
reference to it to the private db_ctdb_ctx for later use. Unfortunately
reinit_after_fork() destroys conn, leaving us with an invalid reference.
The previous patches added new lower level functions
messaging_ctdbd_reinit() and ctdbd_reinit_connection(), finally use them
them from messaging_reinit(). They preserve the conn object and simply
reinitialize the IPC fd.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Jul 11 23:45:20 CEST 2016 on sn-devel-144
Split out and internal function from messaging_ctdbd_init() that does
the connection setup. Keep the conn object allocation in
messaging_ctdbd_init().
This is in preperation of adding messaging_ctdbd_reinit() which will use
the new internal function as well.
messaging_ctdbd_init_internal() has a new reinit flag,
messaging_ctdbd_init() calls with reinit=false resulting in unmodified
behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Split ctdbd_init_connection() into an internal function that does the
connection setup and only keep the conn object allocation in
ctdbd_init_connection().
This is in preperation of adding ctdbd_reinit_connection() which will
use the new internal function as well.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Using smbd_reinit_after_fork() rather then reinit_after_fork() ensures
am_parent is reset to NULL. Otherwise, when exiting for some reason, the
inherited atexit handler killkids() calls kill(0,SIGTERM) terminating
our whole process group including the main smbd.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12016
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jul 11 02:02:33 CEST 2016 on sn-devel-144
Using smbd_reinit_after_fork() rather then reinit_after_fork() ensures
am_parent is reset to NULL. Otherwise, when exiting for some reason, the
inherited atexit handler killkids() calls kill(0,SIGTERM) terminating
our whole process group including the main smbd.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12016
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Using smbd_reinit_after_fork() rather then reinit_after_fork() ensures
am_parent is reset to NULL. Otherwise, when exiting for some reason, the
inherited atexit handler killkids() calls kill(0,SIGTERM) terminating
our whole process group including the main smbd.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12016
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul 6 22:41:41 CEST 2016 on sn-devel-144
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12006
Signed-off-by: Uri Simchoni <uri@samba.org>
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
The sign of the uid_t type is left unspecified by POSIX. It's defined as
an unsigned 32b int on Linux, therefore the < 0 check is always
false.
For unsigned version of uid_t, "uid == -1" will implicitely cast -1 to
unsigned making it a valid test for both signed and unsigned version of
uid_t.
This commit makes the cast to (uid_t) explicit anyway.
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Jul 1 05:22:36 CEST 2016 on sn-devel-144
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 30 07:16:45 CEST 2016 on sn-devel-144
This includes user_principal_name and dns_domain_name.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
When we allow offline logon and have a lot of logins, windbind will leak
4k of memory which each log in. On systems with heavy load this can grow
quickly and the OOM killer will kill Winbind.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11999
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jun 29 19:03:53 CEST 2016 on sn-devel-144
Only expose a synchronous tldap_gensec_bind() call, as it can't
really be async anyway.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Jun 28 11:19:33 CEST 2016 on sn-devel-144
This should prevent nested event loops, and won't make the
code performance worse anyway.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
If an SID is is not found becaues the RID doesn't exist in a domain and
the domain is configured to use a non-allocating idmap backend like
idmap_ad or idmap_rfc2307, winbindd must not return a mapping for the
SID.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11961
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
When doing a SID to xid mapping for an unknown SID, the idmap child gets
passed a lsa_RefDomainList with an empty domain name (ie ""). This is
coming from LsaLookupSids() and causes the mapping request to end up in
the default idmap domain.
