8 files changed, 208 insertions, 78 deletions

diff --git a/source3/smbd/connection.c b/source3/smbd/connection.c
index 016c8adb1b..d7063c9989 100644
--- a/source3/smbd/connection.c
+++ b/source3/smbd/connection.c
@@ -118,6 +118,15 @@ int count_current_connections( const char *sharename, bool clear  )
 }
 
 /****************************************************************************
+ Count the number of connections open across all shares.
+****************************************************************************/
+
+int count_all_current_connections(void)
+{
+        return count_current_connections(NULL, True /* clear stale entries */);
+}
+
+/****************************************************************************
  Claim an entry in the connections database.
 ****************************************************************************/
 
diff --git a/source3/smbd/dmapi.c b/source3/smbd/dmapi.c
index 05e9138ea9..620baf199e 100644
--- a/source3/smbd/dmapi.c
+++ b/source3/smbd/dmapi.c
@@ -46,7 +46,7 @@ bool dmapi_have_session(void) { return False; }
 #define DMAPI_SESSION_NAME "samba"
 #define DMAPI_TRACE 10
 
-static dm_sessid_t dmapi_session = DM_NO_SESSION;
+static dm_sessid_t samba_dmapi_session = DM_NO_SESSION;
 
 /* Initialise the DMAPI interface. Make sure that we only end up initialising
  * once per process to avoid resource leaks across different DMAPI
@@ -75,7 +75,7 @@ static int init_dmapi_service(void)
 
 bool dmapi_have_session(void)
 {
-	return dmapi_session != DM_NO_SESSION;
+	return samba_dmapi_session != DM_NO_SESSION;
 }
 
 static dm_sessid_t *realloc_session_list(dm_sessid_t * sessions, int count)
@@ -110,7 +110,7 @@ int dmapi_init_session(void)
 	 */
 	SMB_WARN(getuid() == 0, "dmapi_init_session must be called as root");
 
-	dmapi_session = DM_NO_SESSION;
+	samba_dmapi_session = DM_NO_SESSION;
 	if (init_dmapi_service() < 0) {
 		return -1;
 	}
@@ -139,7 +139,7 @@ retry:
 		err = dm_query_session(sessions[i], sizeof(buf), buf, &buflen);
 		buf[sizeof(buf) - 1] = '\0';
 		if (err == 0 && strcmp(DMAPI_SESSION_NAME, buf) == 0) {
-			dmapi_session = sessions[i];
+			samba_dmapi_session = sessions[i];
 			DEBUGADD(DMAPI_TRACE,
 				("attached to existing DMAPI session "
 				 "named '%s'\n", buf));
@@ -150,16 +150,15 @@ retry:
 	TALLOC_FREE(sessions);
 
 	/* No session already defined. */
-	if (dmapi_session == DM_NO_SESSION) {
-		err = dm_create_session(DM_NO_SESSION,
-					CONST_DISCARD(char *,
-						      DMAPI_SESSION_NAME),
-					&dmapi_session);
+	if (samba_dmapi_session == DM_NO_SESSION) {
+		err = dm_create_session(DM_NO_SESSION, 
+					CONST_DISCARD(char *, DMAPI_SESSION_NAME),
+					&samba_dmapi_session);
 		if (err < 0) {
 			DEBUGADD(DMAPI_TRACE,
 				("failed to create new DMAPI session: %s\n",
 				strerror(errno)));
-			dmapi_session = DM_NO_SESSION;
+			samba_dmapi_session = DM_NO_SESSION;
 			return -1;
 		}
 
@@ -185,22 +184,22 @@ static int reattach_dmapi_session(void)
 	char	buf[DM_SESSION_INFO_LEN];
 	size_t	buflen;
 
-	if (dmapi_session != DM_NO_SESSION ) {
+	if (samba_dmapi_session != DM_NO_SESSION ) {
 		become_root();
 
 		/* NOTE: On Linux, this call opens /dev/dmapi, costing us a
 		 * file descriptor. Ideally, we would close this when we fork.
 		 */
 		if (init_dmapi_service() < 0) {
-			dmapi_session = DM_NO_SESSION;
+			samba_dmapi_session = DM_NO_SESSION;
 			unbecome_root();
 			return -1;
 		}
 
