IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This avoids a full path traversal if /proc/self/fd is available.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Use the /proc/self/fd trick to make get_real_filename_fullscan_at look
a bit nicer and faster in strace. Direct SMB_VFS_OPENAT also is
cheaper in user space, we don't need the full fd_openat and
non_widelink_open magic here.
Also avoid opening ".", which can fail where a full path open would
succeed: If the directory in question does not give "x" perms to the
user, we get a handle on the dir as such but can't cd into it.
I haven't seen real-world cases of this, but one of our tests creates
such a scenario. I have further refactoring in my local tree that make
this patch necessary.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
So far fd_openat needed to be called with cwd_fsp and "." if you
wanted to open the share root, this enables using the absolute share
path. The next patch will remove sending the "." with cwd_fsp as a
simplification. Enable that with this little change.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Make it clear that non_widelink_open being called for absolute paths
is not done during regular operations, i.e. when we have passed our
pathnames through filename_convert_dirfsp and we work on a real
dirfsp.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
We can't deal with snapdir paths in non_widelink_open fully with
snapdirseverywhere active: There is no way for
shadow_copy2_parent_pathname() to work when a snapshot directory is
below the directory that we want to calculate the parent for. What is
the parent directory supposed to point at? I don't know.
For me the only way out is to accept that we should ignore what
happens behind shadow_copy2's path manipulation in core
smbd. This *might* open symlink races, but the whole point of
snapshots is that they are r/o copies of the real active file system
and as such they should be immune to those races.
Found while trying to refactor code around fd_openat()
P.S: This code will go away pretty soon
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
If we do the S_ISLNK check in the lower level, the if-condition is
simpler and we get the close_file_free() call for free.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This is always a bug, we should never do this. In one iteration of my
code I was doing this, which led to an invalid fallback code, which
itself lead to an infinite recursion. Make this more obvious with an
assert.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Nov 12 15:13:03 UTC 2024 on atb-devel-224
openat(-1, "relative path", ..) is invalid. I've tried to also tighten
this down to just relative paths (i.e. base_name[0] != '/'), but
non_widelink_open makes modifications further down that make this more
difficult.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
A valid tcon will have changed fsp_get_pathref_fd() to AT_FDCWD, -100
on Linux.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
The next patch will add another excluding condition, this change
keeps the if-condition that is changed here simple.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
vfs_GetWd depends upon a current tcon in fake_acls, otherwise it will
call openat with an invalid dirfd on a relative pathname.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
We have to undo the fsp allocation and open we've done. Not noticed,
it's probably highly unlikely OpenDir_fsp() fails.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Nov 12 13:26:10 UTC 2024 on atb-devel-224
Use reopen_from_fsp(), this will use the /proc/self/fd/<fd> trick if
available, no need to go through non_widelink_open
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This emulates openat, and trying to open a non-existing file should
result in ENOENT and not ENOATTR
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This function is pretty simple, this avoids a few calls to
map_errno_from_nt_status in the callers
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Inspired by Coverity finding CID 1609584 Overflowed constant -- not
sure it fixes it.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
netlogon_ping.c depends on it but itself has fewer dependencies than
cldap.c, so we can use it in more places
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Both callers now guarantee via the filter in netlogon_pings() that the
reply contains DCs that have the required flags set. Remove those
checks from ads_fill_cldap_reply()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
... down to netlogon_pings(). Passing 0 right now, this will change
for some callers
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Use parallel requests and req_flags filtering provided by
netlogon_pings()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This also makes sure we've got a KDC via DS_KDC_REQUIRED
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This already requests the flags that ads_fill_cldap_reply() will later
check for, so netlogon_pings will only feed sufficient DCs into
ads_fill_cldap_reply.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This encapsulates our logic that we send CLDAP requests on UDP/389,
sending them with 100msec timeouts until someone replies. It also
contains the code to do this over LDAP/389 or LDAPS/636.