Example request with domain name "":
wbint_Sids2UnixIDs: struct wbint_Sids2UnixIDs
in: struct wbint_Sids2UnixIDs
domains : *
domains: struct lsa_RefDomainList
count : 0x00000001 (1)
domains : *
domains: ARRAY(1)
domains: struct lsa_DomainInfo
name: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0002 (2)
string : *
string : ''
sid : *
sid : S-1-5-21-3152989960-574718769-2188965058
max_size : 0x00000020 (32)
ids : *
ids: struct wbint_TransIDArray
num_ids : 0x00000001 (1)
ids: ARRAY(1)
ids: struct wbint_TransID
type : ID_TYPE_NOT_SPECIFIED (0)
domain_index : 0x00000000 (0)
rid : 0x000029aa (66666)
xid: struct unixid
id : 0xffffffff (4294967295)
type : ID_TYPE_NOT_SPECIFIED (0)
In _wbint_Sids2UnixIDs() we call idmap_find_domain_with_sid() with the
domain name "" and this triggers use of the default idmap domain which
in case of idmap_autorid will allocate an id from a idmap_autorid range.
If we know the domain, ensure we return it for SIDs were the SID was not
found but the domain of the SID was found. Callers like sids2xids depend
on the domain name and returning an empty string "" for valid domain can
trigger unwanted idmap range allocations.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11961
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This new option allows DNS names to be unregistered and removes all
IP entries for a given name in the specified AD server.
Signed-off-by: Shyamsunder Rathi <shyam.rathi@nutanic.com>
Reviewed-by: Richard SHarpe <rsharpe@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Richard Sharpe <sharpe@samba.org>
Autobuild-Date(master): Mon Jun 27 20:43:26 CEST 2016 on sn-devel-144
This environment uses the same winbindd as ad_dc
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This changes the way we check for old vs new DOS attributes on open with
overwrite: only check against the DOS attributes actually set by a
client and stored in the DOS attributes xattr.
With this change "hide dot files" and "hide files" continue to work with
"store dos attributes = yes".
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11992
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Consolidate the "hide dot files" and "hide files" handling stuff in one
function. No change in overall behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11992
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This doesn't change overall behaviour in any way, it just prepares for
the next step where the IS_HIDDEN_PATH() stuff will be moved to the
function dos_mode_from_name().
It allows an optimisation by not checking "hide to files" patch if
FILE_ATTRIBUTE_HIDDEN was already set in the DOS xattr.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11992
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This just moves the computation of "hide dot files" files to a helper
functions without changing overall behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11992
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
CTDB can send CTDB_REPLY_ERROR in case it encounters an error condition.
This is treated as successful migration as "ret" is not set.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jun 24 22:39:23 CEST 2016 on sn-devel-144
"child" has been free'd via "tmp"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jun 24 14:07:56 CEST 2016 on sn-devel-144
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jun 24 05:58:35 CEST 2016 on sn-devel-144
If the node has flag NODE_FLAGS_PERMANENTLY_DISABLED, then it is
still working. Only avoid connections if node has any of the flags
in NODE_FLAGS_INACTIVE.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jun 23 23:38:44 CEST 2016 on sn-devel-144
We already trim any leading \\ characters in this function, so this is the simplest place
to clean the pathname.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11986
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Wed Jun 22 10:33:29 CEST 2016 on sn-devel-144
Inspired by initial patch from Matt Rogers @ RedHat.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11977
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Jun 22 05:05:47 CEST 2016 on sn-devel-144
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jun 21 22:22:03 CEST 2016 on sn-devel-144
Since commit 0f6d51f34b libnet_join
automatically adds netbios aliases as SPNs to the machine account.
This commit adds a simple test with smbclient -k against the aliases.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sun Jun 19 19:07:46 CEST 2016 on sn-devel-144
Make net ads dns gethostbyname actually print out the returned addresses
so we can use it in self tests.
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sun Jun 19 10:34:37 CEST 2016 on sn-devel-144
This occurred due to old code that used to do:
SSVAL(smb_buf(req->outbuf),-2,nread);
to set the reply length. This code was not needed,
as srv_set_message() was already correctly setting
the bcc length and was probably left from much
earlier legacy code.
However, in commit ddaa65ef6e
this was converted to do:
SSVAL(req->outbuf,smb_vwv11,smb_maxcnt);
This code actually overwrites the last 'reserved'
field in the SMB_COM_READ_ANDX packet reply, but we
never noticed as no client (or server code) looks at or
checks vwv11 in a SMB_COM_READ_ANDX reply.
