1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-26 10:04:02 +03:00

437 Commits

Author SHA1 Message Date
Andrew Bartlett
f768b32e37 libcli/security Provide a common, top level libcli/security/security.h
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.

This includes (along with other security headers) dom_sid.h and
security_token.h

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-12 05:54:10 +00:00
Jeremy Allison
f98d217514 Change to using TDB_INCOMPATIBLE_HASH (the jenkins hash) on all
TDB_CLEAR_IF_FIRST tdb's. For tdb's like gencache where we open
without CLEAR_IF_FIRST and then with CLEAR_IF_FIRST if corrupt
this is still safe to use as if opening an existing tdb the new
hash will be ignored - it's only used on creating a new tdb not
opening an old one.

Jeremy.
2010-09-27 17:18:54 -07:00
Günther Deschner
7a05ca2c9c s3-build: use dbwrap.h only where needed.
Guenther
2010-08-26 00:25:55 +02:00
Volker Lendecke
c9b654f581 s3: Remove smbd_messaging_context() from send_stat_cache_delete_message() 2010-08-07 13:16:48 +02:00
Volker Lendecke
390c3ffc2a s3: Remove procid_self() from brl_close_fnum() 2010-07-05 11:06:31 +02:00
Volker Lendecke
e168b85f00 s3: Remove procid_self() from fill_deferred_open_entry() 2010-07-05 11:06:31 +02:00
Volker Lendecke
aa217afc46 s3: Remove procid_self() from do_lock_cancel() 2010-07-05 11:06:31 +02:00
Volker Lendecke
1af668df02 s3: Remove procid_self() from do_unlock() 2010-07-05 11:06:31 +02:00
Volker Lendecke
471a47a1de s3: Remove procid_self() from do_lock() 2010-07-05 11:06:31 +02:00
Volker Lendecke
b485c1917f s3: Remove procid_self() from query_lock() 2010-07-05 11:06:30 +02:00
Volker Lendecke
50db5cb0df s3: Remove procid_self() from fill_share_mode_entry() 2010-07-05 11:06:26 +02:00
Volker Lendecke
b903297878 s3: Remove procid_self() from init_strict_lock_struct() 2010-07-05 11:06:26 +02:00
Jeremy Allison
adf4833792 This patch looks bigger than it is. It does 2 things. 1). Renames smbpid -> smblctx in our locking code. 2). Widens smblctx to 64-bits internally. Preparing to use the SMB2 handle as the locking context.
Jeremy.
2010-05-07 06:20:50 -07:00
Jeremy Allison
4ad1943d29 Make us pass all SMB2 lock tests except MULTIPLE-UNLOCK and CONTEXT. Them next :-).
Jeremy.
2010-05-07 01:20:26 -07:00
Jeremy Allison
516f7c571e Fix SMB2 lock tests up to cancel-by-close.
Jeremy.
2010-05-06 09:07:49 -07:00
Jeremy Allison
d58b795587 Move to MS-FSA algorithm when checking for invalid lock range.
Satisfies SMB and SMB2.

Jeremy.
2010-05-05 15:57:57 -07:00
Günther Deschner
c6ebab846d s3: only include gen_ndr headers where needed.
This shrinks include/includes.h.gch by the size of 7 MB and reduces build time
as follows:

ccache build w/o patch
real    4m21.529s
ccache build with patch
real    3m6.402s

pch build w/o patch
real    4m26.318s
pch build with patch
real    3m6.932s

Guenther
2010-05-06 00:22:59 +02:00
Simo Sorce
dffeb12f3d smbd: move printfile_offset() within write_file() 2010-04-30 11:52:39 -07:00
Jeremy Allison
7984243768 Move to using 64-bit mid values in our internal open file database.
This will allow us to share logic much easier between SMB1 and SMB2
servers.

Jeremy
2010-04-12 21:40:28 -07:00
Jeremy Allison
1332ce52b7 We don't need to treat the token differently in the conn->admin_user case, it should already be pointing to a token with uid == 0.
Jeremy.
2010-03-15 14:49:00 -07:00
Jeremy Allison
4b85a0ea7f Rever e80ceb1d7355c8c46a2ed90d5721cf367640f4e8 "Remove more uses of "extern struct current_user current_user;"."
As requested by Volker, split this into smaller commits.

Jeremy.
2010-03-15 14:48:54 -07:00
Jeremy Allison
e80ceb1d73 Remove more uses of "extern struct current_user current_user;".
Use accessor functions to get to this value. Tidies up much of
the user context code. Volker, please look at the changes in smbd/uid.c
to familiarize yourself with these changes as I think they make the
logic in there cleaner.

Cause smbd/posix_acls.c code to look at current user context, not
stored context on the conn struct - allows correct use of these
function calls under a become_root()/unbecome_root() pair.