It also contains code to filter for domain controller flags like
DS_ONLY_LDAP_NEEDED, this logic exists in several places right now.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This was not used consistently across all of our code base, and I
don't see a reason why this should ever not be port 389.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
struct netlogon_samlogon_response has subpointers, this patch enables
a proper talloc hierarchy.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
The caller setting up a tldap connection is aware of whether to use
starttls, which is one single ldap extended operation before the tls
crypto starts. There is no complex logic behind this that is
worthwhile to be hidden behind a flag and an API. If there was more to
it than just a simple call to tldap_extended(), I would all be for
passing down that flag, but for this case I would argue the logic
after this patch is simpler.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Soon we will have a tldap user which does not want to verify the
certs. Instead of passing another boolean down, hand in pre-created
tstream_tls_params.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Move all existing Directory Leases tests to this test suite and require
SMB2_CAP_DIRECTORY_LEASING.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
By default enabled on non-clustered Samba, disabled on clustered Samba, the
reason being the expected additional load caused by forcing strict rename to be
enabled.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
"deferred" will be used in the function by a later commit...
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This matches the notify_fname() argument name and the next commit is going to
add an "action" variable.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Will be used to trigger Directory Lease breaks from notify_fname().
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Checks for Directory Lease breaks on the parent directory of smb_fname. Gets a
sharemode lock on the locking.tdb record of the directory, hence it mustn't be
called if the caller still has another sharmode lock.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
notify_fname() for NOTIFY_ACTION_DIRLEASE_BREAK will soon need the lease of the
current open and to implement "MS-FSA 2.1.4.12 Algorithm to Check for an Oplock
Break" with flags=PARENT_OBJECT.
No change in behaviour for now, all callers pass lease=NULL;
Also change path arg to struct smb_filename.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This will be a common pattern in the upcoming code dealing with Directory Lease
breaks: when checking for Directory Lease breaks on the parent directory, we
take the sharemode lock on the parent and hence by then must have dropped the
sharemode lock on the object that performs the Directory Lease break check. That
functionality will be later added to notify_fname().
This means the notification will be sent a wee bit later, but that's something
the change notification protocol has to live with anyway.
For Directory Leases the sequence to check for Directory Lease breaks is to call
MS-FSA 2.1.4.12 "Algorithm to Check for an Oplock Break" with
flags=PARENT_OBJECT at the end of each relevant operation, eg creating a file
asf, when processing of the operation that will call 2.1.4.12 is already
completed.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Check for open files recursively when renaming a directory and wait for handle
lease breaks.
As delay_for_handle_lease_break_send() does the same check as
have_file_open_below(), remove have_file_open_below() from can_rename() so it is
not called twice for SMB2 renames, and add calls to have_file_open_below() to the
SMB1 entry rename entry points.
This is a bit ugly, but I don't see any other good way of doing this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15608
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Let have_file_open_below() be the single function to check if
"have_file_open_below" and let it check internally whether to just search the
fsp list in the process or traversing locking.tdb based on the setting of
"strict rename".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15608
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
In the future not all callers will have a share_mode_lock around.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15608
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
All existing callers use share_entry_forall_read, so no change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15608
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Gives the callback function more control about when of a locking.tdb
traverse is stopped. If the callback function returns:
0 => continue traverse
1 => stop loop over share_mode_entries, but continue share_mode_data traverse
-1 => stop whole share_mode_data traverse
All existing callers of share_entry_forall() either return 0 or -1 from their
callback functions, so no change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15608
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
All existing callers use share_mode_forall_read(), so no change in behaviour.
Note: doing the indirection via the function pointers "ro_fn" and "rw_fn" in a
single state "struct share_mode_forall_state" avoids duplicating
share_mode_forall_dump_fn() and share_mode_forall_fn() and has the benefit of
code sharing of these functions for both read-only and read-write cases.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15608
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Gives callers the option to modify data if needed. All existing
callers use g_lock_locks_read(), so no change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15608
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This ensures common cleanup code via
smbXsrv_connection_shutdown_send() ->
-> smbXsrv_session_disconnect_xconn()
-> smbXsrv_session_remove_channel()
-> smb2srv_session_shutdown_send()
is used if the last (only) connection goes away as well. In the future this
should be implemented for the
xconn->has_cluster_movable_ip
case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15608
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Add a version of delay_rename_for_lease_break() that is usable in other places
where we have to check for handle lease breaks. No change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15608
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
in_input_buffer just points into the smbd_smb2_request iovecs data which is
guarenteed to have the same lifetime as the deferred rename processing, no need
to make a copy.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15608
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
ce459ddbcd recently switched the readdir
implementation to use ceph_readdir_r(). Thus ceph_readdir() is
unnecessarily loaded which is no longer used.