-		if (dm_query_session(dmapi_session, sizeof(buf),
+		if (dm_query_session(samba_dmapi_session, sizeof(buf),
 			    buf, &buflen) < 0) {
 			/* Session is stale. Disable DMAPI. */
-			dmapi_session = DM_NO_SESSION;
+			samba_dmapi_session = DM_NO_SESSION;
 			unbecome_root();
 			return -1;
 		}
@@ -214,33 +213,42 @@ static int reattach_dmapi_session(void)
 	return 0;
 }
 
-uint32 dmapi_file_flags(const char * const path)
+/* If a DMAPI session has been initialised, then we need to make sure
+ * we are attached to it and have the correct privileges. This is
+ * necessary to be able to do DMAPI operations across a fork(2). If
+ * it fails, there is no likelihood of that failure being transient.
+ *
+ * Note that this use of the static attached flag relies on the fact
+ * that dmapi_file_flags() is never called prior to forking the
+ * per-client server process.
+ */
+const void * dmapi_get_current_session(void) 
 {
 	static int attached = 0;
+	if (dmapi_have_session() && !attached) {
+		attached++;
+		if (reattach_dmapi_session() < 0) {
+			return DM_NO_SESSION;
+		}
+	}
+	return &samba_dmapi_session;
+}
 
+uint32 dmapi_file_flags(const char * const path)
+{
+	dm_sessid_t dmapi_session;
 	int		err;
 	dm_eventset_t   events = {0};
 	uint		nevents;
 
-	void	*dm_handle;
-	size_t	dm_handle_len;
+	void	*dm_handle = NULL;
+	size_t	dm_handle_len = 0;
 
 	uint32	flags = 0;
 
-	/* If a DMAPI session has been initialised, then we need to make sure
-	 * we are attached to it and have the correct privileges. This is
-	 * necessary to be able to do DMAPI operations across a fork(2). If
-	 * it fails, there is no liklihood of that failure being transient.
-	 *
-	 * Note that this use of the static attached flag relies on the fact
-	 * that dmapi_file_flags() is never called prior to forking the
-	 * per-client server process.
-	 */
-	if (dmapi_have_session() && !attached) {
-		attached++;
-		if (reattach_dmapi_session() < 0) {
-			return 0;
-		}
+	dmapi_session = *(dm_sessid_t*) dmapi_get_current_session();
+	if (dmapi_session == DM_NO_SESSION) {
+		return 0;
 	}
 
 	/* AIX has DMAPI but no POSIX capablities support. In this case,
@@ -313,4 +321,5 @@ done:
 	return flags;
 }
 
+
 #endif /* USE_DMAPI */
diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c
index d3813f9b41..2021621dfa 100644
--- a/source3/smbd/dosmode.c
+++ b/source3/smbd/dosmode.c
@@ -31,23 +31,6 @@ static int set_sparse_flag(const SMB_STRUCT_STAT * const sbuf)
 }
 
 /****************************************************************************
- Work out whether this file is offline
-****************************************************************************/
-
-static uint32 set_offline_flag(connection_struct *conn, const char *const path)
-{
-	if (ISDOT(path) || ISDOTDOT(path)) {
-		return 0;
-	}
-
-	if (!lp_dmapi_support(SNUM(conn)) || !dmapi_have_session()) {
-		return 0;
-	}
-
-	return dmapi_file_flags(path);
-}
-
-/****************************************************************************
  Change a dos mode to a unix mode.
     Base permission for files:
          if creating file and inheriting (i.e. parent_dir != NULL)
@@ -366,6 +349,8 @@ uint32 dos_mode_msdfs(connection_struct *conn, const char *path,SMB_STRUCT_STAT
 uint32 dos_mode(connection_struct *conn, const char *path,SMB_STRUCT_STAT *sbuf)
 {
 	uint32 result = 0;
+	bool offline;
+	int ret;
 
 	DEBUG(8,("dos_mode: %s\n", path));
 
@@ -395,8 +380,10 @@ uint32 dos_mode(connection_struct *conn, const char *path,SMB_STRUCT_STAT *sbuf)
 		result |= dos_mode_from_sbuf(conn, path, sbuf);
 	}
 
-	if (S_ISREG(sbuf->st_mode)) {
-		result |= set_offline_flag(conn, path);
+	
+	ret = SMB_VFS_IS_OFFLINE(conn, path, sbuf, &offline);
+	if (S_ISREG(sbuf->st_mode) && (ret == 0) && offline) {
+		result |= FILE_ATTRIBUTE_OFFLINE;
 	}
 