Jeremy.
2010-03-12 13:56:51 -08:00
Volker Lendecke
89c785c47a s3: Fix a long-standing problem with recycled PIDs
When a samba server process dies hard, it has no chance to clean up its entries
in locking.tdb, brlock.tdb, connections.tdb and sessionid.tdb.

For locking.tdb and brlock.tdb Samba is robust by checking every time we read
an entry from the database if the corresponding process still exists. If it
does not exist anymore, the entry is deleted. This is not 100% failsafe though:
On systems with a limited PID space there is a non-zero chance that between the
smbd's death and the fresh access, the PID is recycled by another long-running
process. This renders all files that had been locked by the killed smbd
potentially unusable until the new process also dies.

This patch is supposed to fix the problem the following way: Every process ID
in every database is augmented by a random 64-bit number that is stored in a
serverid.tdb. Whenever we need to check if a process still exists we know its
PID and the 64-bit number. We look up the PID in serverid.tdb and compare the
64-bit number. If it's the same, the process still is a valid smbd holding the
lock. If it is different, a new smbd has taken over.

I believe this is safe against an smbd that has died hard and the PID has been
taken over by a non-samba process. This process would not have registered
itself with a fresh 64-bit number in serverid.tdb, so the old one still exists
in serverid.tdb. We protect against this case by the parent smbd taking care of
deregistering PIDs from serverid.tdb and the fact that serverid.tdb is
CLEAR_IF_FIRST.

CLEAR_IF_FIRST does not work in a cluster, so the automatic cleanup does not
work when all smbds are restarted. For this, "net serverid wipe" has to be run
before smbd starts up. As a convenience, "net serverid wipedbs" also cleans up
sessionid.tdb and connections.tdb.

While there, this also cleans up overloading connections.tdb with all the
process entries just for messaging_send_all().

Volker
2010-03-10 16:07:10 +01:00
Andrew Tridgell
93a3359729 s3-locking: convert brlock to TYPESAFE_QSORT() 2010-02-14 18:44:21 +11:00
Andrew Tridgell
4689826e39 s3-locking: update to use DLIST_ADD_AFTER()
(cherry picked from commit 6c6df527e14514027cbcaa6deac25adf04363926)
2010-02-10 15:40:44 -08:00
Jeremy Allison
47c1d9b39f Fix bug #6876 - Delete of an object whose parent folder does not have delete rights fails even if the delete right is set on the object.
Final fix for the vfs_acl_xattr and vfs_acl_tdb code.
Ensure we can delete a file even if the underlying POSIX
permissions don't allow it, if the Windows permissions do.

Jeremy.
2010-01-12 16:04:44 -08:00
Jeremy Allison
32915ceefc Make Samba3 pass the RAW-LOCK test as Windows.
Implement the win7 NT_STATUS_INVALID_LOCK_RANGE.
Make smbd behave as Windows does in canceling locks.

Jeremy.
2009-12-04 14:04:08 -08:00
Jeremy Allison
dfcc4115dd Remove unneeded argument from can_set_delete_on_close(). Ensure
can_set_delete_on_close() is correctly called before any setting
of the disposition bit (clean up the do_unlink() call).
Jeremy.
2009-12-02 18:06:40 -08:00
Volker Lendecke
91ccaa87da s3: Remove a pointless memset
We are assigning the complete structure now (we used to assign individual
fields), so this is obsolete.
2009-11-21 11:57:07 +01:00
Volker Lendecke
f0a933d140 s3: Cache brlock.tdb entries for the fast read&write strict locking code path
For a netbench run this gains around 2% user-space CPU, fetching a 100MB file
takes around 4% less.
2009-11-21 11:40:13 +01:00
Volker Lendecke
b067a5e4e8 s3: Remove debug_ctx()
smbd just crashed on me: In a debug message I called a routine preparing a
string that itself used debug_ctx. The outer routine also used it after the
inner routine had returned. It was still referencing the talloc context
that the outer debug_ctx() had given us, which the inner DEBUG had already
freed.
2009-11-03 11:30:00 +01:00
Jeremy Allison
3fa1d7332c Fix bug 6776 - Running overlapping Byte Lock test will core dump Samba daemon.
Re-write core of POSIX locking logic.
Jeremy.
2009-10-05 10:27:48 -07:00
Volker Lendecke
99f8dcab0c s3:smbd: Add the ntstatus to the smb_panic in share_mode_lock_destructor
This might help finding why bug 6518 happens
2009-09-07 01:28:32 +02:00
Volker Lendecke
033185e2a1 Make the smbd VFS typesafe 2009-07-24 11:42:05 -04:00
Tim Prouty
5a8d70d465 s3: Change fsp->fsp_name to be an smb_filename struct! 2009-07-20 17:26:56 -07:00
Tim Prouty
3a7d372e2e s3: Change the share_mode_lock struct to store a base_name and stream_name 2009-07-08 21:36:04 -07:00
Tim Prouty
83e5ac5695 s3: Make some arguments to (parse|unparse)_share_modes() const 2009-07-08 21:36:04 -07:00
Tim Prouty
0d9b204882 s3: Remove unnecessary const qualifiers 2009-07-07 18:02:53 -07:00
Tim Prouty
18a27a8df2 s3 sticky write time: Removed unused args and tighten up a function by making an arg const 2009-07-06 15:38:41 -07:00
Volker Lendecke
ed88ff18dd Fix Coverity ID 897: REVERSE_INULL 2009-05-06 12:01:30 +02:00
Volker Lendecke
b63cd72ae4 Use procid_str in debug messages for better cluster-debuggability 2009-04-03 12:19:20 +02:00
Volker Lendecke
c164c0c20a Fix a scary "fill_share_mode_lock failed" message
To me "fill_share_mode_lock failed" is a "can't happen" alert. There is
however a perfectly valid case in get_file_infos() when the file is not open.