https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: John Mulligan <jmulligan@redhat.com>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Sun Nov 3 11:07:23 UTC 2024 on atb-devel-224
Store the set of open O_XXX flags as part of the referenced file-handle
to allow more verbose debug-logging info upon close. This should ease
the developer's logging analysis where same inode is opened multiple
times but with different flags set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: John Mulligan <jmulligan@redhat.com>
Have more verbose and explicit values in various DBG_DEBUG logging. In
particular, do not use the redundant '__func__' argument as it's info is
already provided via the DBG_ logging macros.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: John Mulligan <jmulligan@redhat.com>
Add extra debug-logging to mount/umount flows, with more verbose info.
Try to make logging messages follow a 'key=value' format.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: John Mulligan <jmulligan@redhat.com>
Use boolean return value from cephmount_cache_add, to align code-style
with other caphmount helper functions. Returns false in case of memory
allocation failure, true otherwise (success).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: John Mulligan <jmulligan@redhat.com>
Use singed int32_t for cached mount-entries reference counting. Define
helper function for inc/dec ref-count which also provides proper
logging. Prefer boolean return-value for 'cephmount_cache_remove' as
'int' is often used as error indicator within the context of libcephfs
and this VFS module.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: John Mulligan <jmulligan@redhat.com>
Do not set 'errno' to ENOENT in cephmount_cache_update. Setting this
errno value upon newly inserted entry may cause vfs_ceph_connect to
change errno to non-zero value even though the final result is OK.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: John Mulligan <jmulligan@redhat.com>
Align code-style of 'cephmount_mount_fs' with rest of the code: use
'goto' for bail-out upon error case (with proper cleanups). For the
common case of successful operation complete execution and return final
value. Added extra debug-logging for good-path case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: John Mulligan <jmulligan@redhat.com>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15749
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Oct 31 14:02:39 UTC 2024 on atb-devel-224
This was missing in commit 628d7b6f2e.
We should not alter the name to '<UNKNOWN>'!
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
We must also break leases on other opens if the open of the rename doesn't have
a lease itself. The existing test test_lease_v2_rename() that was added
alongside the deferred rename server code didn't cover this case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15697
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Oct 31 12:47:24 UTC 2024 on atb-devel-224
For a compound related request chain of eg CREATE+NOTIFY+GETINFO, the NOTIFY
will typically go async. When this is noted in smbd_smb2_request_pending_queue()
the pending async tevent_req is cancelled which means we return
NT_STATUS_CANCELLED to the client while Windows returns
NT_STATUS_INTERNAL_ERROR.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15697
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This will be needed when we implement netr_ServerAuthenticateKerberos...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This will be needed when we implement netr_ServerAuthenticateKerberos...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
creds->sid will be removed soon...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This will make the following changes simpler...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
With SAMBA_WEAK_CRYPTO_DISALLOWED we will return DOWNGRADE_DETECTED with negotiate_flags = 0,
if AES was not negotiated...
And if AES was negotiated there's no harm in returning the ARCFOUR
flag...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This was missing from commit 6140c3177a and causes
all opens of directories to be handled as stat opens, bypassing the sharemode
check.
Not adding a test at this time, as my (hopefully) soon to be merged Directory
Leases branch has a test which actually detected this problem.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15732
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Oct 29 12:44:49 UTC 2024 on atb-devel-224
Essentially FSP_POSIX_FLAGS_OPEN implies FSP_POSIX_FLAGS_PATHNAMES, so we can
just remove FSP_POSIX_FLAGS_PATHNAMES and simplify things.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
This option of the vfs_fruit VFS module that could be used to enable POSIX
directory rename behaviour for OS X clients has been removed as it could result
in severe problems for Windows clients.
As a possible workaround it is possible to prevent creation of .DS_Store files
(a Finder thingy to store directory view settings) on network mounts by running
$ defaults write com.apple.desktopservices DSDontWriteNetworkStores true
on the Mac.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Prefer a safe version of ceph_readdir, where the directory entry struct
is allocated by the caller. Use a dynamic-allocated 'struct dirent'
which is associated with a directory vfs_ceph_fh (optional), which is
allocated on-the-fly upon start of READDIR and released at the end or
CLOSEDIR (or unlikely readdir error).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Fri Oct 25 10:29:44 UTC 2024 on atb-devel-224
