Tim Prouty [Sun, 7 Dec 2008 00:08:35 +0000 (16:08 -0800)]
Fix a delete on close divergence from windows [2/2]
This second patch cleans up by removing all of the code that is made
obsolete by the first patch. It should cause no functional changes.
(cherry picked from commit c39c35f3e67a726c6464c1497e46fe7a2eb3dc77)
Tim Prouty [Sun, 7 Dec 2008 18:30:01 +0000 (10:30 -0800)]
Fix a delete on close divergence from windows [1/2]
smbtorture4's BASE-DELETE:deltest17 was failing against win2k8,
win2k3, and winXPsp2 but passing against samba.
deltest17 does the following:
1. open file -> file is created
2. closes file
3. open file with DOC -> fnum1
4. check that DOC is not reported as being set from fnum1
5. opens file again Read Only -> fnum2
6. check that DOC is not reported as being set from either file handle
7. close fnum1 (the file handle that requested DOC to be set)
8. check if DOC is reported as being set from fnum2
* This is where windows and samba begin to diverge. Windows
reports that the DOC bit is set, while samba reports that it is not set.
9. close fnum2 (the last remaining open handle for the file)
10.See if the file has been deleted.
* On samba the file still exists. On windows the file was deleted.
The way open_file_ntcreate is written now, if an open has the DOC bit
set on the wire, DOC (fsp->initial_delete_on_close) is not set unless:
a. the open creates the file, or b. there is an open file handle with
a share_entry in the struct lck that has the
SHARE_MODE_ALLOW_INITIAL_DELETE_ON_CLOSE bit set (let's call it
SM_AIDOC).
My understanding of SM_AIDOC is that it was added to differentiate
between DOC being set on an open that creates a file vs an open that
opens an existing. As described in step 8/10 above, it appears that
windows does not make this differentiation.
To resolve this issue there are two patches. This first patch is a
simple proof of concept change that is sufficient to fix the bug. It
removes the differentiation in open_file_ntcreate, and updates
deltest17 to allow it to pass against win2k3/xp. This makes
open_file_ntcreate more closely match the semantics in open_directory
and rename_internals_fsp. This change also does not break any other
tests in BASE-DELETE or "make test". Specifically test deltest20b
which verifies the CIFSFS rename DOC semantics still passes :).
(cherry picked from commit 69a2b8ea06bf65109ed8a44df38e62bcbac7c4a9)
Volker Lendecke [Fri, 5 Dec 2008 21:17:49 +0000 (13:17 -0800)]
Fix for crash bug freeing a non-malloc'ed buffer if the client sends a non-encrypted packet with the crypto state set.
(cherry picked from commit 8b49bf06e252b3c37ba910f8b887f48232eb1a9b)
Steve French [Fri, 5 Dec 2008 14:33:39 +0000 (08:33 -0600)]
mount.cifs: if mount user not specified use USER environment variable
smbfs also would use the USER environment variable if the user was not
specified on the mount command and no credential file specified, and
mount.cifs man page says that we will use this environment variable
(in most cases this will not cause a behavior change, because
we were doing getuid of the current process which will usually be
the same name).
Jeremy Allison [Thu, 4 Dec 2008 19:12:01 +0000 (11:12 -0800)]
Fix bug #1254 - write list not working under share-level security
A somewhat more elegant fix than I could use for 3.2.x or 3.0.x.
Turns out the only part of check_user_ok() that needs to change
for share level security is the VUID cache pieces, so I can just
always use check_user_ok() for all lp_security() cases.
Jeremy
(cherry picked from commit a808c53ec938a6aeb9f9ddc6a5a02273c7bfdcc9)
libwbclient: avoid usage talloc_init() in library code
talloc_init() is a compat function for the old samba3
non-hierachical talloc implementation. It enables
the talloc null tracking which should never be done
by library code.
Kai Blin [Wed, 3 Dec 2008 00:08:49 +0000 (16:08 -0800)]
configure.in: Fix smbtorture_s3 tests.
Seems like Jeremy forgot to fix configure.in when importing d448132 to master
in 8d674e35. Generate the vfs_streams_depot module so make test works again.