 	/* Optimization : Only call is_hidden_path if it's not already
@@ -432,7 +419,7 @@ int file_set_dosmode(connection_struct *conn, const char *fname,
 	int mask=0;
 	mode_t tmp;
 	mode_t unixmode;
-	int ret = -1;
+	int ret = -1, lret = -1;
 
 	/* We only allow READONLY|HIDDEN|SYSTEM|DIRECTORY|ARCHIVE here. */
 	dosmode &= SAMBA_ATTRIBUTES_MASK;
@@ -505,10 +492,21 @@ int file_set_dosmode(connection_struct *conn, const char *fname,
 		unixmode |= (st->st_mode & (S_IWUSR|S_IWGRP|S_IWOTH));
 	}
 
-	if ((ret = SMB_VFS_CHMOD(conn,fname,unixmode)) == 0) {
-		if (!newfile) {
+	if (dosmode & FILE_ATTRIBUTE_OFFLINE) {
+		lret = SMB_VFS_SET_OFFLINE(conn, fname);
+		if (lret == -1) {
+			DEBUG(0, ("set_dos_mode: client has asked to set "
+				  "FILE_ATTRIBUTE_OFFLINE to %s/%s but there was "
+				  "an error while setting it or it is not supported.\n", 
+				  parent_dir, fname));
+		}
+	}
+
+	ret = SMB_VFS_CHMOD(conn, fname, unixmode);
+	if (ret == 0) {
+		if(!newfile || (lret != -1)) {
 			notify_fname(conn, NOTIFY_ACTION_MODIFIED,
-				FILE_NOTIFY_CHANGE_ATTRIBUTES, fname);
+				     FILE_NOTIFY_CHANGE_ATTRIBUTES, fname);
 		}
 		st->st_mode = unixmode;
 		return 0;
diff --git a/source3/smbd/oplock_linux.c b/source3/smbd/oplock_linux.c
index 05021b6c74..fa7cb42bc6 100644
--- a/source3/smbd/oplock_linux.c
+++ b/source3/smbd/oplock_linux.c
@@ -93,17 +93,27 @@ static void set_capability(unsigned capability)
 		return;
 	}
 
-	data.effective |= (1<<capability);
+	if (0 == (data.effective & (1<<capability))) {
+		data.effective |= (1<<capability);
 
-	if (capset(&header, &data) == -1) {
-		DEBUG(3,("Unable to set %d capability (%s)\n", 
-			 capability, strerror(errno)));
+		if (capset(&header, &data) == -1) {
+			DEBUG(3,("Unable to set %d capability (%s)\n", 
+				 capability, strerror(errno)));
+		}
 	}
 }
 
 /*
- Call to set the kernel lease signal handler
-*/
+ * public function to get linux lease capability. Needed by some VFS modules (eg. gpfs.c)
+ */
+void linux_set_lease_capability(void)
+{
+	set_capability(CAP_LEASE);
+}
+
+/* 
+ * Call to set the kernel lease signal handler
+ */
 int linux_set_lease_sighandler(int fd)
 {
         if (fcntl(fd, F_SETSIG, RT_SIGNAL_LEASE) == -1) {
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 5f18615f66..6cec39f9c0 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -3413,6 +3413,9 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
 	bool acl_perms = False;
 	mode_t orig_mode = (mode_t)0;
 	NTSTATUS status;
+	uid_t orig_uid;
+	gid_t orig_gid;
+	bool need_chown = False;
 
 	DEBUG(10,("set_nt_acl: called for file %s\n", fsp->fsp_name ));
 
@@ -3435,6 +3438,8 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
 
 	/* Save the original elements we check against. */
 	orig_mode = sbuf.st_mode;
+	orig_uid = sbuf.st_uid;
+	orig_gid = sbuf.st_gid;
 
 	/*
 	 * Unpack the user/group/world id's.
@@ -3449,7 +3454,11 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
 	 * Do we need to chown ?
 	 */
 
-	if (((user != (uid_t)-1) && (sbuf.st_uid != user)) || (( grp != (gid_t)-1) && (sbuf.st_gid != grp))) {
+	if (((user != (uid_t)-1) && (orig_uid != user)) || (( grp != (gid_t)-1) && (orig_gid != grp))) {
+		need_chown = True;
+	}
+
+	if (need_chown && (user == (uid_t)-1 || user == current_user.ut.uid)) {
 
 		DEBUG(3,("set_nt_acl: chown %s. uid = %u, gid = %u.\n",
 				fsp->fsp_name, (unsigned int)user, (unsigned int)grp ));
@@ -3487,6 +3496,11 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
 
