Age | Commit message (Collapse) | Author | Files | Lines |
|
When returning an underlying ACL on a directory, normally on a
POSIX system it has no inheritable entries, which breaks the
Windows ACL when a user does a get/set of a Windows ACL on a
POSIX directory with no existing stored Windows ACL from
the Windows ACL editor. What happens is any new entry added
by the user gets set inheritable, but none of the others
entries are (as returned by default). So any new files then
only inherit the single new ACE entry (the one marked inheritable
by the ACL editor).
Fix this by faking up a default 3 element inheritable ACL that
represents what a user creating a POSIX file or directory will
get by default from the smbd code.
Jeremy.
|
|
|
|
this is in preparation for other preallocation methods to be introduced.
|
|
path
this makes the posix_fallocate path work analogous to the manual allocate path.
|
|
check for it.
Jeremy.
|
|
properly inherit permissions from parent and 6938 - No hook exists to check creation rights when using acl_xattr module
Volker was right (dammit :-). It's much easier to catch
this case in the create_file() vfs call instead of trying
to do everything inside open() and mkdir(). Hook all these
functions to gain the desired effect.
Jeremy.
|
|
fsp->fsp_name.
Moving towards making VFS_OPEN/VFS_MKDIR/VFS_RMDIR
handle based...
Jeremy.
|
|
can_set_delete_on_close() is correctly called before any setting
of the disposition bit (clean up the do_unlink() call).
Jeremy.
|
|
this function is only called when strict alloc is set, no reason to check that twice.
|
|
right. The previous bugs were due to the fact that get_nt_acl_internal()
could return an NTSTATUS error if there was no stored ACL blob, but
otherwise would return the underlying ACL from the filysystem. Fix
this so it always returns a valid acl if it can, and if it does not
its an error to be reported back to the client. This then changes
the inherit acl code. Previously we were trying to match Windows
by setting a minimal ACL on a new file that didn't inherit anything
from a parent directory. This is silly - the returned ACL wouldn't
match the underlying UNIX permissions. The current code will correctly
inherit from a parent if a parent has any inheritable ACE entries
that apply to the new object, but will return a mapping from the
underlying UNIX permissions if the parent has no inheritable entries.
This makes much more sense for new files/directories.
Jeremy.
|
|
blobs - returns NT_STATUS_OK if there aren't any.
Jeremy.
|
|
posix_fallocate is more efficient than manual zero'ing the file. When
preallocation in kernel space is supported it's extremely fast. Support for
preallocation at fs layer via posix_fallocate and fallocate at kernel site
can be found in Linux kernel 2.6.23/glibc 2.10 with ext4, XFS and OCFS2. Other
systems that I know of which support fast preallocation in kernel space are
AIX 6.1 with JFS2 and recent Solaris versions with ZFS maybe UFS2, too.
People who have a system with preallocation in kernel space might want to set
"strict allocate = yes". This reduces file fragentation and it's also safer for
setups with quota being turned on.
As of today most systems still don't have preallocation in kernel space, and
that's why "strict allocate = no" will stay the default for now.
|
|
reads off the underlying filesystem. Ensure that vfs_acl_tdb.c
returns NT_STATUS_NOT_FOUND, not NT_STATUS_OBJECT_NAME_NOT_FOUND
when it can't find a blob matching the file.
Jeremy.
|
|
Fix opendir status return if access denied.
Jeremy.
|
|
module
Fix ACL modules to test for permissions on open/mkdir/opendir.
Ensure that underlying ACLs are returned for directories/files with
no Windows xattr or tdb acls stored.
Jeremy.
|
|
down to NEXT-> before initializing. This allows us to
do cleanup (by calling DISCONNECT) if initialization
fails. Also fix vfs_acl_xattr which was failing to
call the NEXT connect function.
Jeremy.
|
|
|
|
|
|
The callers only look at the mode
|
|
Step 0 to restore it as a per-share paramter
|
|
ACLS are wiped out.
