IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
When a samba server process dies hard, it has no chance to clean up its entries
in locking.tdb, brlock.tdb, connections.tdb and sessionid.tdb.
For locking.tdb and brlock.tdb Samba is robust by checking every time we read
an entry from the database if the corresponding process still exists. If it
does not exist anymore, the entry is deleted. This is not 100% failsafe though:
On systems with a limited PID space there is a non-zero chance that between the
smbd's death and the fresh access, the PID is recycled by another long-running
process. This renders all files that had been locked by the killed smbd
potentially unusable until the new process also dies.
This patch is supposed to fix the problem the following way: Every process ID
in every database is augmented by a random 64-bit number that is stored in a
serverid.tdb. Whenever we need to check if a process still exists we know its
PID and the 64-bit number. We look up the PID in serverid.tdb and compare the
64-bit number. If it's the same, the process still is a valid smbd holding the
lock. If it is different, a new smbd has taken over.
I believe this is safe against an smbd that has died hard and the PID has been
taken over by a non-samba process. This process would not have registered
itself with a fresh 64-bit number in serverid.tdb, so the old one still exists
in serverid.tdb. We protect against this case by the parent smbd taking care of
deregistering PIDs from serverid.tdb and the fact that serverid.tdb is
CLEAR_IF_FIRST.
CLEAR_IF_FIRST does not work in a cluster, so the automatic cleanup does not
work when all smbds are restarted. For this, "net serverid wipe" has to be run
before smbd starts up. As a convenience, "net serverid wipedbs" also cleans up
sessionid.tdb and connections.tdb.
While there, this also cleans up overloading connections.tdb with all the
process entries just for messaging_send_all().
Volker
Ensure we don't use any of the create_options for Samba private
use. Add a new parameter to the VFS_CREATE call (private_flags)
which is only used internally. Renumber NTCREATEX_OPTIONS_PRIVATE_DENY_DOS
and NTCREATEX_OPTIONS_PRIVATE_DENY_FCB to match the S4 code).
Rev. the VFS interface to version 28.
Jeremy.
This patch also changes the unix convert flags to make sure the
correct semantics are preservered for allowing/disallowing wildcards
in the last component of the path.
Some of the callers required minimal changes, while others
(copy_internals) required significant changes. The task is simplified
a little bit because we are able to do operations and checks on the
base_name when a stream isn't used.
This patch should cause no functional changes.
Volker, Jeremy: Please check
Not only are these unnecessary in spirit because unlink_internals
calls unix_convert, but in practice the return value is simply being
ignored right now.
This patch introduces
struct stat_ex {
dev_t st_ex_dev;
ino_t st_ex_ino;
mode_t st_ex_mode;
nlink_t st_ex_nlink;
uid_t st_ex_uid;
gid_t st_ex_gid;
dev_t st_ex_rdev;
off_t st_ex_size;
struct timespec st_ex_atime;
struct timespec st_ex_mtime;
struct timespec st_ex_ctime;
struct timespec st_ex_btime; /* birthtime */
blksize_t st_ex_blksize;
blkcnt_t st_ex_blocks;
};
typedef struct stat_ex SMB_STRUCT_STAT;
It is really large because due to the friendly libc headers playing macro
tricks with fields like st_ino, so I renamed them to st_ex_xxx.
Why this change? To support birthtime, we already have quite a few #ifdef's at
places where it does not really belong. With a stat struct that we control, we
can consolidate the nanosecond timestamps and the birthtime deep in the VFS
stat calls.
At this moment it is triggered by a request to support the birthtime field for
GPFS. GPFS does not extend the system level struct stat, but instead has a
separate call that gets us the additional information beyond posix. Without
being able to do that within the VFS stat calls, that support would have to be
scattered around the main smbd code.
It will very likely break all the onefs modules, but I think the changes will
be reasonably easy to do.
This is the first of a series of patches that change path based
operations to operate on a struct smb_filename instead of a char *.
This same concept already exists in source4.
My goals for this series of patches are to eventually:
1) Solve the stream vs. posix filename that contains a colon ambiguity
that currently exists.
2) Make unix_convert the only function that parses the stream name.
3) Clean up the unix_convert API.
4) Change all path based vfs operation to take a struct smb_filename.
5) Make is_ntfs_stream_name() a constant operation that can simply
check the state of struct smb_filename rather than re-parse the
filename.
6) Eliminate the need for split_ntfs_stream_name() to exist.
My strategy is to start from the inside at unix_convert() and work my
way out through the vfs layer, call by call. This first patch does
just that, by changing unix_convert and all of its callers to operate
on struct smb_filename. Since this is such a large change, I plan on
pushing the patches in phases, where each phase keeps full
compatibility and passes make test.