[MS-SMB] shows for SMB_COM_READ_ANDX reply:
SMB_Parameters
{
UCHAR WordCount;
Words
{
UCHAR AndXCommand;
UCHAR AndXReserved;
USHORT AndXOffset;
USHORT Available;
USHORT DataCompactionMode;
USHORT Reserved1;
USHORT DataLength;
USHORT DataOffset;
USHORT DataLengthHigh;
USHORT Reserved2[4];
}
}
SMB_Data
{
USHORT ByteCount;
Bytes
{
UCHAR Pad[] (optional);
UCHAR Data[variable];
}
and indeed checking wireshark from Win2012R2
we find that smbd is writing the returned
read length into smb_vwv11 and Windows leaves
it as zeros (reserved).
Also fix the same problem in the named pipes code.
Torture test to ensure Reserved2[4] replies
are zero to follow.
https://bugzilla.samba.org/show_bug.cgi?id=11845
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Torture test to follow.
Signed-off-by: Per Forlin <per.forlin@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Note: This has *NO* effect on the lock context code, as on the
wire for all SMB1 locking requests, the pid used as the lock
context is already truncated down to 16-bits - the field is only
16-bits wide.
This allows the cli_XXX() calls to correctly set pidlow AND pidhigh
in SMB1 requests put on the wire by the libcli/smb/smb1*.c code.
Note that currently the smbd server doesn't correctly return
pidhigh yet - a fix (and tests) for that will follow.
As pidhigh is not checked in any client code (mid is used
to differentiate different requests) this has no effect
other than a correctness fix.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
This is already run from under source4/selftest/tests.py
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This prevents irritating warning messages.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jun 17 08:13:55 CEST 2016 on sn-devel-144
Set socket options from smb.conf before negprot, as done by libsmbclient
Signed-off-by: Jim McDonough <jmcd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Initial patch from Matt Rogers @ RedHat.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11977
Guenther
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Jun 15 20:28:31 CEST 2016 on sn-devel-144
When domain member is joined to AD, we need to use the same DC to
authenticate against after the join because the machine account might
not be replicated yet to other domain controllers, including off-site.
Bug https://bugzilla.samba.org/show_bug.cgi?id=11769 dealt with
detection of the site pre-join. However, we rewrite private local
krb5.conf afterwards without taking the discovered site name into
account.
Fix this by reusing the site discovered pre-join.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11975
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jun 15 15:25:44 CEST 2016 on sn-devel-144
When we transitioned from autotools to waf we dropped installing the
findsmb script. However we create and install the manpage for it so
install it in the system again.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jun 9 19:10:15 CEST 2016 on sn-devel-144
Ensure we don't crash in this case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11959
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Thu Jun 9 13:18:56 CEST 2016 on sn-devel-144
This whole area is a known-to-be-broken mess, but this patch should fix
the immediate crash
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Jun 7 18:31:30 CEST 2016 on sn-devel-144
Signed-off-by: Peter Somogyi <psomogyi@hu.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jun 6 16:10:19 CEST 2016 on sn-devel-144
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jun 3 07:26:34 CEST 2016 on sn-devel-144
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jun 2 12:47:26 CEST 2016 on sn-devel-144
When enumerating users we try to fetch sAMAccountType attribute which
might not be present for whatever reason.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Thu Jun 2 09:04:13 CEST 2016 on sn-devel-144
It is no longer part of the quota VFS interface to return
an EDQUOT error as an indication that getting quota succeeded
but the user/group is over-quota. A VFS module implementing
quota interface always returns 0 on success.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The sysquotas module has several supported backends for
getting/setting user/group quota. This patch removes a check
by the common code, to see if the backend has returned EDQUOT.