Change the corresponding debug message to level 10 and explain more.
2009-03-26 12:30:44 +01:00
Dave Richards
1fcc11ff25 s3: Add strict lock/unlock calls to the vfs layer to replace is_locked 2009-03-13 14:16:55 -07:00
Jeremy Allison
0d9f4a2886 Last part of fix for #6154 - zfs does not honor admin users.
Jeremy.
2009-03-05 15:18:18 -08:00
Zack Kirsch
a04bb5f9a2 s3 BRL: Add more clarifying comments and add implied logic to make conditional more clear 2009-02-20 16:42:50 -08:00
Tim Prouty
e4675ce8db s3: Add extid to the dev/inode pair
This extends the file_id struct to add an additional generic uint64_t
field: extid.  For backwards compatibility with dev/inodes stored in
xattr_tdbs and acl_tdbs, the ext id is ignored for these databases.
This patch should cause no functional change on systems that don't use
SMB_VFS_FILE_ID_CREATE to set the extid.

Existing code that uses the smb_share_mode library will need to be
updated to be compatibile with the new extid.
2009-02-19 20:58:26 -08:00
Zack Kirsch
ca87726f81 s3: Fix uninitialized variable warning (and bug). 2009-02-13 15:59:39 -08:00
Zack Kirsch
813273c87e Add VFS ops for Windows BRL: Lock, Unlock and Cancel:
This patch adds 3 new VFS OPs for Windows byte range locking: BRL_LOCK_WINDOWS,
BRL_UNLOCK_WINDOWS and BRL_CANCEL_WINDOWS. Specifically:

* I renamed brl_lock_windows, brl_unlock_windows and brl_lock_cancel to
  *_default as the default implementations of the VFS ops.
* The blocking_lock_record (BLR) is now passed into the brl_lock_windows and
  brl_cancel_windows paths. The Onefs implementation uses it - future
  implementations may find it useful too.
* Created brl_lock_cancel to do what brl_lock/brl_unlock do: set up a
  lock_struct and call either the Posix or Windows lock function. These happen
  to be the same for the default implementation.
* Added helper functions: increment_current_lock_count() and
  decrement_current_lock_count().
* Minor spelling correction in brl_timeout_fn: brl -> blr.
* Changed blocking_lock_cancel() to return the BLR that it has cancelled. This
  allows us to assert its the lock that we wanted to cancel. If this assert ever
  fires, this path will need to take in the BLR to cancel, rather than choosing
  on its own.
* Adds a small helper function: find_blocking_lock_record_by_id(). Used by the
  OneFS implementation, but could be useful for others.
2009-02-13 10:08:40 -08:00
Volker Lendecke
77e3272092 Fix an uninitialized variable. Tim, please check! 2009-02-10 18:29:34 +01:00
Tim Prouty
c6f1f055fd s3 oplocks: Make the level2 oplock contention API more granular
This replaces release_level2_oplocks_on_change with
contend_level2_oplock_begin/end in order to contend level2 oplocks
throughout an operation rather than just at the begining.  This is
necessary for some kernel oplock implementations, and also lays the
groundwork for better correctness in Samba's standard level2 oplock
handling.  The next step for non-kernel oplocks is to add additional
state to the share mode lock struct that prevents any new opens from
granting oplocks while a contending operation is in progress.

All operations that contend level 2 oplocks are now correctly spanned
except for aio and synchronous writes.  The two write paths both have
non-trivial error paths that need extra care to get right.

RAW-OPLOCK and the rest of 'make test' are still passing with this
change.
2009-02-09 23:47:45 -08:00