Age | Commit message (Collapse) | Author | Files | Lines |
|
Simo is completely correct. We should be doing the chown *first*, and fail the
ACL set if this fails. The long standing assumption I made when writing the
initial POSIX ACL code was that Windows didn't control who could chown a file
in the same was as POSIX. In POSIX only root can do this whereas I wasn't sure
who could do this in Windows at the time (I didn't understand the privilege
model). So the assumption was that setting the ACL was more important (early
tests showed many failed ACL set's due to inability to chown). But now we have
privileges in smbd, and we must always fail an ACL set when we can't chown
first. The key that Simo noticed is that the CREATOR_OWNER bits in the ACL
incoming are relative to the *new* owner, not the old one. This is why the old
user owner disappears on ACL set - their access was set via the USER_OBJ in the
creator POSIX ACL and when the ownership changes they lose their access.
Patch is simple - just ensure we do the chown first before evaluating the
incoming ACL re-read the owners. We already have code to do this it just wasn't
rigorously being applied.
Jeremy.
|
|
triggered now
metze
|
|
This converts the irix oplocks code to use a fd event
and removes the last special case for file descriptors
for the main sys_select().
metze
|
|
And always setup the fd events.
metze
|
|
|
|
|
|
np_open/read/write don't have to know about files_struct
|
|
This is a hack to fix races which happen with the RAW-RENAME and RAW-OPLOCK
tests. We should try to remove it later.
metze
|
|
We need to use CTDB_CONTROL_TCP_CLIENT instead of CTDB_CONTROL_TCP_ADD.
CTDB_CONTROL_TCP_CLIENT has support for 2 modes in newer ctdb versions:
- with struct ctdb_control_tcp it only supports ipv4.
- with struct ctdb_control_tcp_addr it supports ipv4 and ipv6.
You need new header files which defines struct ctdb_control_tcp_addr,
but at runtime it should be fine to work against older
ctdb versions (<= 1.0.68).
metze
|
|
|
|
|
|
This the global variable "orig_inbuf" in the old chain_reply code. This global
variable was one of the reasons why we had the silly restriction to not allow
async requests within a request chain.
|
|
Michael
|
|
version.h changes rather frequently. Since it is included via includes.h,
this means each C file will be a cache miss. This applies to the following
situations:
* When building a new package with a new Samba version
* building in a git branch after calling mkversion.sh
after a new commit (i.e. virtually always)
This patch improves the situation in the following way:
* remove inlude "version.h" from includes.h
* Use samba_version_string() instead of SAMBA_VERSION_STRING
in files that use no other macro from version.h instead of
SAMBA_VERSION_STRING.
* explicitly include "version.h" in those files that use more
macros from "version.h" than just SAMBA_VERSION_STRING.
Michael
|
|
Jeremy.
|
|
we might have to handle a short send by filling with zeros.
Jeremy.
|
|
Jeremy.
|
|
It is possible for a posix file created locally or over nfs to have a
":" in the name. Since ":" is a reserved character in windows,
filenames containing a colon must be mangled in a directory listing.
Right now files containing colons will not even be displayed in
directory listings if streams modules are in use. During the
directory listing the file will be detected as a stream because of the
colon, but the streams module will fail to find the stream since it
doesn't exist. This fix adds a step to is_ntfs_stream_name that stats
the filename to differentiate between actual streams and files
containing colons.
While this is an improvement, it isn't perfect. Consider the case
where there is a file on disk called "a.txt:s1" and also a file called
"a.txt" that has a stream called "s1". This patch will always
preference "a.txt:s1" over a.txt's s1 stream.
The real issue is that at the vfs level, the vfs modules have no way
to tell between a demangled name with a colon and an actual stream. A
more invasive, but better, long-term fix would be to add all paths
that come over the wire into a struct containing metadata about the
path. This metadata could include a flag to indicate whether the path
came over the wire with a colon ":" (guaranteeing that the client is
requesting a stream). Passing this struct down to the lower levels,
including all path-based vfs calls, would allow the above case to be
handled correctly in all cases.
|
|
|
|
|
|
The new create disposition test in smbtorture RAW-STREAMS verifies
this fix.
|
|
|
|
We use a fd event and receive incoming smb requests
when the fd becomes readable. It's not completely
nonblocking yet, but it should behave like the old code.
We use timed events to trigger retries for deferred open calls.
metze
|
|
struct smbd_dmapi_context *dmapi_ctx;
is in globals.c
metze
|
|
|
|
The goal is to move all this variables into a big context structure.
metze
|
|
metze
|
|
open_sockets_smbd() is only called once.
metze
|
|
metze
|
|
metze
|
|
We always free the value at the end of the function,
so we don't need a static variable to hold just NULL
for the time the function isn't executed.
metze
|
|
const char *foo, means a non-const pointer to
a const char.
const char * const foo, means a const pointer to
a const char.
char * const foo, would mean a const pointer to
a non-const char.
metze
|
|
const char *foo, means a non-const pointer to
a const char.
const char * const foo, means a const pointer to
a const char.
char * const foo, would mean a const pointer to
a non-const char.
metze
|
|
const char *foo, means a non-const pointer to
a const char.
const char * const foo, means a const pointer to
a const char.
char * const foo, would mean a const pointer to
a non-const char.
metze
|
|
We call magic_char = lp_magicchar(p) each time it's used.
metze
|
|
metze
|
|
metze
|
|
metze
|
|
Jeremy.
|
|
monyo@samba.gr.jp.
Jeremy.
|
|
Jeremy.
|
|
|
|
|
|
metze
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
This only applies to a setup with "registry shares = yes"
Michael
(cherry picked from commit 288fa94ac7cfdf7457b5098c33fc840bed3d5410)
(cherry picked from commit e85526b184e66f86b7faa9d0a37288a09c12c19e)
|
|
The test_streams_rename2 test in RAW-STREAMS verifies these changes
|
|
|
|
Jeremy.
|