Ralph Boehme [Thu, 17 Dec 2020 11:41:29 +0000 (12:41 +0100)]
smbd: remove fd_close() from open_directory()
fd_close() was accidentally added twice by d00d09fdcf73a5839ae4f82cf8e953bb761bfbfb. If it would have been removed by 5770cdd7635a018817418f58bd37268aedebd6a9 that adds the reopen_from_procfd()
optimisation, all would be fine. But fd_close() still being called before
reopen_from_procfd() means we're closing the pathref fd prevening the
optimisation.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Wed, 16 Dec 2020 23:44:41 +0000 (15:44 -0800)]
smbd: On error exit in create_file_unixpath(), we can't call close_file() on uncompleted opens.
We can't call directly into close_file(), as that cannot deal
with regular file and directory opens where fsp->fsp_flags.is_fsa
hasn't been set to true (uncompleted opens).
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
This option can be used to make use of the change notify privilege.
By default notify results are not checked against the file system
permissions.
If "honor change notify privilege" is enabled, a user will only
receive notify results, if he has change notify privilege or sufficient
file system permissions. If a user has the change notify privilege, he
will receive all requested notify results, even if the user does not
have the permissions on the file system.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Dec 17 15:01:53 UTC 2020 on sn-devel-184
Björn Baumbach [Mon, 20 Jul 2020 14:49:39 +0000 (16:49 +0200)]
python/tests: add tests for smb notify and the dependency to the TRAVERSE privilege
The easiest way to run this against Windows was to use a domain
controller and configure an enforce group policy and grant the
"Bypass Traverse Checking" only to the "BUILTIN\Administrators" group.
(Note that "LOCAL SERVICE" and "NETWORK SERVICE" are always added in
the local security policy.
libsmb_samba_internal: calculate the access_mask for {g,s}et_acl() based on the secinfo flags
SEC_FLAG_MAXIMUM_ALLOWED will never result in SEC_FLAG_SYSTEM_SECURITY
being granted. As SECINFO_SACL is part of the default secinfo value
(SECINFO_DEFAULT_FLAGS), {g,s}et_acl() will always return
NT_STATUS_ACCESS_DENIED by default.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
libsmb_samba_internal: don't send SECINFO_[UN]PROTECTED_{S,D}ACL by default
We want to get the default behavior.
It's also pointless to set PROTECTED and UNPROTECTED at the same time.
These are defined in MS-DTYP 2.4.7 SECURITY_INFORMATION with a brief
description, but they aren't referenced in anywhere in MS-DTYP itself,
nor in MS-FSA are any other document.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
changes = notify_req.get_changes(wait=False)
# changes is likely to be None if no result arrived yet
# ... do other operations on conn.*() ...
changes = notify_req.get_changes(wait=True)
# changes is a list of change dictionaries
# each containing "name" (a string) and
# "action" (an integer, e.g. libsmb.NOTIFY_ACTION_REMOVED)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
This is useful in order to test async requests
tevent_queue_wait_send/recv() can be used to block
the queue between requests or wait for the queue to be flushed.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Gary Lockyer [Tue, 15 Dec 2020 21:56:22 +0000 (10:56 +1300)]
pep8 tidy up config
Enable the following warnings:
E126: continuation line over-indented for hanging indent
E131: continuation line unaligned for hanging indent
E203: whitespace before ':'
E221: multiple spaces before operator
E501: line too long
E722: do not use bare 'except'
These were originally chosen so that as much of the existing samba code
passed. With the intention of integrating PEP8 checking into build
process. But the PEP8 output does not integrate into the known fail
mechanism, so this approach was abandoned.
setup.cfg is the default PEP8 config file having these exceptions
enabled means that new code can be added with those issues. Also tools
like pyls (python language server) use setup.cfg.