Before this patch, it was OK for a backend to return with error
and errno set to EDQUOT, and that meant success, but with a warning
that the user/group is over quota. This is the system behavior on
some Unices. This patch removes this from the protocol between the
sysquota module and its backend drivers - it's the responsibility
of the backend to return 0 iff it has fulfilled the request to get or
set quota.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Remove the option to retrieve valid user/group quota while
returning -1 and EDQUOT errno - this is no longer part of the
protocol between the quota backend and smbd.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Remove a test for special handling of EDQUOT errno when determining
user/group quota - If the backend has obtained the quota settings it
has to return 0 and not error.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
When obtaining user/group quota, remove check for EDQUOT
errno return. Apparently on some Unices, EDQUOT means that
the get-quota function has succeeded, but the user/group is
over-quota. Not so in Linux.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
`f` was checked again instead of `s`.
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: ndreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat May 28 04:34:20 CEST 2016 on sn-devel-144
When calculating free disk space, do not take user quota
into account if quota is globally not enforced on the file
system.
This is meant to fix a specific problem with XFS. One might
say "why don't you fix the XFS-specific code instead?". The
reason for that is that getting and setting quota must not
be affected by whether quota is actually enforced. NTFS has
the same notion of separating quota accounting (and being
able to configure / retrieve configured quota), from quota
enforcement.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11937
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat May 28 00:09:05 CEST 2016 on sn-devel-144
Add a test for situation where quota accounting is enabled
but quota enforcement is disabled (disk-free should not take
quota into account)
Add a test for situation where overall quota status reporting
(whether or not it's enforcing) is not supported - as with NFS.
In that case it must be assumed that if quota is configured, then
it is also enforced (as with NFS).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11937
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Add support for mocking FS user/group quotas (default quota and
quota flags).
Make the default block size 4096 instead of 0. This
turns the default into "no quota" instead of "punt to
lower VFS module" (that is, if the mock module is asked
to retrieve quota of a user/group/default for which there
is no config).
Add support for ENOSYS error
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11937
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Not freeing up(and reparenting to NULL context) ndr buffer
used for TDB updates resulting in huge memory leak when there
in high volume of opens and closes happening on same object.
Free the buffer before reparenting its parent to NULL context.
https://bugzilla.samba.org/show_bug.cgi?id=11934
Signed-off-by: Hemanth Thummala <hemanth.thummala@nutanix.com>
Signed-off-by: Saji VR <saji.vr@nutanix.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri May 27 18:43:31 CEST 2016 on sn-devel-144
It's referred to outside of the {} brace scope it was defined in by
the following code:
uid_to_unix_users_sid(*uid, &tmp_sid);
user_sid = &tmp_sid;
As tmp_sid was going out of scope, user_sid was
being incorrectly set in the token sid list.
I think this *may* be the root cause of:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10618
But even if not this is an obvious error that must
be fixed.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri May 27 11:28:18 CEST 2016 on sn-devel-144
Now that the module supports only the current Linux quota
interface, it does not need a two-level hierarchy.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Thu May 26 18:54:12 CEST 2016 on sn-devel-144
The same check is done by sys_get_quota() which is the only caller.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Remove support for Linux quota interfaces that predate the
2.6.x kernel series. Glibc has been supporting the "current"
quota interface for over 10 years now...
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Will add as a command to smbclient, plus will be useful for testing.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
This way we will be able to see the log in the cups logs and are able to
debug issues.
https://bugzilla.samba.org/show_bug.cgi?id=11935
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
This makes sure anonymous connections work if the server
requires signing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11910
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Correctly copy block hard/soft limits from the OS-specific structure
to samba structure.
BUG:https://bugzilla.samba.org/show_bug.cgi?id=11931
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This means we'll use the "client ipc min protocol", "client ipc max protocol"
and "client ipc signing" options. But "--signing=no" or "--signing=required"
still overwrite "client ipc signing".
The following can be used to alter the max protocol
rpcclient --option="client ipc max protocol=SMB2_10" 172.31.9.163 -Uadministrator%A1b2C3d4 -c "getusername"
Account Name: Administrator, Authority Name: W4EDOM-L4
rpcclient --option="client ipc max protocol=NT1" 172.31.9.163 -Uadministrator%A1b2C3d4 -c "getusername"
Account Name: Administrator, Authority Name: W4EDOM-L4
rpcclient 172.31.9.163 -Uadministrator%A1b2C3d4 -c "getusername"
Account Name: Administrator, Authority Name: W4EDOM-L4
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11927
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat May 21 05:01:15 CEST 2016 on sn-devel-144
This reverts commit a55ac51f5f.
