smbd: maintain veto_list and hide_list in the vuid cache

Prepares for adding per-user support to both options. I don't think it makes
sense also adding per-user support to "veto oplock files" and "aio write behind"
so I'm ignoring those.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source3/include/vfs.h b/source3/include/vfs.h
index a0974a49d49082aebf8c195c1fb7878a15609e3c..374d7e03c33aa40c8c2e3254bca8fb2139409d0d 100644 (file)
--- a/source3/include/vfs.h
+++ b/source3/include/vfs.h
@@ -692,6 +692,8 @@ typedef struct files_struct {
 
 struct vuid_cache_entry {
        struct auth_session_info *session_info;
+       struct name_compare_entry *hide_list;
+       struct name_compare_entry *veto_list;
        uint64_t vuid; /* SMB2 compat */
        bool read_only;
        uint32_t share_access;

diff --git a/source3/smbd/conn.c b/source3/smbd/conn.c
index cb3c798084d44bb2db5c00ac0ea1959321ae04b1..4e7e1ce012765de4fea89d87955cc789930ee37e 100644 (file)
--- a/source3/smbd/conn.c
+++ b/source3/smbd/conn.c
@@ -208,6 +208,8 @@ static void conn_clear_vuid_cache(connection_struct *conn, uint64_t vuid)
        }
        ent->read_only = False;
        ent->share_access = 0;
+       TALLOC_FREE(ent->veto_list);
+       TALLOC_FREE(ent->hide_list);
 }
 
 /****************************************************************************

diff --git a/source3/smbd/smb2_service.c b/source3/smbd/smb2_service.c
index f832008a698b78e9c294dfec4795c2751b606730..9e0065ea900130f5a088135bef686fcf3d61818b 100644 (file)
--- a/source3/smbd/smb2_service.c
+++ b/source3/smbd/smb2_service.c
@@ -759,12 +759,6 @@ NTSTATUS make_connection_snum(struct smbXsrv_connection *xconn,
                set_namearray(conn,
                              lp_aio_write_behind(talloc_tos(), lp_sub, snum),
                              &conn->aio_write_behind_list);
-               set_namearray(conn,
-                             lp_veto_oplock_files(talloc_tos(), lp_sub, snum),
-                             &conn->veto_oplock_list);
-               set_namearray(conn,
-                             lp_aio_write_behind(talloc_tos(), lp_sub, snum),
-                             &conn->aio_write_behind_list);
        }
        smb_fname_cpath = synthetic_smb_fname(talloc_tos(),
                                        conn->connectpath,

diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index a759ad022264427e6590c4fb492cb8cfe52d0864..b93818e02d4424bb55f1a53bb69b36dcedd248d4 100644 (file)
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -186,6 +186,8 @@ static bool check_user_ok(connection_struct *conn,
                        const struct auth_session_info *session_info,
                        int snum)
 {
+       const struct loadparm_substitution *lp_sub =
+               loadparm_s3_global_substitution();
        unsigned int i;
        bool readonly_share = false;
        bool admin_user = false;
@@ -208,6 +210,8 @@ static bool check_user_ok(connection_struct *conn,
                        conn->read_only = ent->read_only;
                        conn->share_access = ent->share_access;
                        conn->vuid = ent->vuid;
+                       conn->veto_list = ent->veto_list;
+                       conn->hide_list = ent->hide_list;
                        return(True);
                }
        }
@@ -231,6 +235,8 @@ static bool check_user_ok(connection_struct *conn,
                (conn->vuid_cache->next_entry + 1) % VUID_CACHE_SIZE;
 
        TALLOC_FREE(ent->session_info);
+       TALLOC_FREE(ent->veto_list);
+       TALLOC_FREE(ent->hide_list);
 
        /*
         * If force_user was set, all session_info's are based on the same
@@ -262,8 +268,21 @@ static bool check_user_ok(connection_struct *conn,
        ent->vuid = vuid;
        ent->read_only = readonly_share;
        ent->share_access = share_access;
+
+       /* Add veto/hide lists */
+       if (!IS_IPC(conn) && !IS_PRINT(conn)) {
+               set_namearray(conn,
+                             lp_veto_files(talloc_tos(), lp_sub, snum),
+                             &ent->veto_list);
+               set_namearray(conn,
+                             lp_hide_files(talloc_tos(), lp_sub, snum),
+                             &ent->hide_list);
+       }
+
        free_conn_state_if_unused(conn);
        conn->session_info = ent->session_info;
+       conn->veto_list = ent->veto_list;
+       conn->hide_list = ent->hide_list;
        conn->vuid = ent->vuid;
        if (vuid == UID_FIELD_INVALID) {
                /*