Merges existing DACLs when a ACL set operation comes in with only owner or group values set.
Jeremy.
|
|
This reverts commit f7b4151a64d8c6851e62255a7139fd00a5fc63a3.
|
|
This reverts commit c85a4c9ba4a7de65a7850f6f9708df66bd24deea.
|
|
|
|
|
|
In very hot codepaths like the statcache copy_smb_filename and the subsequent
recursive talloc_free is noticable in the CPU load.
|
|
This is a hot codepath (called from the stat cache)
|
|
in the "user.DOSATTRIB" EA. From the docs:
In Samba 3.5.0 and above the "user.DOSATTRIB" extended attribute has been extended to store
the create time for a file as well as the DOS attributes. This is done in a backwards compatible
way so files created by Samba 3.5.0 and above can still have the DOS attribute read from this
extended attribute by earlier versions of Samba, but they will not be able to read the create
time stored there. Storing the create time separately from the normal filesystem meta-data
allows Samba to faithfully reproduce NTFS semantics on top of a POSIX filesystem.
Passes make test but will need more testing.
Jeremy.
|
|
inherit acls = yes or xattrs are removed.
We also need dos filemode = true set as well.
Jeremy.
|
|
Michael
|
|
xattrs are removed.
Jeremy.
|
|
setting nanosecond timestamps using utimensat() was first supported by Linux
kernel 2.6.22 and glibc 2.6. It's specified in POSIX.1-2008.
This effectively makes us use Windows' full 100ns timestamp resolution -
actually just an improvement from 10^-6 to 10^-7.
For now Linux CIFS vfs will also just be able to make use of 100ns resolution,
not 1ns.
|
|
used to store the stream info in streams_depot.so is not
seen in when enumerating EAs.
Jeremy.
|
|
parent.
|
|
Jeremy.
|
|
Jeremy.
|
|
Caught by the torture tester. I love unit tests :-). Jeremy.
|
|
|
|
|
|
function vfs_stat_fsp(). Stops code looking at fsp->posix_open
except for exceptional circumstances.
Jeremy.
|
|
Jeremy.
|
|
Always use LSTAT for POSIX pathnames.
Jeremy.
|
|
spammed the logs on a test machine and they are just debug messages, so let's move them to the level of the other debug messages in the file
Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
|
|
|
|
When racing to the open and loosing we may get a share_mode violation.
In this case handle the 1-second delay via a defferred open properly.
This requires us to retrieve the share_mode_lock before deferring
open so we don't dereference a NULL pointer assuming we already had
the lck because we were the first opener.
|
|
to the same file.
Two openers can stat a file at the same time, see that it doesn't exist,
and then both race to open it first. The loser will enter
onefs_open_file_ntcreate believing that the file doesnt exist, and thus
skip any current state lookups for that file. This includes setting
the file_id, and having a valid stat buffer.
Normally on first create the file_id will be set during the open, but
the second opener in this scenario may fail the open (oplock/share mode)
and file_id will not be set, nor will the stat buffer be valid.
In the error paths of this patch, we now double check that the file_id
and the stat buffer are valid before doing other operations.
|
|
deferred open state.
Signed-off-by: Tim Prouty <tprouty@samba.org>
|
|
|
|
specified.
When we use the CATIA vfs module and don't have any mapping specified,
we return NULL for the mapped_name, thereby resulting in segfaults.
When we don't have catia mapping, we should just use the old name
instead of returning NULL for the mapped_name.
Signed-off-by: Tim Prouty <tprouty@samba.org>
|
|
open.
Since the catia translation is implemented for open, it should not
also be done in createfile. By removing createfile from catia,
translation is now done correctly for the primary open path.
In order to support systems that have custom createfile
implementations that don't eventually call SMB_VFS_OPEN,
SMB_VFS_TRANSLATE_NAME has been expanded to take an additional
argument that specifies direction.
Signed-off-by: Tim Prouty <tprouty@samba.org>
|