Age | Commit message (Collapse) | Author | Files | Lines |
|
This adds a parameter "gpfs:refuse_dacl_protected" that defaults to false.
GPFS has no place to store the SEC_DESC_DACL_PROTECTED ACL bit. With this
parameter we give customers an option to either ignore this bit or refuse
setting an ACL with it.
|
|
|
|
|
|
as GPFS does not support the ACE4_FLAG_NO_PROPAGATE NFSv4 flag (which would be the mapping for the DESC_DACL_PROTECTED flag), the status of this flag is currently silently ignored by Samba. That means that if you deselect the "Allow inheritable permissions..." checkbox in Windows' ACL dialog and then apply the ACL, the flag will be back immediately.
To make sure that automatic migration with e.g. robocopy does not lead to ACLs silently (and unintentionally) changed, this patch adds an explicit check for this flag and if set, it will return NT_STATUS_NOT_SUPPORTED so errors are shown up on the Windows side and the Administrator is aware of the ACLs not being settable like intended
Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
|
|
This patch introduces two new temporary helper functions
vfs_stat_smb_fname and vfs_lstat_smb_fname. They basically allowed me
to call the new smb_filename version of stat, while avoiding plumbing
it through callers that are still too inconvenient. As the conversion
moves along, I will be able to remove callers of this, with the goal
being to remove all callers.
There was also a bug in create_synthetic_smb_fname_split (also a
temporary utility function) that caused it to incorrectly handle
filenames with ':'s in them when in posix mode. This is now fixed.
|
|
|
|
1. Store win attributes in gpfs instead of posix bits.
2. use of path based winattr calls of gpfs.
Signed-off-by: Mathias Dietz <mdietz@de.ibm.com>
|
|
This patch introduces
struct stat_ex {
dev_t st_ex_dev;
ino_t st_ex_ino;
mode_t st_ex_mode;
nlink_t st_ex_nlink;
uid_t st_ex_uid;
gid_t st_ex_gid;
dev_t st_ex_rdev;
off_t st_ex_size;
struct timespec st_ex_atime;
struct timespec st_ex_mtime;
struct timespec st_ex_ctime;
struct timespec st_ex_btime; /* birthtime */
blksize_t st_ex_blksize;
blkcnt_t st_ex_blocks;
};
typedef struct stat_ex SMB_STRUCT_STAT;
It is really large because due to the friendly libc headers playing macro
tricks with fields like st_ino, so I renamed them to st_ex_xxx.
Why this change? To support birthtime, we already have quite a few #ifdef's at
places where it does not really belong. With a stat struct that we control, we
can consolidate the nanosecond timestamps and the birthtime deep in the VFS
stat calls.
At this moment it is triggered by a request to support the birthtime field for
GPFS. GPFS does not extend the system level struct stat, but instead has a
separate call that gets us the additional information beyond posix. Without
being able to do that within the VFS stat calls, that support would have to be
scattered around the main smbd code.
It will very likely break all the onefs modules, but I think the changes will
be reasonably easy to do.
|
|
Thanks Michael to provide some transparency :-)
|
|
We have to drop the gpfs level share modes, regardless of whether we put
the file into the pending close queue.
|
|
|
|
|
|
|
|
(cherry picked from commit b37684ffcec4ba0beada55d37bcaf4f5e79bcd58)
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
This reverts commit a0efc4cffbd84898c454d27eaf946d073dfdad0f.
This one should have been done with careful cherry-picks, sorry.
Volker
|
|
This reverts commit a4b52118d44906882677ed1234428d8025134036.
|
|
This reverts commit b37684ffcec4ba0beada55d37bcaf4f5e79bcd58.
|
|
This reverts commit c044b09572631cbdd686e5dbbdfbcc731145533a.
|
|
Crap, too many trees and no instant, infinitely fast rebuild
|
|
|
|
|
|
|
|
|
|
in fset_nt_acl().
Need to watch the build farm to make sure I haven't broken the AIX or Solaris ACL modules.
Jeremy.
|
|
this can only be done via fset_nt_acl() using an open
file/directory handle. I'd like to do the same with
get_nt_acl() but am concerned about efficiency
problems with "hide unreadable/hide unwritable" when
doing a directory listing (this would mean opening
every file in the dir on list).
Moving closer to rationalizing the ACL model and
maybe moving the POSIX calls into a posix_acl VFS
module rather than having them as first class citizens
of the VFS.
Jeremy.