The API of unix_convert has been simplified from:
NTSTATUS unix_convert(TALLOC_CTX *ctx,
connection_struct *conn,
const char *orig_path,
bool allow_wcard_last_component,
char **pp_conv_path,
char **pp_saved_last_component,
SMB_STRUCT_STAT *pst)
to:
NTSTATUS unix_convert(TALLOC_CTX *ctx,
connection_struct *conn,
const char *orig_path,
struct smb_filename *smb_fname,
uint32_t ucf_flags)
Currently the smb_filename struct looks like:
struct smb_filename {
char *base_name;
char *stream_name;
char *original_lcomp;
SMB_STRUCT_STAT st;
};
One key point here is the decision to break up the base_name and
stream_name. I have introduced a helper function called
get_full_smb_filename() that takes an smb_filename struct and
allocates the full_name. I changed the callers of unix_convert() to
subsequently call get_full_smb_filename() for the time being, but I
plan to eventually eliminate get_full_smb_filename().
Also remove ads_memfree(), which was only ever a wrapper around
SAFE_FREE, used only to free the DN from ads_get_ds().
This actually makes libgpo more consistant, as it mixed a talloc and a
malloc based string on the same element.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
This replaces the is_dos_path bool with a more future-proof argument.
The next step is to plumb INTERNAL_OPEN_ONLY through this flag instead
of overridding the oplock_request.
This removes a use of struct current_user and the vuid
The become_user() here is unnecessary, within the spoolss handling code we have
switched to the authenticated pipe user anyway.
Jerry, please check!
Since it's a function it just sets the local pointer to NULL and basically
is an equivalent to free().
It also claims it's being used for callbacks but isn't used that way
anywhere.
This patch is the second iteration of an inside-out conversion to cleanup
functions in charcnv.c returning size_t == -1 to indicate failure.
(This used to be commit 6b189dabc5)
Should map the created sd to printer jobs, not printer.
Jerry please test and I'll add to 3.2 if it passes. Thanks,
Jeremy.
(This used to be commit 0a1fe8d601)
the server when searching for a name for the location and comment fields can
take so much time the client times out. When searching for a name we don't
use these fields anyway, so add a function get_a_printer_search() which
doesn't contact the CUPS server.
Jeremy.
(This used to be commit 92d9f20852)
one horror (pstring_clean_name()) which will have to
remain until I've removed all pstrings from the client code.
Jeremy.
(This used to be commit 1ea3ac8014)
The point is doing the following associations:
- non discardable state data (all TDB files that may need to be backed
up) go to statedir
- shared data (codepage stuff) go to codepagedir
The patch *does not change* the default location for these
directories. So, there is no behaviour change when applying it.
The main change is for samba developers who have to think when dealing
with files that previously pertained to libdir whether they:
- go in statedir
- go in codepagedir
- stay in libdir
(This used to be commit d6cdbfd875)
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3c)
Why? It moves these structs from the data into the text segment, so they
will never been copy-on-write copied. Not much, but as in German you say
"Kleinvieh macht auch Mist...."
(This used to be commit 0141e64ad4)
the maxeln parameter instead of sizeof(target_area) - 1 (or even
sizeof(fstring) - 1 in some places.
I hope these were really all there were.
Michael
(This used to be commit 9a28be220d)
the main server code paths. We should now be able to cope with
paths up to PATH_MAX length now.
Final job will be to add the TALLOC_CTX * parameter to
unix_convert to make it explicit (for Volker).
Jeremy.
(This used to be commit 7f0db75fb0)
that contains some of the fields from the SMB header, removing the need
to access inbuf directly. This right now is used only in the open file
code & friends, and creating that header is only done when needed. This
needs more work, but it is a start.
Jeremy, I'm only checking this into 3_0, please review before I merge it
to _26.
Volker
(This used to be commit ca988f4e79)
Relax check for i386 header checks in the PE header of printer
driver files. Thus allowing uploading of x64 print drivers
from 64bit Windows clients.
(This used to be commit 328807ec7b)
when fetching a printer from ntprinters.tdb.
Slightly modified from original version submitted on
samba-technical ml by Andy Polyakov <appro@fy.chalmers.se>
(This used to be commit e859e1fdcd)
srvstr_get_path(inbuf, name, smb_buf(inbuf) + 1, sizeof(name), 0, STR_TERMINATE, &status);
if (!NT_STATUS_IS_OK(status)) {
return ERROR_NT(status);
}
RESOLVE_DFSPATH(name, conn, inbuf, outbuf);
status = unix_convert(conn, name, False, NULL, &sbuf);
if (!NT_STATUS_IS_OK(status)) {
return ERROR_NT(status);
}
status = check_name(conn, name);
if (!NT_STATUS_IS_OK(status)) {
return ERROR_NT(status);
}
Make sure that every access pattern (including the
wildcard generated paths from unlink, rename, and copy)
do the same. Tidy things up a bit....
Jeremy.
(This used to be commit b8327b21dd)
Fix escaping of DN components and filters around the code
Add some notes to commandline help messages about how to pass DNs
revert jra's "concistency" commit to nsswitch/winbindd_ads.c, as it was
incorrect.
The 2 functions use DNs in different ways.
- lookup_usergroups_member() uses the DN in a search filter,
and must use the filter escaping function to escape it
Escaping filters that include escaped DNs ("\," becomes "\5c,") is the
correct way to do it (tested against W2k3).
- lookup_usergroups_memberof() instead uses the DN ultimately as a base dn.
Both functions do NOT need any DN escaping function as DNs can't be reliably
escaped when in a string form, intead each single RDN value must be escaped
separately.