 		/* Save the original elements we check against. */
 		orig_mode = sbuf.st_mode;
+		orig_uid = sbuf.st_uid;
+		orig_gid = sbuf.st_gid;
+
+		/* We did chown already, drop the flag */
+		need_chown = False;
 	}
 
 	create_file_sids(&sbuf, &file_owner_sid, &file_grp_sid);
@@ -3630,6 +3644,21 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
 		free_canon_ace_list(dir_ace_list); 
 	}
 
+	/* Any chown pending? */
+	if (need_chown) {
+		DEBUG(3,("set_nt_acl: chown %s. uid = %u, gid = %u.\n",
+			 fsp->fsp_name, (unsigned int)user, (unsigned int)grp ));
+		
+		if(try_chown( fsp->conn, fsp->fsp_name, user, grp) == -1) {
+			DEBUG(3,("set_nt_acl: chown %s, %u, %u failed. Error = %s.\n",
+				 fsp->fsp_name, (unsigned int)user, (unsigned int)grp, strerror(errno) ));
+			if (errno == EPERM) {
+				return NT_STATUS_INVALID_OWNER;
+			}
+			return map_nt_error_from_unix(errno);
+		}
+	}
+	
 	return NT_STATUS_OK;
 }
 
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index e2316ef120..381ddfe151 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -3329,8 +3329,12 @@ void reply_read_and_X(struct smb_request *req)
 		return;
 	}
 
-	if (!big_readX
-	    && schedule_aio_read_and_X(conn, req, fsp, startpos, smb_maxcnt)) {
+	/* It is possible for VFS modules to selectively decide whether Async I/O should be used
+	   for the file or not.
+        */
+	if ((SMB_VFS_AIO_FORCE(fsp)) &&
+	    !big_readX &&
+	    schedule_aio_read_and_X(conn, req, fsp, startpos, smb_maxcnt)) {
 		END_PROFILE(SMBreadX);
 		return;
 	}
@@ -4001,13 +4005,16 @@ void reply_write_and_X(struct smb_request *req)
 		nwritten = 0;
 	} else {
 
-		if (req->unread_bytes == 0 &&
-				schedule_aio_write_and_X(conn, req, fsp, data,
-							startpos, numtowrite)) {
+		/* It is possible for VFS modules to selectively decide whether Async I/O
+		   should be used for the file or not.
+		*/
+		if ((SMB_VFS_AIO_FORCE(fsp)) && (req->unread_bytes == 0) &&
+		    schedule_aio_write_and_X(conn, req, fsp, data, startpos,
+					     numtowrite)) {
 			END_PROFILE(SMBwriteX);
 			return;
 		}
-
+		
 		nwritten = write_file(req,fsp,data,startpos,numtowrite);
 	}
 
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 8371d17f10..db241103ed 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -268,10 +268,20 @@ static void add_child_pid(pid_t pid)
 	num_children += 1;
 }
 
-static void remove_child_pid(pid_t pid)
+static void remove_child_pid(pid_t pid, bool unclean_shutdown)
 {
 	struct child_pid *child;
 
+	if (unclean_shutdown) {
+		/* a child terminated uncleanly so tickle all processes to see 
+		   if they can grab any of the pending locks
+		*/
+		messaging_send_buf(smbd_messaging_context(), procid_self(), 
+				   MSG_SMB_BRL_VALIDATE, NULL, 0);
+		message_send_all(smbd_messaging_context(), 
+				 MSG_SMB_UNLOCK, NULL, 0, NULL);
+	}
+
 	if (lp_max_smbd_processes() == 0) {
 		/* Don't bother with the child list if we don't care anyway */
 		return;
@@ -560,10 +570,27 @@ static bool open_sockets_smbd(bool is_daemon, bool interactive, const char *smb_
 
 		if (got_sig_cld) {
 			pid_t pid;
+			int status;
+
 			got_sig_cld = False;
 
-			while ((pid = sys_waitpid(-1, NULL, WNOHANG)) > 0) {
-				remove_child_pid(pid);
+			while ((pid = sys_waitpid(-1, &status, WNOHANG)) > 0) {
+				bool unclean_shutdown = False;
+				
+				/* If the child terminated normally, assume
+				   it was an unclean shutdown unless the
+				   status is 0 
+				*/
+				if (WIFEXITED(status)) {
+					unclean_shutdown = WEXITSTATUS(status);
+				}
+				/* If the child terminated due to a signal
+				   we always assume it was unclean.
+				*/
+				if (WIFSIGNALED(status)) {
+					unclean_shutdown = True;
+				}
+				remove_child_pid(pid, unclean_shutdown);
 			}
 		}
 