(This used to be commit f487f742cb903a06fbf2be006ddc9ce9063339ed)
|
|
(from http://samba.org/~tridge/3_0-ctdb)
Signed-off-by: Alexander Bokovoy <ab@samba.org>(This used to be commit 1daad835cbfb4615a8fe7a241f4d578f7e69f214)
|
|
Michael
(This used to be commit 9296e93588c0e795cae770765050247ac1474a74)
|
|
Michael
(This used to be commit 42663e8736e1a3dfb57e0aafdcbf5fec880da779)
|
|
Michael
(This used to be commit 8880eb82f16d561a4023ec8426f8ea35c579a7a6)
|
|
Michael
(This used to be commit 195c519377c2fdc655e25760b52bc0694b8dda81)
|
|
Michael
(This used to be commit a54d5604da556d1250ca9948d4acc4a187a9fede)
|
|
Michael
(This used to be commit 0b86c420be94d295f6917a220b5d699f65b46711)
|
|
Michael
(This used to be commit 4f2d139a186048f08180378a877b69d2f80ad51f)
|
|
Michael
(This used to be commit c0c7c1223da29c68359dac64a340c1c710d5f3d2)
|
|
Up to now, get_nt_acl() took a files_struct pointer (fsp) and
a file name. All the underlying functions should need and now
do need (after the previous preparatory work), is a connection_struct
and a file name. The connection_struct is already there in the
vfs_handle passed to the vfs functions. So the files_struct
argument can be eliminated.
This eliminates the need of calling open_file_stat in a couple
of places to produce the fsp needed.
Michael
(This used to be commit b5f600fab53c9d159a958c59795db3ba4a8acc63)
|
|
This moves functionality from gpfsacl_get_nt_acl_common()
back to gpfsacl_get_nt_acl() and gpfsacl_fget_nt_acl(),
making both these functions more specific (calling the
corresponding fsp- and non-fsp functions).
gpfsacl_get_nt_acl_common(). is removed.
Michael
(This used to be commit d6043c1066322d2c567aedc5eae1a9d46c8fc396)
|
|
This is the next step in preparation of a get_nt_acl prototype change.
Michael
(This used to be commit 7afeb1c6cb1bdb58d1e61c54ae215d947d8dc3ea)
|
|
Replace smbd/posix_acls.c:get_nt_acl() by two funcions:
posix_get_nt_acl() and posix_fget_nt_acl(). The first
takes a connection struct and a file name instead of a
files_struct pointer. This is in preparation of changing
the vfs api for SMB_VFS_GET_NT_ACL.
Michael
(This used to be commit 50c82cc1456736fa634fb656e63555319742f725)
|
|
(This used to be commit dcbe1bf942d017a3cd5084c6ef605a13912f795b)
|
|
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
|
|
This adds the two functions talloc_stackframe() and talloc_tos().
* When a new talloc stackframe is allocated with talloc_stackframe(), then
* the TALLOC_CTX returned with talloc_tos() is reset to that new
* frame. Whenever that stack frame is TALLOC_FREE()'ed, then the reverse
* happens: The previous talloc_tos() is restored.
*
* This API is designed to be robust in the sense that if someone forgets to
* TALLOC_FREE() a stackframe, then the next outer one correctly cleans up and
* resets the talloc_tos().
The original motivation for this patch was to get rid of the
sid_string_static & friends buffers. Explicitly passing talloc context
everywhere clutters code too much for my taste, so an implicit
talloc_tos() is introduced here. Many of these static buffers are
replaced by a single static pointer.
The intended use would thus be that low-level functions can rather
freely push stuff to talloc_tos, the upper layers clean up by freeing
the stackframe. The more of these stackframes are used and correctly
freed the more exact the memory cleanup happens.
This patch removes the main_loop_talloc_ctx, tmp_talloc_ctx and
lp_talloc_ctx (did I forget any?)
So, never do a
tmp_ctx = talloc_init("foo");
anymore, instead, use
tmp_ctx = talloc_stackframe()
:-)
Volker
(This used to be commit 6585ea2cb7f417e14540495b9c7380fe9c8c717b)
|
|
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
|
|
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
|
|
return to correctly return NT_STATUS_INVALID_OWNER if it
should be disallowed. Matches better what W2K3R3 does.
NFSv4 ACL module owners, please examine these changes.
Jeremy.
(This used to be commit fc6899a5506b272f8cd5f5837ca13300b4e69a5f)
|
|
during ctdb tests
(This used to be commit e150e42ac59494a1da12bb5c9da8c9c935780924)
|
|
calls. No functional changes. Looks bigger than it is :-).
Jeremy.
(This used to be commit f6fa3080fee1b20df9f1968500840a88cf0ee592)
|
|
_file). Thanks to Gomati Mohanan.
(This used to be commit 859269c9492e002f02415d610c83452538147972)
|
|
it should be abstracted a little higher up so other os'es can have an
entry, but it will take a bit more work. Thanks to Chetan Shringarpure
and Mathias Dietz.
I didn't increment the vfs number again because the kernel change notify
stuff hasn't been released yet anyway.
(This used to be commit 9463211bf3b46ee408b88dfbf42d498e3839d4cc)
|
|
clean up a bunch of no previous prototype warnings
(This used to be commit c60687db112405262adf26dbf267804b04074e67)
|