IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Apr 2 16:39:01 CEST 2015 on sn-devel-104
If a vfs module has no ACL callbacks, smbd will use its default ACL
callbacks. These default ACL callbacks operate on local filesytem,
it's clearly wrong for ceph case.
libcephfs does not support ACL yet, so this patch adds ACL callbacks
that do nothing.
Signed-off-by: Yan, Zheng <zyan@redhat.com>
Reviewed-by: Ira Cooper <ira@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
libcephfs version 0.94 adds 'file descriptor' version xattr functions.
This patch makes corresponding samba VFS callbacks use these new
functions.
Signed-off-by: Yan, Zheng <zyan@redhat.com>
Reviewed-by: Ira Cooper <ira@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Apr 1 15:36:03 CEST 2015 on sn-devel-104
CID 1291643: Resource leak: leaked_handle: Handle
variable lock_fd going out of scope leaks the handle.
Fix: on failure case release handle variable lock_fd
Signed-off-by: Rajesh Joseph <rjoseph@redhat.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
If we set 'winbind use default domain' and specify 'force user = user'
without a domain name we fail to log in. In this case we need to try a
lookup with the domain name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11185
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 31 21:17:23 CEST 2015 on sn-devel-104
With FSRVP server support now present along with suitable mock-up test
infrastructure, run the FSRVP test suite against s3fs.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Define a share that uses both vfs_shell_snap and fake_snap.pl to create,
delete and expose fake snapshots in response to FSRVP requests.
Additionally test snapshot enumeration and access via the shadow_copy2
module.
Allow for simple testing of FSRVP message sequence timeouts, by
specifying an artificially small interval.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Document usage of the shell_snap VFS module, explaining when and how
each of the shell script commands are called.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The shell_snap VFS module plumbs into the snapshot (aka shadow-copy)
management paths used by Samba's File Server Remote VSS Protocol (FSRVP)
server.
The following shell callouts may be configured in smb.conf:
shell_snap: check path command
- Called when an FSRVP client wishes to check whether a given
share supports snapshot create/delete requests.
- The command is called with a single <share path> argument.
- The command must return 0 if <share path> is capable of being
snapshotted.
shell_snap: create command
- Called when an FSRVP client wishes to create a snapshot.
- The command is called with a single <share path> argument.
- The command must return 0 status if the snapshot was
successfully taken.
- The command must output the path of the newly created snapshot
to stdout.
shell_snap: delete command
- Called when an FSRVP client wishes to delete a snapshot.
- The command is called with <base share path> and
<snapshot share path> arguments.
- The command must return 0 status if the snapshot was
successfully removed.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This extends the vfs_btrfs man page to also cover FSRVP remote snapshot
behaviour and configuration.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This extends the vfs_snapper man page to also cover FSRVP remote
snapshot behaviour and configuration.
The permissions section is also extended to describe specific Samba and
Snapper requirements for remote snapshot creation and deletion using
DiskShadow.exe.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This change adds smb.conf documentation for the "fss: prune stale" and
"fss: sequence timeout" parameters accepted by Samba's FSRVP server.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This patch implements some simple FSRVP server housekeeping. On startup
the server scans the cached entries, any entries where the underlying
system paths associated with shadow copies no longer exist are removed
from the cache and from the registry.
This behaviour is disabled by default, but can be enabled via the new
"fss: prune stale" smb.conf parameter.
Signed-off-by: Noel Power <noel.power@suse.com>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The Samba fss_agent RPC server is an implementation of the File Server
Remote VSS (Volume Shadow Copy Service) Protocol, or FSRVP for short.
FSRVP is new with Windows Server 2012, and allows authenticated clients
to remotely request the creation, exposure and deletion of share
snapshots.
The fss_agent RPC server processes requests on the FssAgentRpc named
pipe, and dispatches relevant snapshot creation and deletion requests
through to the VFS.
The registry smb.conf back-end is used to expose snapshot shares, with
configuration parameters and share ACLs cloned from the base share.
There are three FSRVP client implementations that I'm aware of:
- Samba rpcclient includes fss_X commands.
- Windows Server 2012 includes diskshadow.exe.
- System Center 2012.
FSRVP operations are only processed for users with:
- Built-in Administrators group membership, or
- Built-in Backup Operators group membership, or
- Backup Operator privileges, or
- Security token matches the initial process UID
MS-FSRVP specifies that server state should be stored persistently
during operation and retrieved on startup. Use the existing fss_srv.tdb
FSRVP state storage back-end to satisfy this requirement.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Extend vfs_snapper to support the new remote snapshot creation and
deletion hooks added for FSRVP.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The "btrfs: manipulate snapshots" smb.conf parameter is disabled by
default, to encourage use of, and pass requests through to, the
vfs_snapper module.