(cherry picked from commit 56a7b902765b5b4bf76d95c4e6e66ad89920a7bf)
Steven Danneman [Mon, 1 Dec 2008 19:12:59 +0000 (11:12 -0800)]
Set PRESENT flag when returning NULL [SD]ACL like Windows does.
This could also be handled inside each ACL VFS module, by setting the PRESENT
flag when a NULL [SD]ACL is created.
(cherry picked from commit efaac8049e43279266b5ea35dab8a866a96205b4)
Michael Adam [Mon, 1 Dec 2008 01:01:44 +0000 (02:01 +0100)]
winbindd/nss_info: fix default backend handling for ad backends.
This fixes "winbind nss info = rfc2307" (or sfu or sfu20).
Originally, only explicitly configured domains (like "rfc2307:domain")
worked with the ad module, since the domain name was not passed
backe to the module. This is fixed by recording the first backend
listed without domain in the "winbind nss info" parameter as the
default backend, and creating new nss_domain entries (using this default
backend) on the fly as requests for domains which are not explicitly
configured are encountered.
Michael Adam [Wed, 26 Nov 2008 22:09:49 +0000 (23:09 +0100)]
winbindd/idmap_ad: add support for trusted domains to idmap_ad (bug #3661)
This initial fix does at least work for explicitly configured domains.
The patch has a few disadvantages:
1. It does work only for explicitly configured domains, not with
the default backend (idmap backend = ad), since it relies on the
domain name being passed in via the idmap_domain. One workaround
for this would be to create clones of the default idmap_domain
for domains not explicitly configured.
2. It calls find_domain_from_name_noinit() from idmap_ad_cached_connection.
The problem here is that only the NetBIOS domain name (workgroup
name) is passed in via the idmap_domain struct, and the module
has to establish a connection to the domain based on that information.
find_domain_from_name_noinit() has the disadvantage that it uses the state
of the domain list at fork time (unless used from the main winbindd).
But this should be ok as long as the primary domain was reachable at
start time.
For nss_info, the situation is similar - This will only work for domains
explicitly configured in smb.conf as follows:
"winbind nss info = rfc2307:dom1 sfu:dom2 rfc2307:dom3 template:dom4"
Setting the default nss info to one of the ad backends (rfc2307, sfu, sfu20)
will fail since the domain name is not passed in with the nss_domain_entry.
Dan Sledz [Mon, 17 Nov 2008 01:40:03 +0000 (17:40 -0800)]
[PATCH] Allow SYSLOG_FACILITY to be modified with a new configure option called --with-syslog-facility
(cherry picked from commit 9e74113ecdad2df46b3a77d195e37a38c7e77d3d)
Jeremy Allison [Mon, 24 Nov 2008 23:28:53 +0000 (15:28 -0800)]
Fix bug #5873 - ACL inheritance cannot be broken. This regresses #4308, but that will have to
be fixed another way.
Jeremy.
(cherry picked from commit fa7a8f051debefa4e061b167a6906785d90deada)
If no DACL/SACL is present in the packet, the SEC_INFO field should still be
passed down as is to the VFS layer to signal the creation of a NULL DACL/SACL.
As seen in metze RAW-ACL test_nttrans_create_null_dacl(), a NULL DACL is set
regardless of the SEC_DESC_DACL_PRESENT bit being set.
(cherry picked from commit fc064837fbf84726ad66b16ef6e1f8c67d47a1fe)
Mathias Dietz [Wed, 12 Nov 2008 13:32:45 +0000 (14:32 +0100)]
Search for gpfs functions in both libgpfs_gpl.so an libgpfs.so
As of GPFS 3.2.1 PTF8 libgpfs will be available as GPL, so we don't need the
special libgpfs_gpl lib anymore. For backwards compatibility with pre-PTF8 GPFS
installations, still look there.
(cherry picked from commit 61468186cece7370576a2d13992f9a523067e4be)
Jeremy Allison [Sat, 22 Nov 2008 06:46:37 +0000 (22:46 -0800)]
Revert f268d75f5ed1258b08c5571780ea3be6724daed4 - "Fix the logic bug that caused us to
run into kernel oplocks on an open for a stream inside a file with stream_xattr module. On
opening the base_fsp we must break existing oplocks." as it broke make test.
Jeremy
(cherry picked from commit 11c4962cf6b6e6f66f5ce5788b331d43bd743248)
projects / thirdparty / samba.git / log
