| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
sending over the network in protocol v2. To be able to do this, we create a new va-list function that is creating the buffer to send. Also it makes it easier for the receiver to parse the data; it sends an initial header containing the full length of the buffer to be send. For the individual strings, it sends sub headers containing the length of the upcoming substring to be send. With the header-data-header-data [..] structure we don't need to quote the sub strings finally enabling having all possible character sets in filenames etc..
In the sending function, implement mkdir to actually send it's data
for testing.
|
|
over to the send function, which then casts the void pointer to the struct required by looking at the id. This allows us to return different result data depending on the VFS function that is running. Make the protocol v1 sender compatible to this. Adapt the existing VFS functions to use the new data structures. Make use of the new functionality and extend the mkdir VFS logger function to return the creation mode additionally.
|
|
From Holger:
Make smb_traffic_analyzer differ the protocol versions to enable the development of version 2 of the protocol. To do this, a new parameter "protocol_version" has been introduced, which can be set to "V1", "V2", or nothing. If protocol_version is not set, V1 will be chosen automatically.
Created an enum for identifying VFS functions in the upcoming protocol v2. Converted the existing VFS functions to use the identifier, and set the read/write bool used in protocol v1 accordingly, also ignore any other VFS functions except read/write/pread/pwrite in v1. Added a first new VFS function for mkdir, which I use for testing and implementing both the sender and receiver for v2.
|
|
make access decisions.
Jeremy.
|
|
"current_user.XXX"
Will allow me to replace them with accessor functions.
Jeremy.
|
|
struct current_user current_user;"."
As requested by Volker, split this into smaller commits.
Jeremy.
|
|
get_current_nttok(conn)
Centralize the root check into smb1_file_se_access_check()
so this is used by modules/vfs_acl_common.c also.
Jeremy.
|
|
Use accessor functions to get to this value. Tidies up much of
the user context code. Volker, please look at the changes in smbd/uid.c
to familiarize yourself with these changes as I think they make the
logic in there cleaner.
Cause smbd/posix_acls.c code to look at current user context, not
stored context on the conn struct - allows correct use of these
function calls under a become_root()/unbecome_root() pair.
Jeremy.
|
|
|
|
this module adds optional server-side support for limited rename operations
beyond filesystem boundaries, which was the previously the default.
|
|
cross-device rename support has some major limitations:
- on huge files clients will timeout or hang
- ACLs and EA information is not retained
Usually a client will have to handle this. A Windows Server with a reparse
point will also just return NT_STATUS_NOT_SAME_DEVICE. We will now by default
do the same.
I will add a vfs module which will restore the old cross-device renames.
|
|
Ensure we don't use any of the create_options for Samba private
use. Add a new parameter to the VFS_CREATE call (private_flags)
which is only used internally. Renumber NTCREATEX_OPTIONS_PRIVATE_DENY_DOS
and NTCREATEX_OPTIONS_PRIVATE_DENY_FCB to match the S4 code).
Rev. the VFS interface to version 28.
Jeremy.
|
|
fixes #7197. Thanks to William Jojo for the correction.
|
|
Supports negated arguments in configuration like:
full_audit:success = all !readdir !telldir !closedir
Update the manpage accordingly.
Part of BSO#4025
|
|
Shuttle-reviewed by jra :)
Guenther
|
|
|
|
check !
Jeremy.
|
|
(cherry picked from commit a13b507f2d8be7f90c8872094cd0732926a6fcbb)
|
|
|
|
As pointed out by bj@sernet.de, the rmdir module initializer was
duplicated. Fix this properly.
Jeremy.
|
|
Thanks, Volker for the hint - acl_type is a macro on Tru64. Renamed it
to acltype. This fixes #7103.
|
|
Check for NULL on opendir, correctly call next rmdir.
Jeremy.
|
|
|
|
|
|
Fix inspired by idea from Eric Horst <erich@cac.washington.edu>.
Jeremy.
|
|
|
|
|
|
|
|
|
|
does not have delete rights fails even if the delete right is set on the object
Suggested by Volker. Reduce the surface area of the
become_root() unbecome_root() code to reduce the chance
of errors.
Jeremy.
|
|
Fix some issues with handling names ending in '/'.
|
|
|
|
setting socket name.
Jeremy.
|
|
rights fails even if the delete right is set on the object.
Final fix for the vfs_acl_xattr and vfs_acl_tdb code.
Ensure we can delete a file even if the underlying POSIX
permissions don't allow it, if the Windows permissions do.
Jeremy.
|
|
|
|
|
|
When setting an ACL without any of the user/group/other entries, ZFS
automatically creates them. This can at times confuse users a lot. This
parameter denies setting such an acl, users explicitly have to for example set
an ACE with everyone allowing nothing. Users need to be educated about this,
but this helps avoid a lot of confusion.
|
|
this one was part of an old patch from jpeach.
|
|
When returning an underlying ACL on a directory, normally on a
POSIX system it has no inheritable entries, which breaks the
Windows ACL when a user does a get/set of a Windows ACL on a
POSIX directory with no existing stored Windows ACL from
the Windows ACL editor. What happens is any new entry added
by the user gets set inheritable, but none of the others
entries are (as returned by default). So any new files then
only inherit the single new ACE entry (the one marked inheritable
by the ACL editor).
Fix this by faking up a default 3 element inheritable ACL that
represents what a user creating a POSIX file or directory will
get by default from the smbd code.
Jeremy.
|
|
|
|
this is in preparation for other preallocation methods to be introduced.
|
|
path
this makes the posix_fallocate path work analogous to the manual allocate path.
|
|
check for it.
Jeremy.
|
|
properly inherit permissions from parent and 6938 - No hook exists to check creation rights when using acl_xattr module
Volker was right (dammit :-). It's much easier to catch
this case in the create_file() vfs call instead of trying
to do everything inside open() and mkdir(). Hook all these
functions to gain the desired effect.
Jeremy.
|
|
fsp->fsp_name.
Moving towards making VFS_OPEN/VFS_MKDIR/VFS_RMDIR
handle based...
Jeremy.
|
|
can_set_delete_on_close() is correctly called before any setting
of the disposition bit (clean up the do_unlink() call).
Jeremy.
|
|
this function is only called when strict alloc is set, no reason to check that twice.
|
|
right. The previous bugs were due to the fact that get_nt_acl_internal()
could return an NTSTATUS error if there was no stored ACL blob, but
otherwise would return the underlying ACL from the filysystem. Fix
this so it always returns a valid acl if it can, and if it does not
its an error to be reported back to the client. This then changes
the inherit acl code. Previously we were trying to match Windows
by setting a minimal ACL on a new file that didn't inherit anything
from a parent directory. This is silly - the returned ACL wouldn't
match the underlying UNIX permissions. The current code will correctly
inherit from a parent if a parent has any inheritable ACE entries
that apply to the new object, but will return a mapping from the
underlying UNIX permissions if the parent has no inheritable entries.
This makes much more sense for new files/directories.
Jeremy.
|
|
blobs - returns NT_STATUS_OK if there aren't any.
Jeremy.
|