This will be implemented in a more common way using the
"client ipc max protocol" option.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11927
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Compiles and runs code that checks for working
F_OFD_GETLK, F_OFD_SETLK, F_OFD_SETLKW.
We now use these if available.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Jeff Layton <jlayton@samba.org>
Only in the default VFS. Gpfs, Ceph, Gluster and other modern
backend VFS filesystems might want to do the same.
Allow tuneable "smbd:force process locks = true" to turn
off OFD locks if in use and the kernel doesn't support them.
Display debug message showing admins what to do in this case.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Jeff Layton <jlayton@samba.org>
Not yet used. We will set this if we translate a process-associated
lock operation to a open file description lock operation.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Jeff Layton <jlayton@samba.org>
Will allow us to move to open file description locks
from process-associated locks.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Jeff Layton <jlayton@samba.org>
Ensures that we *always* expose ofd-lock behavior to clients.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Jeff Layton <jlayton@samba.org>
This means locks are associated with the SMB handle
they were created on, not the inode. In all other ways
they behave like UNIX extensions fcntl (process-associated)
locks. Torture test to follow.
When a handle is closed all locks attached to that handle
are closed, not all locks on the underlying inode. In
this respect they now behave like Windows locks.
The key to this in the UNIX extensions locking codepath is modifying
the reference count only when a new locking context is seen
on any lock request, and decrementing the reference count
when the last instance of a locking context is seen on any
unlock request. For SMB2+ the persistent part of a file handle
is used as the locking context so this behavior becomes
natural.
This is a behavior change but after consultation with
Jeff Layton and Steve French the only client that implements
UNIX extensions POSIX locks - the cifsfs client - already
expects these locks to behave like open file description
(ofd) locks. With our previous behavior Linux ofd-locks
fail against smbd.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Jeff Layton <jlayton@samba.org>
We will need this to implement open file description record locks.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Jeff Layton <jlayton@samba.org>
We will be using this to also ref count a posix lock applied
to a file handle when changing to open file description lock
semantics.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Jeff Layton <jlayton@samba.org>
It seems it could happen that p->db == NULL in the list
from notifyd_clean_peers_next(). This has been seen in
a ctdb cluster when an node-internal ctdb interface is
brought down.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11930
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri May 20 17:32:55 CEST 2016 on sn-devel-144
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 19 23:53:47 CEST 2016 on sn-devel-144
This avoids errors due to 'not implemented' for SMB_VFS_KERNEL_FLOCK
on some file systems like glusterfs (with the vfs module). The only
other code path where SMB_VFS_KERNEL_FLOCK is called, is already protected.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11919
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Thu May 19 02:34:36 CEST 2016 on sn-devel-144
This will allow to track whether kernel share modes have been
taken at open and correclty remove them again on close.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11919
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed May 18 23:00:35 CEST 2016 on sn-devel-144
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11910
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed May 18 15:49:46 CEST 2016 on sn-devel-144
The generate_session_info() function maybe called more than once
per session.
Some may try to look/dereference session_info->security_token,
so we provide simplified token.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11914
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue May 17 16:54:36 CEST 2016 on sn-devel-144
Another step towards making ctdbd_conn.c independent of messages.c. No call to
ctdb_conn_msg_ctx() anymore
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This removes one circular dependency of dbwrap_ctdb to messages.c: No call to
messaging_ctdbd_connection() anymore from dbwrap_ctdb.c.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This minimizes the use of messaging_ctdbd_connection() to
db_open_ctx(). Next step will move this into db_open().
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
messages_ctdbd.c is the code that is genuinely interested in
async messages from ctdb, so let it take care of them.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Previously it was used in ctdb_traverse(), but with ff72a8a this is no longer
the case
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