When enabled, issue BTRFS_IOC_SNAP_CREATE_V2 and BTRFS_IOC_SNAP_DESTROY
ioctls accordingly. The ioctls are issued as root, so rely on permission
checks in the calling FSRVP server process.
Base share paths must exist as btrfs subvolumes in order to
be supported for snapshot operations.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
These functions are provided by libgen.h, and conform to POSIX.1-2001.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This change adds three new VFS hooks covering snapshot manipulation:
- snap_check_path
Check whether a path supports snapshots.
- snap_create
Request the creation of a snapshot of the provided path.
- snap_delete
Request the deletion of a snapshot.
These VFS call-outs will be used in future by Samba's File Server Remote
VSS Protocol (FSRVP) server.
MS-FSVRP states:
At any given time, Windows servers allow only one shadow copy set to
be going through the creation process.
Therefore, only provide synchronous hooks for now, which can be
converted to asynchronous _send/_recv functions when the corresponding
DCE/RPC server infrastructure is in place.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Test the storage and retrieval of FSRVP server state, with varying
shadow-copy set, shadow copy and share map hierarchies.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
MS-FSRVP specifies:
the server MUST persist all state information into an implementation-
specific configuration store.
This change adds a fss_srv TDB database to preserve FSRVP server state,
with the following keys used to track shadow copy state and hierarchy:
- sc_set/<shadow copy set GUID>
A shadow copy set tracks a collection of zero or more shadow copies,
as initiated by a StartShadowCopySet FSRVP client request.
- sc_set/<shadow copy set GUID>/sc/<shadow copy GUID>
A shadow copy defines information about a snapshot base volume, the
snapshot path, and a collection of share maps. It is initiated by an
AddToShadowCopySet client request.
- sc_set/<shadow copy set GUID>/sc/<shadow copy GUID>/smap/<smap GUID>
A share map tracks new shares that are created to expose shadow
copies.
All structures are marshalled into on-disk format using the previously
added fsrvp_state IDL library.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
FSRVP server state must be retained persistently. This change adds IDL
definitions for the share map, shadow-copy and shadow-copy set types,
which will be used for marshalling and unmarshalling state alongside
database storage or retrieval.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Fixes bug #11165 - Bug in configure scripts when system-mitkrb5 is used
https://bugzilla.samba.org/show_bug.cgi?id=11165
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue Mar 31 04:32:52 CEST 2015 on sn-devel-104
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 31 01:56:02 CEST 2015 on sn-devel-104
Windows uses a username of 'domain.example.com.' and we need to return it that
way in the NETLOGON_SAM_LOGON_RESPONSE_EX.
See e6e2ec0001fe3c010445e26cc0efddbc1f73416b for further details.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Mar 30 16:18:04 CEST 2015 on sn-devel-104
Only change currently: the CHECK_WSTR calls report the line
number of this function now instead of the handed in
line of the callers. This could be fixed by turning this
function into a macro...
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
The original CHECK_WSTR() macro was not setting torture failure,
leading to errors instead of propoer failures.
The original CHECK_WSTR2() macro was exactly like the CHECK_WSTR
macro but using propoer torture_result() calls.
This patch removes the original CHECK_WSTR(), renames CHECK_WSTR2
to CHECK_WSTR and adapts the callers, hence removing the source
of many potential missing torture_assert messages.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
This macro is not setting torture failure, leading to errors instead
of failures. Use torture_assert_ntstatus_(ok|equal)* macros.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
This macro is not setting torture failure, leading to errors instead
of failures. Use torture_assert_ntstatus_(ok|equal)* macros.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Instead of having every 2nd byte as '\0' in the utf16 password,
because the utf8 form is based on an ascii subset, we convert
the random buffer from CH_UTF16MUNGED to CH_UTF8.
This way we have a random but valid utf8 string,
which is almost like what Windows is doing.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
We should maintain current and previous passwords on both sides of the trust,
which mean we need to pass our view of the new version to the remote DC.
This avoid problems with replication delays and make sure the kvno
for cross-realm tickets is in sync.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Using pdb_get_trust_credentials() works for all kind of trusts
and gives us much more details regarding the credentials.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
SEC_CHAN_DNS_DOMAIN trusts use longer passwords, Windows uses 240 UTF16 bytes.
Some trustAttribute flags may also make impact on the length on Windows,
but we could be better if we know that the remote domain is an AD domain.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
The number of current and previous elements need to match and we have to
fill TRUST_AUTH_TYPE_NONE if needed.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
The number of current and previous elements need to match and we have to
fill TRUST_AUTH_TYPE_NONE if needed.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
