Age | Commit message (Collapse) | Author | Files | Lines |
|
In very hot codepaths like the statcache copy_smb_filename and the subsequent
recursive talloc_free is noticable in the CPU load.
|
|
with Bad File Descriptor.
Jeremy.
|
|
Based on a patch submitted by Tsukasa Hamano <hamano@osstech.co.jp>,
this is a change in the POSIX ACL mapping to deal with the lossy
mapping for directory ACE entries:
We have a lossy mapping: directory ACE entries
CREATOR_OWNER ------\
(map to) +---> SMB_ACL_USER_OBJ
owning sid ------/
CREATOR_GROUP ------\
(map to) +---> SMB_ACL_GROUP_OBJ
primary group sid --/
on set. And on read of a directory ACL
SMB_ACL_USER_OBJ ----> CREATOR_OWNER
SMB_ACL_GROUP_OBJ ---> CREATOR_GROUP.
Deal with this on set by duplicating
owning sid and primary group sid ACE
entries into the directory ACL.
Jeremy.
|
|
The code to read the new V2 SAMBA_PAI entries had
two errors.
Jeremy.
|
|
function vfs_stat_fsp(). Stops code looking at fsp->posix_open
except for exceptional circumstances.
Jeremy.
|
|
Jeremy.
|
|
Jeremy.
|
|
metze
|
|
Jeremy.
|
|
|
|
|
|
|
|
|
|
|
|
This patch introduces two new temporary helper functions
vfs_stat_smb_fname and vfs_lstat_smb_fname. They basically allowed me
to call the new smb_filename version of stat, while avoiding plumbing
it through callers that are still too inconvenient. As the conversion
moves along, I will be able to remove callers of this, with the goal
being to remove all callers.
There was also a bug in create_synthetic_smb_fname_split (also a
temporary utility function) that caused it to incorrectly handle
filenames with ':'s in them when in posix mode. This is now fixed.
|
|
down from above (as const).
Jeremy.
|
|
Fix a couple more unix_convert uses to filename_convert.
Fix bug in acl_group_override() where an uninitialized
struct could be used. Move unix_convert with wildcard
use in SMBsearch reply to boilerplate code.
Jeremy.
|
|
|
|
|
|
This patch introduces
struct stat_ex {
dev_t st_ex_dev;
ino_t st_ex_ino;
mode_t st_ex_mode;
nlink_t st_ex_nlink;
uid_t st_ex_uid;
gid_t st_ex_gid;
dev_t st_ex_rdev;
off_t st_ex_size;
struct timespec st_ex_atime;
struct timespec st_ex_mtime;
struct timespec st_ex_ctime;
struct timespec st_ex_btime; /* birthtime */
blksize_t st_ex_blksize;
blkcnt_t st_ex_blocks;
};
typedef struct stat_ex SMB_STRUCT_STAT;
It is really large because due to the friendly libc headers playing macro
tricks with fields like st_ino, so I renamed them to st_ex_xxx.
Why this change? To support birthtime, we already have quite a few #ifdef's at
places where it does not really belong. With a stat struct that we control, we
can consolidate the nanosecond timestamps and the birthtime deep in the VFS
stat calls.
At this moment it is triggered by a request to support the birthtime field for
GPFS. GPFS does not extend the system level struct stat, but instead has a
separate call that gets us the additional information beyond posix. Without
being able to do that within the VFS stat calls, that support would have to be
scattered around the main smbd code.
It will very likely break all the onefs modules, but I think the changes will
be reasonably easy to do.
|
|
not reliable for winbindd users from foreign domains.
Jeremy.
|
|
owner (bug#2346)
The problem of bug #2346 remains for users exported by
winbindd, because create_token_from_username() just fakes
the token when the user is not in the local sam domain. This causes
user_in_group_sid() to give totally wrong results.
In uid_entry_in_group() we need to check if we already
have the full unix token in the current_user struct.
If so we should use the current_user unix token,
instead of doing a very complex user_in_group_sid()
which doesn't give reliable results anyway.
metze
|
|
Always add back the real original owner of the directory in the ACE List after
we steal its ACE for the Administrators group.
|
|
When adding arbitrary aces to an nt_ace_list we need to make sure we
are not actually adding a duplicate.
add_or_replace_ace() takes care of doing the right thing.
|
|
Jeremy.
|
|
|
|
the Windows ACL type and flags if "map acl inherit" is set.
Jeremy.
|
|
to ourselves unless that was passed in.
Jeremy.
|
|
ACLs.
If the chown succeeds then the ACL set should also. Ensure this is the case
(refactor some of this code to make it simpler to read also).
Jeremy.
|
|
Simo is completely correct. We should be doing the chown *first*, and fail the
ACL set if this fails. The long standing assumption I made when writing the
initial POSIX ACL code was that Windows didn't control who could chown a file
in the same was as POSIX. In POSIX only root can do this whereas I wasn't sure
who could do this in Windows at the time (I didn't understand the privilege
model). So the assumption was that setting the ACL was more important (early
tests showed many failed ACL set's due to inability to chown). But now we have
privileges in smbd, and we must always fail an ACL set when we can't chown
first. The key that Simo noticed is that the CREATOR_OWNER bits in the ACL
incoming are relative to the *new* owner, not the old one. This is why the old
user owner disappears on ACL set - their access was set via the USER_OBJ in the
creator POSIX ACL and when the ownership changes they lose their access.
Patch is simple - just ensure we do the chown first before evaluating the
incoming ACL re-read the owners. We already have code to do this it just wasn't
rigorously being applied.
Jeremy.
|
|
|
|
This replaces the is_dos_path bool with a more future-proof argument.
The next step is to plumb INTERNAL_OPEN_ONLY through this flag instead
of overridding the oplock_request.
|
|
SMB_VFS_CREATE_FILE
|
|
|
|
that will have to
be fixed another way.
Jeremy.
|
|
|
|
Jeremy.
|
|
module. Inheritance fails at the moment though.
Jeremy.
|
|
Jeremy.
|
|
on the way to get rid of chain_fsp
|
|
Goal is to remove the chain_fsp global variable
|
|
Jeremy.
|
|
ACLs.
Jeremy.
|
|
in fset_nt_acl().
Need to watch the build farm to make sure I haven't broken the AIX or Solaris ACL modules.
Jeremy.
|
|
using the parent security descriptor type and flags instead
of using the passed in SD.
Jeremy.
(This used to be commit 0d824d7188518aaa7b4e890885e6bc42e94397c5)
|
|
"acl group control"
parameter and make it only apply to owning group. Also added man page fix.
Jeremy.
(This used to be commit e98e080bad2c8b9f038a8f2dffcfeba1d5f392ce)
|
|
Without this the changed checks in can_delete_file_in_directory give DELETE
access where there is none. So we can end up granting the ntcreate&x preparing
the unlink where we should not, which leads to a NT_STATUS_ACCESS_DENIED at
close time later, which in turn does *not* give the access denied error message
in the Windows GUI.
can_delete_file_in_directory will grant access now by looking at the directory
permissions.
(This used to be commit 51b5364c2afb3a18df4bec2bc1624760ccc01676)
|
|
Did not measure it, but I think a single write is better than a read and a
conditional branch
(This used to be commit abe1bed665ad8d1dbf9177dcbb9344b25df9594c)
|
|
(This used to be commit 559180f7d30606d1999399d954ceedc798c669a4)
|
|
Jeremy.
(This used to be commit b739c7f1cdb2b19a380b06681b00dcf490d788a9)
|