Disable the following warnings:
E402: module level import not at top of file
Samba has a significant amount of code setting
sys.path.insert(0, "bin/python")
W503: Line break before binary operator
We need to have a preference, and PEP8 expresses a weak preference
for disabling 503
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Dec 17 00:54:51 UTC 2020 on sn-devel-184
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Dec 16 13:56:49 UTC 2020 on sn-devel-184
wafsamba: move clang_compilation_database usage behind an --enable-clangdb option
Writing bin/default/compile_commands.json doubles the total time used
for a noop build. That price should only be paid if someone wants to
use it actually.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Jeremy Allison [Mon, 14 Dec 2020 20:15:48 +0000 (12:15 -0800)]
smbd: Remove the smb_fname parameter from set_ea().
We know we must have a valid fsp.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Dec 16 10:15:11 UTC 2020 on sn-devel-184
Jeremy Allison [Mon, 14 Dec 2020 20:07:48 +0000 (12:07 -0800)]
smbd: smb_info_set_ea() can only get fsp==NULL in POSIX mode accessing a symlink.
Ensure this is the case and force-return NT_STATUS_ACCESS_DENIED here.
Remove any race condition if anyone modifies the symlink whilst the
operation is in process.
This now allows us to require a valid fsp for operations on EAs.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Now that handle based fdos_mode() is used everywhere we can be sure that we're
also always getting a handle in SMB_VFS_GET_COMPRESSION() so we can now safely
remove the path parameter. :)
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 30 Oct 2020 14:38:22 +0000 (15:38 +0100)]
smbd: call rename_open_files() a bit earlier in rename_internals_fsp()
This prepares for using handle based SMB_VFS_FSTAT() and fdos_mode() a few lines
below. As some VFS modules will use the fsp->fsp_name we have to make sure to
rename it first.
Fwiw, notify_rename() is moved as well as it needs to original name in
fsp->fsp_name.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 19 Oct 2020 13:44:29 +0000 (15:44 +0200)]
smbd: add fdos_mode()
Note that this continues using the braindead dual path/handle based API mistake,
but only in order to reuse the util functions and because this is an
intermediate step to support transitioning to an all handle based flow.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 20 Oct 2020 19:59:35 +0000 (21:59 +0200)]
vfs_gpfs: fix bogus compiler warning
The next commit adds the first call inside Samba to the VFS function
SMB_VFS_FGET_DOS_ATTRIBUTES() and therefor also to
vfs_gpfs_fget_dos_attributes(). No idea why gcc is generating this warning:
[4127/4716] Compiling source3/modules/vfs_aio_fork.c
../../source3/modules/vfs_gpfs.c: In function ‘vfs_gpfs_fget_dos_attributes’:
../../source3/modules/vfs_gpfs.c:1728:2: error: ‘file_id’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
1728 | update_stat_ex_file_id(&fsp->fsp_name->st, file_id);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated due to -Wfatal-errors.
cc1: all warnings being treated as errors
This change fixes the error.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 28 Oct 2020 11:24:14 +0000 (12:24 +0100)]
smbd: use fsp in smb_set_file_time()
Ensure we have a valid fsp whos name we pass to file_ntimes(). Remember,
file_ntimes() by default ends up calling SMB_VFS_GET_DOS_ATTRIBUTES() under the
hood in order to get/set the creation date.
As any fsp->fsp_name contains a backpointer to the fsp ie
fsp->fsp_name->fsp == fsp
passing set_fsp->fsp_name to file_ntimes() allows replacing the path based
SMB_VFS_GET_DOS_ATTRIBUTES() with SMB_VFS_FGET_DOS_ATTRIBUTES() under the hoods.
Also use the base_fsp->fsp_name for the base name in case of setting the
timestamps on a stream.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 17 Nov 2020 11:11:13 +0000 (12:11 +0100)]
smbd: check for non FSA fsps in smb_file_rename_information()
If the fsp is a non FSA fsp created by openat_pathref_fsp(), we can't pass it to
rename_internals_fsp(). We have to go via rename_internals() which internally
uses SMB_VFS_CREATE_FILE() to open an fsp which ensure we go through the lease
checking code.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
projects / thirdparty / samba.git / log
