Ralph Boehme [Fri, 29 Jul 2022 12:56:41 +0000 (14:56 +0200)]
smbd: ignore request to set the SPARSE attribute on streams
As per MS-FSA 2.1.1.5 this is a per stream attribute, but our backends don't
support it in a consistent way, therefor just pretend success and ignore the
request.
Ralph Boehme [Wed, 27 Jul 2022 11:37:32 +0000 (13:37 +0200)]
CI: add a test trying to delete a stream on a pathref ("stat open") handle
When using vfs_streams_xattr, for a pathref handle of a stream the system fd
will be a fake fd created by pipe() in vfs_fake_fd().
For the following callchain we wrongly pass a stream fsp to
SMB_VFS_FGET_NT_ACL():
SMB_VFS_CREATE_FILE(..., "file:stream", ...)
=> open_file():
if (open_fd):
-> taking the else branch:
-> smbd_check_access_rights_fsp(stream_fsp)
-> SMB_VFS_FGET_NT_ACL(stream_fsp)
This is obviously wrong and can lead to strange permission errors when using
vfs_acl_xattr:
in vfs_acl_xattr we will try to read the stored ACL by calling
fgetxattr(fake-fd) which of course faild with EBADF. Now unfortunately the
vfs_acl_xattr code ignores the specific error and handles this as if there was
no ACL stored and subsequently runs the code to synthesize a default ACL
according to the setting of "acl:default acl style".
As the correct access check for streams has already been carried out by calling
check_base_file_access() from create_file_unixpath(), the above problem is not
a security issue: it can only lead to "decreased" permissions resulting in
unexpected ACCESS_DENIED errors.
The fix is obviously going to be calling
smbd_check_access_rights_fsp(stream_fsp->base_fsp).
This test verifies that deleting a file works when the stored NT ACL grants
DELETE_FILE while the basic POSIX permissions (used in the acl_xattr fallback
code) do not.
Allows passing on "user." xattr to the backend. This can be useful for testing
specific aspects of operation on streams when "streams_xattr" is configured as
stream filesystem backend.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Wed Aug 10 14:14:04 UTC 2022 on sn-devel-184
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Wed Aug 10 10:21:48 UTC 2022 on sn-devel-184
Volker Lendecke [Tue, 9 Aug 2022 10:42:05 +0000 (12:42 +0200)]
smbstatus: Fix the 32-bit build on FreeBSD
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 9 20:04:26 UTC 2022 on sn-devel-184
s3:passdb: Remove unused function secrets_fetch_trust_account_password()
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Aug 8 19:03:08 UTC 2022 on sn-devel-184
Jule Anger [Fri, 5 Aug 2022 11:05:26 +0000 (13:05 +0200)]
smbstatus: add a method to add profile items to json
The method changes the json item of a given traverse_state.
The root dictionary contains for each section a dictionary, which has
a dictionary for each subsection.
Signed-off-by: Jule Anger <janger@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Thu, 24 Mar 2022 14:46:50 +0000 (15:46 +0100)]
smbstatus: add JSON support for smbstatus
Adds the option --json for all informations except the profiling.
With --json sets the json_output variable to true, so that the json dictionary
can be created and printed.
Signed-off-by: Jule Anger <janger@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Mon, 1 Aug 2022 09:19:37 +0000 (11:19 +0200)]
smbstatus: add a notifies dictionary
Adds an empty json dictionary under the key "notifies" and adds foreach
notify a dictionary with information to the notify dictionary. Uses the
pid as key.
Only print to stdout, if json_output is not set.
Signed-off-by: Jule Anger <janger@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Thu, 31 Mar 2022 08:31:31 +0000 (10:31 +0200)]
smbstatus: add locks to byte-range locked files in json output
At the moment, there is only information about the byte-range locked files.
Adds a list of its locks for each file. An open is represented as
a dictionary. Contains all information (pid, dev_inode, read_write, start
and size) about the lock.
Signed-off-by: Jule Anger <janger@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Thu, 31 Mar 2022 08:30:30 +0000 (10:30 +0200)]
smbstatus: add a basic byte-range locks dictionary
Adds an empty json dictionary under the key "byte_range_locks"
and adds foreach locked file a dictionary with information
(path and filename) to the byte-range locks dictionary.
Only print to stdout, if json_output is not set.
Signed-off-by: Jule Anger <janger@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Mon, 1 Aug 2022 10:02:15 +0000 (12:02 +0200)]
smbstatus: add general caching information about open files to json output
Adds a dictionary named "caching" to a opens dictionary.
Represents both oplock and leases caching. The dictionary contains a
boolean for each type (READE, WRITE and HANDLE), the hex value and a string
representation.
If no oplocks are used, the dictionary is left empty.
Signed-off-by: Jule Anger <janger@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Wed, 30 Mar 2022 15:05:02 +0000 (17:05 +0200)]
smbstatus: add lease information about open files to json output
Adds a dictionary named "lease" to a opens dictionary.
If leases are used, the dictionary contains a boolean for each type
(READE, WRITE and HANDLE or UNKNOWN) and a string representation of
the lease. Otherwise the dict is left empty.
Signed-off-by: Jule Anger <janger@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Wed, 30 Mar 2022 13:40:56 +0000 (15:40 +0200)]
smbstatus: add oplock information about open files to json output
Adds a dictionary named "oplock" to a opens dictionary.
Contains a string representation and booleans for each oplock type
(EXCLUSIVE, BATCH, LEVEL_II, LEASE).
Signed-off-by: Jule Anger <janger@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Wed, 30 Mar 2022 13:36:13 +0000 (15:36 +0200)]
smbstatus: add opens to files in json output
At the moment, there is only information about the open files.
Adds a list of its opens for each file. An open is represented as
a dictionary. Contains only the basic information (pid, uid and
time) about the open.
Signed-off-by: Jule Anger <janger@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Wed, 30 Mar 2022 13:11:11 +0000 (15:11 +0200)]
smbstatus: add a basic dictionary with open files
Adds an empty json dictionary under the key "open_files" and adds foreach
locked file a dictionary with information (path, filename and pending
deletes) to the locked files dictionary. Uses path and filename as key.
Only print to stdout, if json_output is not set.
Signed-off-by: Jule Anger <janger@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Thu, 24 Mar 2022 13:09:35 +0000 (14:09 +0100)]
smbstatus: add a sessions dictionary
Adds an empty json dictionary under the key "sessions" and adds foreach
session a dictionary with information to the session dictionary. Uses the
session_id as key.
uid_str and gid_str are needed because both receive their own JSON field.
Only print to stdout, if json_output is not set.
Signed-off-by: Jule Anger <janger@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
conn_tdb: change type of connections_data.start to NTTIME
connections_data.start previously had the type time_t, but time_t
only had a precision for seconds. NTTIME has a higer precision,
which is useful for debugging.
Signed-off-by: Jule Anger <janger@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Mon, 9 May 2022 10:09:18 +0000 (12:09 +0200)]
smbstatus: delete wrong EXCLUSIVE+BATCH oplock
It is not possible to have an EXCLUSIVE+BATCH oplock, because a BATCH
oplock includes an EXCLUSIVE oplock. Therefore, an EXCLUSIVE+BATCH-Oplock
and a BATCH-Oplock are the same thing.
Signed-off-by: Jule Anger <janger@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
projects / thirdparty / samba.git / log
