IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
If we can access the path to a file, by default we have FILE_READ_ATTRIBUTES
from the containing directory. See the section: "Algorithm to Check Access to an
Existing File" in MS-FSA.pdf.
So it's also safe to use a root opened pathref fd, as the root open is done on
the final component after a chdir() to the parent directory was done while still
impersonating the use. Qed.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
In all places where we access or modify a file or it's associated metadata, we
use fsp_get_io_fd() to fetch the low-level fd from the fsp. This ensures we
don't accidentally use a pathref fsp where the fd would be opened as root on
systems lacking O_PATH.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Most places take twrp from a local struct smb_filename variable that the
function is working on. Some don't for various reasons:
o synthetic_smb_fname_split() is only called in very few places where we don't
expect twrp paths
o implementations of SMB_VFS_GETWD(), SMB_VFS_FS_CAPABILITIES() and
SMB_VFS_REALPATH() return the systems view of cwd and realpath without twrp info
o VFS modules implementing previous-versions support (vfs_ceph_snapshots,
vfs_shadow_copy2, vfs_snapper) synthesize raw paths that are passed to VFS NEXT
functions and therefor do not use twrp
o vfs_fruit: macOS doesn't support VSS
o vfs_recycle: in recycle_create_dir() we need a raw OS path to create a directory
o vfs_virusfilter: a few places where we need raw OS paths
o vfs_xattr_tdb: needs a raw OS path for SMB_VFS_NEXT_STAT()
o printing and rpc server: don't support VSS
o vfs_default_durable_reconnect: no Durable Handles on VSS handles, this might
be enhances in the future. No idea if Windows supports this.
o get_real_filename_full_scan: hm.... FIXME??
o get_original_lcomp: working on a raw path
o msdfs: doesn't support VSS
o vfs_get_ntquota: synthesizes an smb_filename from ".", so doesn't support VSS
even though VFS modules implement it
o fd_open: conn_rootdir_fname is a raw path
o msg_file_was_renamed: obvious
o open_np_file: pipes don't support VSS
o Python bindings: get's a raw path from the caller
o set_conn_connectpath: raw path
o set_conn_connectpath: raw path
o torture: gets raw paths from the caller
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Mon Feb 3 21:53:05 UTC 2020 on sn-devel-184
Shorten the function a bit by directly returning the mapped value.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The set_gpfs_lease function first maps the lease argument to the GPFS
version and then issues the API call. Change this to only do the mapping
in the helper function.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Follow the current coding guidelines to first issue the function call
and then check the return code.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Remove trailing whitespace and put each argument on a seperate line.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The API call is already done as root user (become_root), so that the
lease contains the root user. The lease capability is already implied by
the root user, so the explicit call to linux_set_lease_capability is not
required.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
User newer debug macro and print full path to affected file.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 8 01:26:46 UTC 2020 on sn-devel-184
Any other error code from gpfs_set_share should never happen. Print a
error message in case this is ever encountered.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
GPFS file systems can be configured without support for share modes. As
this results in an unique error code, print a message explaining this
situation and the required config changes.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
As this denies access to a file, provide a better error message for
easier troubleshooting.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Follow the convention to return 0 on success and -1 when hitting an
error.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The gpfs_set_share API call has been around for a long time and
definitely all supported GPFS versions have it. Remove the check and
fallback for old versions without this API.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This avoids a redundant error message in case the call to acquire the
sharemode had failed before.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The fsp has a valid file descriptor when this function is called. No
need for the additional check.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The VFS flock function is called with a zero access_mask to indicate
that the share mode should be cleared. Adjust the check to directly
check the access_mask and provide a better message to indicate this
case.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The calling code already ensures that the file is open with a valid file
descriptor.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
MS-SMB2 and the smbd code refer to this field as share_access. Use the
same name in the function argument.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This implements two core changes:
* use NTTIME instead of struct timespec at the database layer
* use struct timespec { .tv_nsec = SAMBA_UTIME_OMIT } as special sentinel
value in smbd when processing timestamps
Using NTTIME at the database layer is only done to avoid storing the special
struct timespec sentinel values on disk. Instead, with NTTIME the sentinel value
for an "unset" timestamp is just 0 on-disk.
The NTTIME value of 0 gets translated by nt_time_to_full_timespec() to the
struct timespec sentinel value { .tv_nsec = SAMBA_UTIME_OMIT }.
The function is_omit_timespec() can be used to check this.
Beside nt_time_to_full_timespec(), there are various other new time conversion
functions with *full* in their name that can be used to safely convert between
different types with the changed sentinel value.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7771
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Make the code a bit easier to read by avoiding direct access to the
statex struct.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Tue Nov 19 22:44:53 UTC 2019 on sn-devel-184
MacOS SMB clients require that file ids are not quickly reused when
files are deleted and new files are created with the same name. Inode
numbers do not satisfy that requirement, as they will be quickly reused.
To address this problem, create a unique id from the available file
system specific metadata. As that id is larger than the available 64bit,
use a hash to generate a 64bit id for usage as fileid.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
This is no functional change, but allows to use additional metadata
later on.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
This is no functional change, but allows to use additional metadata
later on.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
This simplifies (and corrects) things in the VFS as there the caller is only
interested in whether a name is pointing to a real named stream most of the times.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
On directories with the "set group id" (SGID) bit is set, new files and
subfolders will be created with the group of the directory, and not with
the primary group of the user. Checking for free space in this case
should query the group quota for the gid of the directory.
This is the same change as the common smbd code, but since vfs_gpfs
still has its own check for available space and quotas, add it here as
well. A future goal would be to use the common free space check instead
of duplicating code in vfs_gpfs.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
This was in vfs_gpfs.c from day one, no idea why both "share_mode" and
"fsp->share_access" were used as if they were two different things.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
In GPFS, it is not possible to deny ACL or attribute access through a
SPECIAL_OWNER entry. The best that can be done is mapping this to a
named user entry, as this one can at least be stored in an ACL. The same
cannot be done for inheriting SPECIAL_OWNER entries, as these represent
CREATOR OWNER entries, and the limitation of not being able to deny
owner access to ACL or attributes remains.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This is not functional change. It cleans up the code a bit and makes
expanding this codepath in a later patch easier.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