@@ -603,6 +630,15 @@ static bool open_sockets_smbd(bool is_daemon, bool interactive, const char *smb_
 
 			continue;
 		}
+		
+
+		/* If the idle timeout fired and we don't have any connected
+		 * users, exit gracefully. We should be running under a process
+		 * controller that will restart us if necessry.
+		 */
+		if (num == 0 && count_all_current_connections() == 0) {
+			exit_server_cleanly("idle timeout");
+		}
 
 		/* process pending nDNS responses */
 		if (dns_register_smbd_reply(dns_reg, &r_fds, &idle_timeout)) {
@@ -906,6 +942,29 @@ void exit_server_fault(void)
 	exit_server("critical server fault");
 }
 
+
+/****************************************************************************
+received when we should release a specific IP
+****************************************************************************/
+static void msg_release_ip(struct messaging_context *msg_ctx, void *private_data, 
+                    	   uint32_t msg_type, struct server_id server_id, DATA_BLOB *data)
+{
+	const char *ip = (const char *)data->data;
+	char addr[INET6_ADDRSTRLEN];
+
+	if (strcmp(client_socket_addr(get_client_fd(),addr,sizeof(addr)), ip) == 0) {
+		/* we can't afford to do a clean exit - that involves
+		   database writes, which would potentially mean we
+		   are still running after the failover has finished -
+		   we have to get rid of this process ID straight
+		   away */
+		DEBUG(0,("Got release IP message for our IP %s - exiting immediately\n",
+			ip));
+		_exit(0);
+	}
+}
+
+
 /****************************************************************************
  Initialise connect, service and file structs.
 ****************************************************************************/
@@ -1305,6 +1364,8 @@ extern void build_options(bool screen);
 	/* register our message handlers */
 	messaging_register(smbd_messaging_context(), NULL,
 			   MSG_SMB_FORCE_TDIS, msg_force_tdis);
+	messaging_register(smbd_messaging_context(), NULL,
+			   MSG_SMB_RELEASE_IP, msg_release_ip);
 
 	if ((lp_keepalive() != 0)
 	    && !(event_add_idle(smbd_event_context(), NULL,
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index bf6802f2a6..5729ab5349 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -2373,8 +2373,8 @@ static void call_trans2qfsinfo(connection_struct *conn,
 	const char *vname = volume_label(SNUM(conn));
 	int snum = SNUM(conn);
 	char *fstype = lp_fstype(SNUM(conn));
-	int quota_flag = 0;
-
+	uint32 additional_flags = 0;
+	
 	if (total_params < 2) {
 		reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
 		return;
@@ -2487,16 +2487,23 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)st.st_dev, (unsi
 		case SMB_QUERY_FS_ATTRIBUTE_INFO:
 		case SMB_FS_ATTRIBUTE_INFORMATION:
 
-
+			additional_flags = 0;
 #if defined(HAVE_SYS_QUOTAS)
-			quota_flag = FILE_VOLUME_QUOTAS;
+			additional_flags |= FILE_VOLUME_QUOTAS;
 #endif
 
+			if(lp_nt_acl_support(SNUM(conn))) {
+				additional_flags |= FILE_PERSISTENT_ACLS;
+			}
+			
+			if(SMB_VFS_IS_REMOTESTORAGE(conn, lp_pathname(SNUM(conn)))) {
+				additional_flags |= FILE_SUPPORTS_REMOTE_STORAGE;
+				additional_flags |= FILE_SUPPORTS_REPARSE_POINTS;
+			}
+			
 			SIVAL(pdata,0,FILE_CASE_PRESERVED_NAMES|FILE_CASE_SENSITIVE_SEARCH|
-				(lp_nt_acl_support(SNUM(conn)) ? FILE_PERSISTENT_ACLS : 0)|
-				FILE_SUPPORTS_OBJECT_IDS|
-				FILE_UNICODE_ON_DISK|
-				quota_flag); /* FS ATTRIBUTES */
+				FILE_SUPPORTS_OBJECT_IDS|FILE_UNICODE_ON_DISK|
+				additional_flags); /* FS ATTRIBUTES */
 
 			SIVAL(pdata,4,255); /* Max filename component length */
 			/* NOTE! the fstype must *not* be null terminated or win98 won't recognise it