DNs coming from other ldap calls (like ads_get_dn()), do not need escaping as
they come already escaped on the wire and passed as is by the ldap libraries
DN filtering has been tested.
For example now it is possible to do something like:
'net ads add user joe#5' as now the '#' character is correctly escaped when
building the DN, previously such a call failed with Invalid DN Syntax.
Simo.
(This used to be commit 5b4838f62a)
the printer GUID as a REG_SZ as Vista seems to
whine about unknown REG_BINARY values.
Thanks to Martin Zielinski <mz@seh.de> for his excellent
analysis on this.
(This used to be commit fa5490b71b)
void message_register(int msg_type,
void (*fn)(int msg_type, struct process_id pid,
- void *buf, size_t len))
+ void *buf, size_t len,
+ void *private_data),
+ void *private_data)
{
struct dispatch_fns *dfn;
So this adds a (so far unused) private pointer that is passed from
message_register to the message handler. A prerequisite to implement a tiny
samba4-API compatible wrapper around our messaging system. That itself is
necessary for the Samba4 notify system.
Yes, I know, I could import the whole Samba4 messaging system, but I want to
do it step by step and I think getting notify in is more important in this
step.
Volker
(This used to be commit c8ae60ed65)
The only difference between the two trees now w.r.t file
serving are the changes to smbd/open.c in this branch I need
to review.
Jeremy.
(This used to be commit f4474edf6a)
close_file() to NTSTATUS as well.
I'm not sure I got all the error codes right, but as I've never come across a
smb_copy() call in all my Samba work, I'm leaving it at that. If I'm
absolutely bored, I will write a thorough torture test.
As far as I can see, Samba4 even does not have a libcli implementation for
it... :-)
Volker
(This used to be commit 5ebdf02ba1)
Compiled it on systems with and without LDAP, I hope it does not break the
build farm too badly. If it does, I'll fix it tomorrow.
Volker
(This used to be commit b2ff9680eb)
examining Klockwork #1519. get_printer_subkeys()
could return zero without initializing it's return
pointer arg. Fixed this. Added free of subkey pointer
return in registry/reg_printing.c (interesting that
neithe Coverity or Klocwork found this one).
Jeremy.
(This used to be commit 4fbeae1a3a)
The motivating factor is to not require more privileges for
the user account than Windows does when joining a domain.
The points of interest are
* net_ads_join() uses same rpc mechanisms as net_rpc_join()
* Enable CLDAP queries for filling in the majority of the
ADS_STRUCT->config information
* Remove ldap_initialized() from sam/idmap_ad.c and
libads/ldap.c
* Remove some unnecessary fields from ADS_STRUCT
* Manually set the dNSHostName and servicePrincipalName attribute
using the machine account after the join
Thanks to Guenther and Simo for the review.
Still to do:
* Fix the userAccountControl for DES only systems
* Set the userPrincipalName in order to support things like
'kinit -k' (although we might be able to just use the sAMAccountName
instead)
* Re-add support for pre-creating the machine account in
a specific OU
(This used to be commit 4c4ea7b20f)
realloc can return NULL in one of two cases - (1) the realloc failed,
(2) realloc succeeded but the new size requested was zero, in which
case this is identical to a free() call.
The error paths dealing with these two cases should be different,
but mostly weren't. Secondly the standard idiom for dealing with
realloc when you know the new size is non-zero is the following :
tmp = realloc(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
However, there were *many* *many* places in Samba where we were
using the old (broken) idiom of :
p = realloc(p, size)
if (!p) {
return error;
}
which will leak the memory pointed to by p on realloc fail.
This commit (hopefully) fixes all these cases by moving to
a standard idiom of :
p = SMB_REALLOC(p, size)
if (!p) {
return error;
}
Where if the realloc returns null due to the realloc failing
or size == 0 we *guarentee* that the storage pointed to by p
has been freed. This allows me to remove a lot of code that
was dealing with the standard (more verbose) method that required
a tmp pointer. This is almost always what you want. When a
realloc fails you never usually want the old memory, you
want to free it and get into your error processing asap.
For the 11 remaining cases where we really do need to keep the
old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR,
which can be used as follows :
tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the
pointer p, even on size == 0 or realloc fail. All this is
done by a hidden extra argument to Realloc(), BOOL free_old_on_error
which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR
macros (and their array counterparts).
It remains to be seen what this will do to our Coverity bug count :-).
Jeremy.
(This used to be commit 1d710d06a2)
code relied upon file permissions alone. Now we check that
the user is a printer administrator and that the share has not been
marked read only for that user.
(This used to be commit 117d9fd9e1)
by saving the UNIX token used to set a delete on close flag,
and using it when doing the delete. libsmbsharemodes.so still
needs updating to cope with this change.
Samba4 torture tests to follow.
Jeremy.
(This used to be commit 23f16cbc2e)
only tell at parse time from the wire if an incoming name
has wildcards or not. If it's a mangled name and we demangle
the demangled name may contain wildcard characters. Ensure
these are ignored.
Jeremy.
(This used to be commit 4cd8e2a96b)
